Posts

Online Gamers Risk Credit Card Fraud

The Sony Corporation has been providing consumers with stellar electronics since before the introduction of the Walkman. The past six months have been harsher for Sony, with attacks by hacktivists and numerous breaches of clients’ data.

Many recent breaches involved usernames, passwords, email addresses, and in some cases, credit card numbers. Each compromised data point is another opportunity for a criminal to steal your identity and make money at the expense of your good name.

If a company becomes aware that usernames and passwords have been compromised, they should notify users and prompt them to change their passwords. Users should change passwords every six months, regardless of whether a breach has occurred. Passwords should include upper and lowercase letters and numbers, and should not be used across two or more accounts. I have 700 different accounts and 700 different passwords.

Beware of spear phishing emails. When hackers get your email address from a breached gaming account, they will send emails that look like they are coming from the company that has been breached. Never click on links within an email. Instead, go to your favorites menu or manually type the correct address in the address bar.

Pay close attention to credit card accounts. I monitor my accounts weekly for all activity. Simply log in, look at each charge, and refute unauthorized charges immediately. A new free service called BillGuard scans your credit cards daily and alerts you to hidden fees, billing errors, forgotten subscriptions, scams, and fraud.

If you have provided a credit card number to your child for online gaming, beware of purchases they may make that you have previously approved. Many gaming sites try to upsell their users, and will charge the credit card on file. Spend some time with your child discussing appropriate online behavior, and look for parental controls that will send you email alerts when your child makes a purchase.

McAfee, the most trusted name in digital security, includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live agents who can help subscribers resolve identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

 

What Identity Theft Protection Is and Is Not

To all you security companies out there, listen up: “identity theft protection” has become an overused and abused marketing term, which is often used to sell a product or service that doesn’t actually protect users from identity theft. It’s like labeling food “natural” when we know it’s not “organic.” It’s incorrect at best and a lie at worst.

Every security company on the planet claims to protect identities. But a firewall is not identity theft protection. An encrypted thumb drive is not identity theft protection. Antivirus software is not identity theft protection. One could argue that phishing alerts count as identity theft protection, but not really. Do these tools protect your identity? Sort of.

A true identity theft protection service monitors your identity by checking your credit reports and scanning the Internet for your personal information. It looks out for your Social Security number, and if something goes wrong, an identity theft protection service has people who’ll work with you to resolve the problem.

I get an email every month confirming my identity’s health. This is what identity theft protection looks like:

“Dear Robert Siciliano,

No news is good news! Your credit reports from all three bureaus, Experian®, Equifax®, and TransUnion®, have been monitored daily for the past month. We’re pleased to let you know that there is no new activity reported. As a McAfee Identity Protection user, we’ll continue to monitor your credit report every day for your protection.

Remember, McAfee Identity Protection helps protect you from the financial loss and hassle associated with identity theft. Log in to your Protection Center and review your protection status any time. Just click here and enter the Username and Password you selected when you enrolled.

As always, you can get help from a dedicated Fraud Resolution agent if any suspicious activity should appear on any of your credit reports.

If you have any questions about McAfee Identity Protection, please call Customer Support at 1-866-622-3911.

Sincerely,

McAfee, Inc.”

That’s what identity theft protection is. Don’t get me started!

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

McAfee’s Most Unwanted Identity Theft Criminals

McAfee has created a tongue-in-cheek list of the most unwanted identity thieves, describing the various techniques thieves use to steal your information. It’s clever and, unfortunately, very real.

Pauly the Pickpocket & Sally Sticky Fingers work as a team to lift wallets and mobile devices from pockets and purses, often in broad daylight. Sally creates a distraction by dropping a shopping bag, crying for help, or stopping suddenly in your path, and then Pauly bumps into you from behind and picks your pocket.

To avoid having your pocket picked, keep your wallet in your front pocket, or keep your purse closed and hold it in front of you. Thin out your wallet and skip the backpack. Lock your cell phone with a password. And consider investing in McAfee’s Lost Wallet Protection service.

