Posts

Spyware A Major Identity Theft Threat

Spyware is sold legally in the United States. This software records chats, emails, browsing history, usernames, passwords, and basically everything a person does on that PC. Some spyware programs can record everything in a video file, which can then be accessed remotely.

This is all perfectly legal as long as the PC’s owner installs the software. It is illegal to install spyware on a computer that is not your own.

Spyware can be great if, for example, you want to monitor your twelve-year-old daughter who obsessively chats online, or your employees whose lack of productivity has you wondering if they’re watching YouTube all day.

Spyware also comes in the form of a virus, which essentially does the same thing. When you click a malicious link or install a program that is infected with malicious software, several different types of spyware can be installed as well.

Spyware can also take the form of a keylogger or keycatcher, a USB device similar to a USB flash drive, which can connect to a PC and piggyback the keyboard connection. Keycatchers have a made a splash in schools, where students plug them into the back of teachers’ PCs, trying to get test information ahead of time.

In England, two keyloggers were found plugged into public library computers. This would have allowed whoever planted the USB devices to access a record of activity on the compromised computers. “It’s unclear who placed the snooping devices on the machines but the likely purpose was to capture banking login credentials on the devices prior to their retrieval and use in banking fraud.”

Keep in mind that anyone with special access to a computer, including friends, family, and employees, poses the main threat. A cleaning person or security guard could always be paid to install spyware in order to record sensitive data.

Check your USB ports to make sure there are no mysterious devices attached to your PC. Prevent unauthorized password installation by password protecting the administrator account on your PC.

Only download files from trusted websites, and avoid torrents and software cracks, which are often seeded with spyware.

Never click “Agree,” “OK,” “No,” or “Yes” in a popup. Instead, hit the red X or shut down your browser by hitting Ctrl-Alt-Delete.

Keep your operating system’s security patches updated, and be sure to install the latest, most secure version of your browser. And Run McAfee Total Protection, including spyware removal.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing spyware on Fox Boston (Disclosures)

3 Year Old’s Identity Stolen To Buy Porn

A thief hacked into a woman’s checking account and used her daughter’s name on an electronic check to pay for an online porn subscription. The FBI believes this is a relatively new scam, with reports coming in from across the country.

The little girl isn’t a signer on the account, but the bank cashed the check for $29.95 made out to a porn company in her name.

“Somebody took money from me, somebody took my account number, somebody used my daughter’s name for porn,” the mother says.

According to the Colorado Banker’s Association, “any company you send a check to has enough information to steal from you… Online bill pay isn’t any safer because criminals have been known to hack into computers.”

That’s a serious statement from a bank representative. I can’t help but wonder if it was translated correctly? She went on to note that many checks were being cashed for small amounts, which doesn’t send a red flag to banks.

Consumers often overlook these smaller transactions, or “microcharges,” which are fraudulent charges ranging from 20 cents to $10. The victims of this particular scam would see the fictional merchant’s name and toll-free number on their debit or credit card statements. If they called to dispute a charge, the phone numbers would be disconnected or go straight to voicemail. Many frustrated consumers don’t even bother to dispute the charges.

This scam can often be fixed by paying attention to your statements and refuting charges within a specified time frame. You have up to 60 days, at most, depending on the nature of the card. Check with your bank.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing child identity theft on NBC Boston (Disclosures)

Identity Thief Steals Identity For 17 Years

This mess Joseph Kidd stole Larry Smith’s identity 17 years ago, when Smith was 50 years old. While operating under Smith’s identity, Kidd “spent time in jail, as sent to prison, paroled, obtained welfare and Medicare benefits, and got married.”

He did all this using Smith’s name, which means that Smith has had to deal with the imposter’s actions from afar, as if he himself had a criminal record, was married, and on welfare. While the real Smith has no criminal record, he spent eight days in jail because of Kidd’s crimes. The real Smith has had liens placed on his home, was denied medical care, and lost his driver’s license, all because Kidd stole his identity.

When people ask, “Why would anyone steal my identity? I have no money,” I point to Kidd. When they say, “But I have bad credit,” I point to Kidd. When they say, “I don’t have a computer or credit cards. I pay cash and I don’t bank online,” I point to Kidd.

This is what identity theft looks like. Identity theft goes way beyond your computer being hacked or your credit card number being used without your permission. What happened to Larry Smith is identity theft.

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing an identity theft pandemic on CNBC. (Disclosures)

Identity Theft Ring Operates From Federal Prison

For nearly a year, a prisoner at Fort Dix Federal Correctional Institution operated an identity theft ring from his jail cell. “Federal prosecutors say the man was able to get personal information communicated to him while in the prison, including names, addresses, and Social Security numbers of credit card holders at various department stores. He would then contact the stores and add additional users to the accounts or open new accounts in the person’s name.”

His eight accomplices, who used the fraudulent credit accounts to spend more than $250,000, recently pled guilty to charges related to identity thefts.

