Posts

2017 Was the Worst Year for Identity Theft EVER!

Javelin Strategy & Research recently released its Identity Fraud Study, and it revealed that the number of identity theft victims rose by 8% in 2017 when compared to 2016. That’s almost 17 million people, which is a record high. Despite more information and industry efforts to make people aware of these practices, $16.8 billion was stolen due to ID theft in 2016.

The study also showed a shift in how ID theft fraud was being done. Credit card accounts were the most common targets for new account fraud, we also see that there is a big uptick in other accounts being targeted, including PayPal accounts and e-commerce merchant accounts. We can also see that more than 30% of consumers in the US were notified that their information was part of a data breach, which is 12% higher than the year before. Social Security numbers also seem to be a favorite of ID thieves, as are credit card numbers. We also see that due to these breaches, consumers are becoming less trusting when it comes to companies and financial institutions that are storing personal data.

The Trends

There were four noteworthy trends that were also found in this study:

  • There was a Record High Rate of Identity Fraud – The study shows that almost 7% of all consumers were victims of ID fraud. This was almost a million people from 2016. This was mostly due to more account takeovers and more instances of fraud.
  • Account Takeover Has Grown – One of the most shocking things found in this study is that account takeover has tripled when compared to 2016 and has reached a four-year high. This is a 120% increase. It was also noted that the average victim had to pay an average of $290 out of pocket to solve these issues, and consumers spent more than 62 million hours trying to work these issues out.
  • Scammers Target Online Shoppers – The study also shows that people who shop online are most at risk of becoming a victim of fraud.
  • Scammers are More Sophisticated – Finally, the study showed that fraudsters are more sophisticated than ever before, and they use more complex methods than ever before.

Finally, the Identity Fraud Study did something new this year, too. It looked at the way news of data breaches has affected consumers. About 63% of people who responded say that they were “very” or “extremely” concerned about becoming a victim of a data breach.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

15 ways to prevent Travel related Identity Theft

See if you’ve been employing the safeguards below to protect your identity while traveling.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813#1 Put snail mail on hold.

Crooks love to scavenge through overflowing mail boxes to seek out personal information to steal an identity. Prevent this by arranging the postal service to put a stop on your mail.

#2 Clean up, thin out.

It’s been said that the laws of physics are defied when a woman empties her purse. Before traveling, dump out anything and everything: drug prescriptions, old memos, business cards, even expired documents. A thief could use this information to steal your identity.

#3 Be cautious with public computers.

A public computer is a very fertile area for identity theft, and this includes the computer in your hotel’s lobby. Never save passwords or use the auto-save function for forms. When you’re done, delete the search history. Never visit your financial institutions’ sites either.

#4 Wireless means watch out.

Free public Wi-Fi means anyone can snatch your personal information out of the air because this kind of Wi-Fi does not include encryption (which scrambles data). Use Hotspot Shield on your PC, Mac, tablet and mobile to encrypt your wireless communications.

The ability to snag your private information requires only a basic knowledge of computers plus a simple plugin, and voila—this person can spy on your browser activities. Try to use only WEP, WPA and WPA2 networks. Otherwise, visit only secure websites (they have the “https” in their address).

#5 Keep your phone number private.

Other than giving it to reps for your airline and hotel reservations, keep it to yourself. If it gets out, a fraudster could use it to pull phone scams on you.

#6 Protect your smartphone.

If your mobile device is loaded with personal information, it should have a home-screen-locking password. This can even be a fingerprint scan, depending on the model. Androids need antivirus the same as PCs do.

#7 Beware of ATMs.

ATMs can be fake or skimmers can be installed. A phony ATM kiosk can be set up on a street corner, beckoning for you. You swipe your card, and your card information is stored for later pickup by the thief who put the kiosk there.

If you must use an ATM, use a bank’s during regular business hours. Protect yourself from skimmers by blocking the keypad with your other hand as you enter your PIN. But still check your statements because keypad overlays can be installed too. Shred receipts immediately.

#8 Pay with cash.

Though stolen cash can’t be replaced, it also won’t lead to identity theft. Limit credit card use to secure payment systems found at major retail outlets and airports. Be suspicious of clerks who want to leave your visual range to swipe your credit card. And just plain don’t use a debit card when traveling.

#9 Don’t use your passport for ID.

Instead use your driver’s license or international ID. If you rely only on a passport and it gets stolen, you’ll end up in a bind you’ll never forget. Have backups of both scanned and available online.