Trojan Sea Biscuit is a two-faced liar who sneaks malicious files into emails and hides viruses in PDFs and other downloadable files. He’s the champion ringleader in the ultimate identity theft derby of phishers, hackers, botmasters, and keyloggers.

To avoid a Trojan infiltration, use comprehensive security software, and be sure it’s set to update automatically. If a popup window prompts you to update software, hit escape or shut down the program. Go directly to the manufacturer’s website for the update.

Tim “The Skim” McCash is known for installing skimming devices and tiny cameras that can read your card data and PIN code. He targets ATMs at banks, concerts, arenas, convenience stores, and gas stations with the goal of draining your account of cash or credit before you or your bank recognizes the fraud.

To avoid having your credit or debit card data skimmed, use the same, familiar ATM whenever possible, and beware of ATMs with devices covering the card slot. Look for external devices like mirrors, brochure holders, or light bars that may hide a camera. Always cover the keypad with your other hand as you enter your PIN. And check your bank and credit card statements online at least once a week.

McAfee, the most trusted name in digital security includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Reporter’s Identity Stolen

It doesn’t matter if you are young or old, rich or poor, if you have good credit or bad credit, pay with cash or credit card, whether or not you use the Internet, or even own a computer. You can be a maintenance worker or a scientist. It doesn’t matter.

Whether you are alive or even if you are dead, as long as you have a Social Security number, you are a potential identity theft victim.

Reporters tend to be fairly savvy and well informed. Identity theft, however, is a complicated issue, and anyone can be stumped, regardless of your level of security intelligence.

One reporter received an alert about “irregular check card activity.” It was sent late one weeknight, and she didn’t see the email until the following night. At first, she couldn’t believe her bank account could have been compromised, and suspected it was a phishing email designed to trick her into disclosing her account information. But when she called her bank, she learned that nearly all her money had already been stolen.

“I soon discovered I was a victim of identity theft and that a woman posing as me in California was allowed to spend and withdraw all of my family’s money in two linked accounts from my bank, without stealing my debit or credit cards. She took more than $40,000.”

The thief used a fake driver’s license, which replaced the victim’s ID in the bank’s computer, signed documents with a signature that looked nothing like the victim’s, and gave the bank a new phone number and address. She took over and cleaned out two accounts, one of which was a checking account used for family expenses, and the other was an investment account.

After a great deal of stress and aggravation, the victim and her husband managed to get their stolen savings reimbursed by their bank. She still doesn’t know how the thief managed to steal her identity, or if she was ever caught.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee puts victims first and provides live access to fraud resolution agents who work with victims to help restore stolen identities, even from thefts that occurred prior to subscribing to McAfee’s service.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss scambaiting on Fox News. (Disclosures)

What Identity Theft Protection Looks Like

You hear a lot about identity theft protection these days. But what does it look like? I’ve subscribed to no less than six different services in the last decade.

Most of them make their presence felt in the form of a charge on your credit card statement, and that’s about it. One thing I like about McAfee is the fact that, when you get an alert, they’ll hold your hand through the process.

When a check was made on my credit file, I received the following message:

Dear Robert Siciliano,

As a McAfee Identity Protection member, you are receiving this automatic notification email because activity recently has been posted to your account through one or more of our industry leading services:

A. 3-Bureau Credit Monitoring

B. Internet Scanning, including chat rooms

C. Change of Address monitoring

Posted account activity doesn’t necessarily indicate identity theft. However, it can be an early indication of fraudulent activity. That’s why it’s important to always review any alerts you receive from us.

Please take the following steps immediately to examine this information and determine if this activity is authorized.

Check Your Alert – To view your complete alert report, please login here and click on “Unviewed Alerts.”

Verify The Activity – If you are aware of the change(s) and agree with the items on your alert, no action is needed on your part.

