Posts

Before You Share, Ask Yourself “Is This TMI?”

/in /by

Social networks and new online services make it easy to share the details of our lives, perhaps too easily. With just a few clicks, posts and messages, you can give away enough personal information to compromise your privacy and even open yourself up to identity theft.

Hackers use information you post online to try and trick you into giving up access to your email, social networking and financial accounts. And sometimes they can use the information you post online to reset your account passwords so you no longer have access to them as your pet’s name, mother’s maiden name are often the security challenge questions for online sites.

Where you went to elementary school, your favorite food, where you honeymooned, your first grade teacher, father’s middle name, mother’s maiden name, kids names, birth dates, where you vacation, your high school sweetheart, your home phone number, mobile number and even your email address: All this information, believe it or not, unfortunately, is way, way, Too Much Information (TMI).

Not sure if you are guilty of online TMI? Take a look at some of these numbers:

Consumer Reports found that 52% of social network users have posted personal information online that can increase their risk of becoming victim of a cybercrime.

McAfee’s recent study found that 95% of 18-23 year olds believe it is dangerous to post personal or intimate information (social security number, banking information about yourself, who you date, personal activities, etc.) yet 47% of them post this type of information online.1

80% of 18-24 year olds have used their smartphone to send personal or intimate text messages, emails or photos and 40% of them have asked their ex to delete intimate photos or messages and later regret sending those photos or videos.2

78%  of recently jailed burglars admitted they used social networks like Facebook, Twitter, and Foursquare to plan burglaries around their victims’ posted vacation times.3

1 in 3 employers reject applicants based on Facebook posts, according to a survey of 2,300 hiring managers released by CareerBuilder.com.

McAfee found that 20% of 18-24 year olds know someone who has been fired or they themselves were fired because of personal images or messages posted online.

Here are some tips to remember:

Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.

Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.

Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.

Only send personal data over a secure connection—Never shop, bank, or enter passwords or credit card numbers over public Wi-Fi or free hotspots, like in cafes or airports.

Turn off the GPS (Global Positioning Service) function on your smartphone camera—If you are going to be sharing your images online, you don’t want people to know the exact location of where you are.

Consider sharing vacation photos when you’re back home—Sharing photos of your trip and announcing you’re on vacation is fun, but it’s also announcing to would-be thieves that it’s a good time to rob your home.

Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so keep it positive.

Posting personal information and photos on networking sites can be fun and convenient, but it can also lead to identity theft, cyberbullying, or hurtful gossip. What’s more, mistakes and triumphs that used to fade over time in the real world are now archived on online for all to see. In an age when smartphones double as shopping carts, photo albums, and even personal assistants, knowing what personal information you share matters more than ever. Before you post, remember to: Stop. Think. Is this TMI?”

To join the conversation use #IsThisTMI or follow McAfee on Twitter @McAfeeConsumer or Facebook. And help spread the word about TMI by going to www.mcafee.com/TMI and learn how you can be entered to win an Intel-inspired Ultrabook™ or subscriptions to McAfee LiveSafe™ service.

1 TRU and McAfee, Online Safety survey, April 2013

2 MSI and McAfee, Love, Relationships and Technology survey, January 2013
3 http://www.friedland.co.uk/EN-GB/NEWS/Pages/Whats-your-status.aspx
4 MSI and McAfee, Love, Relationships and Technology survey, January 2013

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Connecting the Dots–How Your Digital Life Affects Identity Theft and Financial Loss

/in /by

You’re on Facebook, LinkedIn and Twitter. You use Gmail, Yahoo! and bank online. You might buy stuff on sites like Amazon and occasionally make purchases from eBay. Sometimes you apply for a loan online and maybe open up a credit card account too. This is all commonplace in today’s digital world.

So how does all this lead to identity theft and financial loss?

With the convenience of the Internet and all the digital devices available to use today—laptops, smartphones, and tablets—we unknowingly provide a lot of information online that could expose us to identity theft. Access to your personal information is what gives hackers the power to tap into your accounts and steal your money or your identity.