#10 Hotel scams

Never give out private information over your hotel room’s phone, even if the caller says they’re from the front desk and need to straighten something out. Instead, deal with them at the front desk so you know it’s not a scam.

#11 Lock up valuables.

This doesn’t just mean jewelry, but use your hotel room’s safe to lock up passports, airline information, credit cards, cash and electronic gadgets unless you’re using them. Better yet, take them with you, or better still only travel with valuables you absolutely need.

#12 Review credit card statements.

Check your statements every month for unauthorized charges so that they don’t pile up.

#13 Encrypt laptop/mobile data.

When traveling with digital devices make sure to use encryption software that makes your data useless to a thief.

#14 Install tracking software.

Mobile devices should have a lock/locate/wipe software that does just that in the even your device goes mobile without you.

#15 Get identity theft protection

Both identity theft protection and a credit freeze should be used by everyone traveling or not.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Business Identity Theft; Big Brands, Big Problems

Cyber criminals go after brand names like vultures, infiltrating company websites, hijacking mobile applications and tainting online ads, among other tricks.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Some corporate websites aren’t as secure as business leaders think they are—and cyber thieves know this. They use the “watering hole” technique to infiltrate the system. Ever see an animal TV show in which the lions wait in the brush, camouflaged, for their unsuspecting prey to approach the lone body of water? You know the rest.

Think of the company’s website as the watering hole. The company typically uses “landing pages” to entice people to their main site, but leave the landing pages up after they’ve served their purpose. Here’s where trouble starts, fewer resources are devoted to monitoring or updating these pages, allowing hackers to pounce on the vulnerabilities and insert malicious code, luring visitors to malicious sites using the trusted reputation of the brand..

Ultimately, the brand name becomes associated with this. Some examples as reported by Forbes.com:

  • The nbc.com home page was infected with the Citadel/Zeus installation malware.
  • The U.S. Veterans of Foreign Wars’ website was infected with malware.
  • Third-party app stores are a source of downloaded malware, since these are usually un-policed. Apps can be repackaged with mal-code, creating an association of bad with the brand name of that app. The mal-code could gather personal data on the purchaser, which is then sold to data brokers, violating user privacy, making the user think pretty negatively about the brand name.
  • Malvertisements are malicious ads that crooks place on legit websites. These normal-appearing ads spread bad things around, and do NOT have to be clicked to trigger a viral attack.
  • Banner ads can also be the target of injected mal-code.
  • These clever crooks will even pose as an actual name-brand company and put up legitimate ads on a website, but then replace those with mal-ads over the weekend—which go undetected because IT departments are lax on the weekends. After oh, say, a few million computers and mobiles are infected, the thieves stick the original, legit ad back in, which makes their crime difficult to track.

Third-party networks place a lot of ads, making it very hard to hunt down malvertising fraud. This complexity can make it virtually impossible for companies to protect themselves against 100% of malicious attacks.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Risk Reduction: #1 Concern of Bank Boards

The Bank Director’s 2014 Risk Practices Survey reveals some very interesting information about the risk management programs that bank boards have in place.

11DIt’s classically challenging for many banks to assess how risk management practices affect the institution. However, banks that have worked at measuring the impact of a risk management program report favorable outcomes on financial performance.

Survey Findings

  • 97 percent of the respondents reported the bank has a chief risk officer in place or equivalent.
  • 63 percent said that a separate risk committee on the board oversaw risks.
  • 64 percent of banks that have the separate risk committee reported that the bank’s strategic plan plus risk mitigation strategies got reviewed; the other 36 percent weren’t doing this.
  • 30 percent of the respondents believed that the bank’s risk appetite statement encompasses all potential risks.
  • Of this 30 percent, less than half actually use it to supply limits to the board and management.
  • The survey found that the risk appetite statement, risk dashboard and the enterprise risk assessment tools aren’t getting fully used.
  • And only 30 percent analyze their bank’s risk appetite statement’s impact on financial execution.
  • 17 percent go over the bank’s risk profile monthly at the board and executive level, and about 50 percent review such only quarterly; 23 percent twice or once per year.
  • 57 percent of directors believe the board can benefit from more training in the area of new regulations’ impact and possible risk to the bank.
  • 53 percent want more understanding of newer risks like cyber security issues.
  • Senior execs want the board to have more training in overseeing the risk appetite and related issues.
  • 55 percent believe that the pace and volume of regulatory change are the biggest factors in leading to risk evaluation failures.
  • Maintenance of data infrastructure and technology to support risk decision making is a leading risk management challenge, say over 50 percent of responding bank officers, and 40 percent of survey participants overall.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Consumers worried about Identity Theft over Privacy