Contact Us – If you have any questions or concerns regarding your alert, including information you believe to be either inaccurate or fraudulent, please contact Customer Support immediately at 1-866-622-3911. For your convenience we are here for you daily from 6:00 AM – 6:00 PM (Pacific Time).

Remember, McAfee Identity Protection is with you every the step of the way. In the event you suspect identity theft, our dedicated Fraud Resolution Team will work closely with you to help you understand and investigate your alerts immediately.

Thank you for choosing McAfee Identity Protection to help protect your identity.

Sincerely,

McAfee, Inc.

This alert was triggered when a mortgage broker checked my credit report, with permission. I got this alert within a day of the credit check. When I logged into my McAfee account, I was able to see the actual credit check on McAfee’s dashboard.

Had the alert been triggered by anything other than a legitimate credit check, I would have called McAfee’s fraud resolution agents, who would have immediately begun a process of alerting any creditors to possible fraud. That’s comforting.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Lawmakers Push To Shield Last 4 Social Security Numbers

Most of us have become accustomed to giving out the last four digits of our Social Security numbers. But this customary request is becoming increasingly problematic, and two Rhode Island lawmakers are responding by pushing legislation to stop businesses from asking for the last four digits of customers’ Social Security numbers.

Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, including the first five digits, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. This, of course, makes the last four digits vulnerable.

NBC 10 Rhode Island reports, “The lawmakers say identity thieves can often determine an entire Social Security number from just a few digits. They called the bill ‘a seemingly small, but vitally important way for government to further protect its citizens from the financial and emotional devastation of identity theft.’”

The nine-digit Social Security number is composed of three parts. The first set of three digits is the Area Number. The second set of two digits is the Group Number. The final set of four digits is the Serial Number.

The Area Number is assigned by geographical region. Prior to 1972, when cards were issued in local Social Security offices around the country, the Area Number represented the State in which the card was issued, but not necessarily the applicant’s state of residence.

The Group Number ranges from 01 to 99, but numbers are not assigned in consecutive order. For administrative reasons, odd numbers from 01 through 09 are issued first, followed by even numbers from 10 through 98.

Serial Numbers run consecutively from 0001 through 9999.

This numbering scheme was designed in 1936, before the existence of computers, primarily for the purpose of tracking Social Security benefits. It was not designed to be used as a national identification number, as it arguably is used today. And once a criminal gets your Social Security number, he has extensive access to your identity.

To avoid becoming an identity theft victim, consider subscribing to an identity theft protection service that offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national identification on Fox News. (Disclosures)

102-Year-Old Woman’s Identity Stolen

How low can you go? In Virginia, a man has been accused of identity theft, forgery, and obtaining money by false pretenses.

The 25-year-old accused claims, “I know I’m not guilty of any of theses charges…The day that it aired people were calling me and texting me and asking me what have I done and I was like what are you talking about? I thought I was being pranked.”

He is, however, on probation for similar charges, but he swears that he’s no longer a criminal, though he was six years ago. Well, all right then, I guess he must be innocent!

According to detectives, in one scam he used counterfeit checks to make purchases at various stores, and then returned his purchases to different stores in exchange for cash.

One of his identity theft victims is a 102-year-old woman who recently graduated from the city’s citizen police academy, the oldest person ever to do so. “I don’t know how they got my identity,” she said.

How cool is she? But how difficult must it be to recover from identity theft at 102 years old?

Observing a few basic security precautions to protect your identity may help you avoid such a chore.

Consumers should also consider investing in an identity theft protection product that offer daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features, as well as live access to fraud resolution agents in the event that your identity is ever compromised.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike and Juliet. (Disclosures)

Twitter Scam Hooks Thousands

Twitter’s numbers are astounding. In the physical world, when communities become larger and more densely populated, crime rises. The same applies to online communities.

CNET broke down Twitter’s recent blog post, which celebrates their significant numbers: “It took three years, two months, and one day for Twitter to hit 1 billion tweets; now, a billion tweets are posted in the course of a week. An average of 460,000 new accounts were created per day over the past month, and an average of 140 million tweets were posted per day. Twitter now has 400 employees, 50 of whom have been hired since January.”