This type of organized crime ring is made up of many players, including:

Kingpin: This ringleader intimidates those on the outside into acting on his behalf while he’s behind bars. His associates are primarily motivated by money, but the kingpin often relies on violence to keep them in line.

Insiders: Department store employees had access to account data. These insiders violated the trust of their employer and fed the information to the ringleader in prison.

Mules: Street level criminals who don’t mind being recorded on surveillance cameras will often use the stolen accounts to make big-ticket purchases in stores.

Store clerks: Mules often need a cohort at the register who allows a purchase to be made without checking the mule’s ID.

Fences: The fraudulently purchased merchandise end up being handled by a fence, who sells the items on the black market or trades them for drugs. Fences often interact with drug dealers, who tend to have the money for purchases.

A similar group targeted Apple stores, obtaining stolen account numbers, which they used to forge credit cards and buy laptops, iPhones, and other items. Again, a ringleader orchestrated the scheme from behind bars.

This is what we are up against: organized criminals with no consideration for the law, working in trusted positions with access to our information. You can shred all day and limit the amount of information you give out. But your identity is at risk, no matter what.

It is important to observe basic security precautions to protect your identity. However, the safety of your information with corporations and other entities that you transact business with is very often beyond your control. Consumers should consider an identity theft protection product that offer daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Identity Theft Victim Held Hostage By Bank

The Huffington Post reports, “The Identity Theft Resource Center says Ty Powell is a victim of identity theft. Freddie Mac says he hasn’t paid his mortgage in two years. The local paper says he’s dead. Powell says, ‘I don’t know what to say.’”

Powell bought a house in Arizona from a builder, paying $217,000 in cash that he made playing professional basketball in Brazil. While he was in Brazil, someone sucked the equity out of the home to the tune of a $376,703 mortgage, and of course, defaulted. It is believed that the builder, who had the personal information on Powell, took out the loan and even paid some of the debt in order to keep the scheme until after Powell had taken possession of the house.

Then one day, Powell gets an eviction notice saying he has to move out of his home because of the unpaid mortgage. Unfortunately, it’s been demonstrated time and again that when it comes to being an identity theft victim, you are guilty until proven innocent.

Freddie Mac’s spokesperson replies, “We believe the foreclosure was legitimate because the loan secured by the property was in default. Despite a mortgage workout in 2008, no mortgage payment had been received since January 2009. We have also referred the matter to our fraud investigations unit.”

The local paper incorrectly reported that Powell had died of a heart attack. This was more than likely planted by the identity thief so that a death certificate would be issued, making it difficult for the bank to proceed.

Meanwhile, the scammers opened new credit card accounts and got a fraudulent driver’s license in Powell’s name.

Most, if not all, of this was preventable.

To ensure peace of mind —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. Please see Guarantee for details. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Protecting Mail from Identity Theft

While criminal hackers are cracking databases and stealing millions of electronic records every year, street level identity thieves are a more insidious element of the identity theft epidemic. Thieves of this nature live in your neighborhood. In some parts of the country, local identity thieves tend to be meth heads.

Local identity thieves understand all too well that the money is in your mailbox. They simply open your mailbox and steal any mail that could provide an opportunity for identity theft.

Think about what comes in the mail. Bank, credit card, and financial statements. Utility, mobile phone, and membership statements. Pension, Social Security, and benefit statements. Employment, tax, and income statements. Checks, disbursements, and credit card offers.

These sensitive documents contain enough information for an identity thief to take over your existing accounts or open new accounts in your name. While some data is left off paper statements for privacy’s sake, they generally contain enough sensitive details for a thief to impersonate you over the phone in order to obtain even more details, enough to fill in the puzzle pieces of your identity.

Protect yourself by getting rid of paper statements. Electronic statements in your email inbox are eco-friendly and more manageable and secure than paper statements.

Get a mailbox with a lock. You can get a chain for under $60 at most hardware stores, which allow the carrier to put mail in the box, but requires a key to get mail out.

Get a P.O. box. Any sensitive mail that I can’t receive digitally goes to my P.O. box. A P.O. box is locked, and the only one with access is the postal carrier.

If you go more than a few days without receiving new mail, it may be getting stolen, so call the post office.

Pay attention to the delivery dates of all bills. You should know when to expect recurring mailings, so you’ll notice if they don’t arrive on schedule.

Have yourself removed from the Direct Marketing Association’s lists. Eliminate all unnecessary solicitation to minimize mail that creates a risk.

Opt out of preapproved credit card offers. Go to OptOutPrescreen.com or call 1-888-5-OPT-OUT (1-888-567-8688) and get removed now.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

When a Good Guy Steals Your Identity

Chris Roberts is a hacker. But not a black hat hacker, like the bad guys you may associate with the term. He’s a white hat hacker, or an ethical hacker, and no, that isn’t an oxymoron. Chris is the kind of guy you definitely want on your team, because if he weren’t, he’d be your worst nightmare.

I had the opportunity to meet up with him at the McAfee Focus 2010 event. His appearance fits the hacker stereotype: he’s tall and lanky, with a Viking beard and, I’m pretty sure, some tattoos. And he carries around a bag of tricks that could probably take down the Pentagon. He’s got every sort of gadget that could be used to sniff, spy, and hack.