A recent poll of 1,000 Internet users reveals that they’re very concerned about security threats to their personal and financial information. Users also believe that the feds should step up more to protect them.2P

  • 80% are concerned that hackers will get into information they share.
  • 16% are on edge that businesses will use data they share online to send out unsolicited ads to them.
  • 75% are nervous their personal data will be hocked by hackers.
  • 54% worry their browsing history will be monitored for targeted advertising.
  • 57% have signed up for a two-step sign-in process.
  • 83% have required a password to unlock their devices at some point.

This small survey is indicative of the awareness that users have over security and their belief that the federal government needs to take more action.

Nevertheless, the respondents showed a proactive approach to protection, e.g., 73% don’t allow services to retain their credit card information; 65% set their browsers to disable cookies; 68% adjust privacy settings for online accounts; and 76% use a different password for different services.

But consumers give up privacy for “free”.

“The poll also shows that respondents have a lower level of concern about targeted online advertising as evidence by the fact that most would rather have a free Internet with targeted advertising than a paid service but with no advertising.  Twice as many say they prefer free online services supported by targeted ads (61%) over online services that they pay for but come with no targeted ads (33%)”

This is good news for companies providing free identity theft protection to their customers. On one hand customers want security; on the other hand they want “free”. So when offering up free identity theft protection, a consumer is getting their cake and eating it too!

CCIA

The Computer & Communications Industry Association is nonprofit and represents a large cross section of communications, computer and Internet industry businesses. CCIA promotes innovation and the preservation of fair competition throughout industry. Over 600,000 people are employed by CCIA, and yearly revenue exceeds $200 billion.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Identity Theft – Common Consumer Errors

The major problem that consumers face today is a fundamental lack of understanding of what identity theft actually is. Most people think of identity theft as when someone uses your credit card without your permission. Fraudulent credit card use is certainly a multibillion dollar problem, but it’s only one small part of the identity theft threat. A comprehensive understanding of what identity theft and what it is not empowers citizens to make informed decisions about how they should protect themselves.

People who have been victimized by identity theft often have a difficult time functioning as a result of their circumstance. Some deal with minor administrative annoyances whiles others suffer financial devastation and legal nightmares.

No one is immune to identity theft:

A woman contacted me who was previously a very successful real estate agent and the president of her local real estate group. She had climbed the ranks from sales to broker/owner and oversaw dozens of employees. A former boyfriend stole her Social Security number and his new girlfriend used it to assume her identity. Over the course of five years the ex-boyfriend and his new girlfriend traveled the world on stolen credit and destroyed the real estate agent’s ability to buy and sell property. Her real estate license was suspended and her life was turned upside down.

Awareness is key:

Do you carry your Social Security number or a Social Security card in your wallet? Do you provide this number to anyone who asks for it? The most commonly dispensed advice in response to these questions is: don’t carry the card and don’t give out the number. But in reality, there are many times when you have to use your Social Security number. Because this number is our primary identifier, we have to put it at risk constantly. Refusing to disclose your Social Security number under any circumstances is like refusing to eat because the food might be bad for you. There are always risks. The key is managing those risks and making smarter decisions.

Do you know what ATM skimming is? Have you seen a skimmer? Have you been phished? Would you know what a fraudulent auction looks like? Do you put your name on a “stop delivery list” when you travel? Do you know how to update the critical security patches in your computer’s operating system? Do you know if the doctor’s office your child just went to has done background checks on all the employees who handled your and your child’s Social Security number? Most people struggle to answer questions like these.

We live in a technologically dependant time and we rely on all these tools and modes of communication, and most people do not understand the risks. The good news is, I do. And McAfee does. And what we do is keep you informed of your options, so that you know how to protect yourself and your family.

The most important thing you can do right now is not worry about this stuff. But you do need to take some time to educate yourself.

Download McAfee’s eGuide,“What You Need to Know to Avoid Identity Theft.”

Take five minutes to assess your risk of identity theft. Fill out the Identity Theft Risk Assessment Tool to get your “risk profile.”