Spammers, scammers, and thieves are paying attention.

Techland reports, “At least 10,000 Twitter users fell for a scam that spread like wildfire across the social networking site early today. Quick action by link shortening service bit.ly – as well as thousands of people retweeting warnings – brought the scam attack under control in a few hours.”

Common Twitter scams include:

Hijacked Accounts: Numerous Twitter accounts have been hacked, including those of President Obama and, recently, Ashton Kutcher. Kutcher’s account was most likely “Firesheeped,” which can occur when a wireless device is used to access an unsecured site.


Social Media Identity Theft: Hundreds of imposter accounts are set up every day. Sarah Palin, St. Louis Cardinals coach Tony LaRussa, Kanye West, The Huffington Post, and many others have been impersonated by fake Twitter accounts opened in their names.

Worms: Twitter has been plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.

Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

Social media sites could go a long way in protecting their users by incorporating device reputation management. Rather than accepting information provided by an anonymous user, device reputation allows social sites to leverage knowledge about a device’s history—which could include spam, phishing attempts, predatory behavior, profile misrepresentation and even credit card fraud.  Device reputation alerts businesses to suspicious behavior exhibited while bad actors are on their websites, uncovers the device’s true location, and exposes hidden relationships to other high-risk accounts and devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media hacking on Fox Boston. (Disclosures)

Identity Theft Tops Consumer Complaints for Eleventh Year

The Federal Trade Commission recently released the list of the most common consumer complaints in 2010. Identity theft topped the list for the eleventh year in a row. The FTC received 1,339,265 in 2010, and 250,854, or 19%, involved identity theft. In second place, there were 144,159 debt collection complaints.

For the first time, “imposter scams,” in which imposters pose as friends, family, respected companies, or government agencies in order to persuade consumers to send money, made the top ten. The FTC has issued a new consumer alert to help consumers avoid imposter scams.

FTC spokeswoman Claudia Bourne Farrell commented, “Most people don’t know how their identity was stolen. If you lose your wallet on Monday and Tuesday someone starts using your cards, you have a pretty good educated guess. Otherwise you don’t. And how would you know if someone stole your identity on the Internet?”

More than half of complaints to the FTC involved some other type of fraud. 45% of those scams were initiated via email, including phishing emails. 11% of the scams originated from websites, and 19% were initiated over the phone.

Protect yourself from identity theft and other varieties of fraud by locking your mailbox to prevent stolen mail, storing sensitive paperwork in a locked file cabinet, and shredding any documents that include a name or account number before discarding them.

Protect your PC by installing antivirus and spyware removal software, and keeping your PC’s critical security patches updated.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (See McAfee’s guarantee for details.)

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Most Willing to Pay to Reduce Identity Theft Risk

When you compare the cost of various services, you begin to see how much your time is worth. For example, it would take most homeowners a significant chunk of nights and weekends to paint a house themselves, but a professional crew can get it done in a week, for a reasonable price.

Recovering from identity theft can take as little as an hour for some, or up to several hundred hours for others. For some, it takes a lifetime. The average identity theft victim loses anywhere from $2800.00 to $5100.00, which, coincidentally, happens to be roughly the cost of painting a house!

Nicole Piquero, one of the most distinguished female criminologists in the nation, according to The Journal of Criminal Justice Education, explains, “Identity theft, also known as ‘identity fraud,’ has affected between 5 and 25 percent of U.S. households. Because of our increasing reliance on technology, and given the resourcefulness of hard-to-catch identity thieves, it seems likely that most if not all of us will at some point be victims of this crime or know others that have been.”

Piquero and her spouse, Alex Piquero, who has made significant scholarly contributions to the field, conducted a study that “reveals that most individuals will agree to a small tax increase to support government-sponsored identity theft prevention efforts.”

Unfortunately, the government isn’t doing anything to protect you. Fortunately, McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)