Companies hire Chris to determine what their weaknesses are, and how vulnerable they are to a potential attack.

NetworkWorld profiled Chris, and, in the article, he brought attention to the fact that many people assume they won’t be targeted by identity thieves because they don’t have money, or status, or even good credit:

“So many people look at themselves or the companies they work for and think… Why would somebody want something from me? I don’t have any money or anything anyone would want… While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal.”

No kidding.

Your Social Security number, which represents your total identity, is always valuable to a criminal. Because our system lacks full accountability when it comes to identification, anyone can use your data to pose as you.

Until the day comes, if it ever does, that we are effectively identified and authenticated, we will always be vulnerable to imposter fraud and identity theft.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss credit and debit card fraud on CNBC. (Disclosures)

Criminal Hackers Responsible For Most Data Breaches

According to the Identity Theft Resource Center, there were at least 662 data breaches in 2010, which exposed more than 16 million records. Nearly two-thirds of breaches exposed Social Security numbers, and 26% involved credit or debit card data.

The ITRC elaborated, “Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events that occur. It is clear that without a mandatory national reporting requirement, many data breaches will continue to be unreported, or under-reported.”

The majority of these attacks were malicious hacks or insider theft, rather than the result of employee errors. InformationWeek reports, “Some states, but not all, have data breach notification laws, which require any organization that suffers a breach to notify that state’s affected residents. Interestingly, the ITRC found that information about 29% of the 662 reported breaches for 2010 could be credited to authorities in those states.”

The Privacy Rights Clearinghouse’s Chronology of Data Breaches found that more than 500 million sensitive records have been breached in the past five years. Examples of incidents in which personal data is compromised, lost, or stolen include “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

Cases of identity theft are skyrocketing, and 32% of all identity theft victims had their Social Security numbers compromised.

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using those numbers to open new financial accounts, or to obtain credit cards, mobile phones, or even bank loans. Some victims have had their mortgages refinanced and their equity stripped.

To protect yourself from a similar fate, you can:

1. Refuse to provide your Social Security number.

2. Invest in an identity protection service. There are times when you cannot withhold your Social Security number, but an identity protection service can monitor your personal and financial data. McAfee Identity Protection provides alerts if your information is misused, credit monitoring and unlimited credit checks, and if necessary, identity fraud resolution. (For more information, visit CounterIdentityTheft.com.)

3. Protect your PC. McAfee Total Protection software provides the most effective protection of the data stored on your computer against virus, online and network threats.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss the use of Social Security numbers as national identification on Fox News. (Disclosures)

One In Seven Social Security Numbers Are Shared

More than 20 million Americans have multiple Social Security numbers (SSNs) associated with their name in commercial records according to a new study announced in December from ID Analytics, Inc. The study found that rather than serving as a unique identifier, more than 40 million SSNs are associated with multiple people.

6.1 percent of Americans have at least two SSNs associated with their name.  More than 100,000 Americans have five or more SSNs associated with their name.

Dr. Stephen Coggeshall, chief technology officer, at ID Analytics said. “Most of these cases of duplication are likely due to simple data entry errors as opposed to deliberate falsification. Nevertheless, organizations expose themselves and their customers to risk if they solely rely on the SSN to verify an individual.”

ID Analytics analyzed 290 million Social Security numbers, and found that 1 in 7 are associated with more than one name. Anywhere from 3-4 million names are directly used to commit fraud.

MSNBC reported the same study showed 140,000 SSNs are connected to 5 or more people and 27,000 SSNs are connected to 10 or more people.

Some of these secondary SSNs are the result of typos where an administrator may incorrectly enter a digit and then that secondary SSN is now connected to a person’s credit going forward.

In other cases it is deliberate fraud. When the same person is shown using multiple Social Security numbers on purpose then a flag is raised.

Consumers often find out their SSN is compromised as a result of being denied credit or when bill collectors call them for non payment.

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Man Arrested For Stealing 15,000 Social Security Numbers

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using the numbers to open new financial accounts. Criminals use stolen Social Security numbers to obtain mobile phones, credit cards, and even bank loans. Some victims whose Social Security numbers fell into the hands of identity thieves have even had their mortgages refinanced and their equity stripped.

WTEN.com reports an arrest has been made of an individual alleged to have illegally downloaded personal information, including Social Security numbers of about 15,000 people.

Police arrested a man “for stealing the collection of Social Security numbers from computers belonging to contractors working for the Office of Disability and Temporary Assistance, which is the New York state agency that decides some initial disability claims for Social Security.”

As in most cases of data theft, the Office of Disability and Temporary Assistance will notify and provide credit monitoring services to affected individuals.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of incidents in which personal data is compromised, lost, or stolen, for example “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

The fact that the entire population of the United States has had their information compromised more than 1.5 times, why wait for another breach to get personal information monitoring?

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information including use of Social Security number and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)