Here are some of the ways that hackers use our information against us:

Social media: These sites continue to grow in popularity and you may be putting more information on these sites than you should. Even though you may assume that only people in your personal network can access this information, that’s not always the case.

Email: It’s been said that if you own a person’s email, you own the person. This means that once your email account is hacked, pretty much your entire digital life is up for grabs. So even if you’ve done your due diligence to have all your passwords be different, if your email is hacked and it is associated with your other online accounts, the hacker could simply use a reset password and get access to all your other accounts.

Online shopping: This is another activity where you need to be cautious since hackers can potentially steal your information from an unsecured or phony site. If you’re on a phony site, you are giving your information directly to the hacker or you could be on a site that is automatically downloading malware to your device that could do things like track every site you visit and everything you type on your keyboard and send that to a hacker.

Wireless networking—Even if you are being cautious with our online activities, hackers can still grab your information if you aren’t smart when using Wi-Fi connections. That’s why when you’re using those free hotspot connections in cafes or airports, it’s important for you not to access your banking or personal sites as the transmission of data is not secure.

There are many ways to skin a cat, as they say (a rather morbid expression), but having your identity stolen and losing money is unfortunately too easy when your information is spread so thin. So it’s not enough to just sit back and hope you aren’t hacked. The fact is you need to up your security intelligence and invest in additional layers of security.

All of these scams prey on your trust and on your personal information, so follow these basic steps to protect yourself:

Click with caution: Be careful when clicking on links in emails, texts, social media posts, and instant messages, especially if they are from people you don’t know.

Be careful what you share: Think about what you post online—is that thing you so badly you want to share something you’re ok with your grandmother or an employer seeing? If not, then don’t post it. In fact, you should consider anything posted on the Internet as something written in permanent pen, not pencil—as in, it’s there forever.

Use common sense: Follow the old caveats about not clicking on links in emails, texts, social media posts, and instant messages from people you don’t know, and always exercise caution when it comes to sharing any sensitive information.

Educate yourself: Keep up to date about the latest scams and tricks hackers use to grab your information so you can avoid potential attacks.

Use comprehensive protection: Because there are a variety of ways in which hackers can access your information, you need to make sure that you employ a comprehensive security solution like McAfee LiveSafe™ service that protects all your devices, your identity and your data.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Florida Retirees Frequent Identity Theft Targets

/in /by

A lot of Floridians are retirees who spend their days around the pool or at the beach. The warmer weather attacks both golden agers and unfortunately identity thieves. Criminals know that retirees have money in the bank, retirement accounts and credit cards with high limits.

TechNewsDaily reports, “On a per capita basis, 361 Floridians out of every 100,000 were the victims of identity fraud in 2012, according to the Federal Trade Commission’s latest figures. Georgia ranked second, with 194 reports per 100,000, and California ranked No. 3 at 123 per 100,000—a third the rate of victims in Florida.”

Two types of identity theft often affect retirees: new account fraud and account takeover.

New account fraud refers to financial identity theft in which the victim’s personal identifying information, often a Social Security number and good credit standing, is used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Account takeover is discovered when victims notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim’s established spending habits. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks.

Protecting yourself from new account fraud requires more effort than account takeover. You can attempt to protect your own identity by getting yourself a credit freeze or setting up your own fraud alerts. There are pros and cons to each.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place—saving your nest egg for your golden years.

 

Identity Theft Rings Focus On Loans and Credit Cards

/in /by

Identity theft rings are in every state, victimizing approximately 10 million people a year.

In Wycoff NJ, 11 men and women were arrested on charges of stealing identities to open credit cards in an alleged scheme that is believed to have defrauded more than 70 victims.

Patch reports: “Credit cards were opened in the victims’ names, and charges were made on their behalf by “authorized buyers.” The task force investigation found that most of the victims had recently refinanced or applied through.”

In Tyler TX 45 people were victimized in a loan in an identity theft scam using loan fraud. KLTV reports “They had obtained information on citizens, names, date of  birth, social security numbers and so on. Enough so that when they went online to these loan companies then they took out a loan in someone else’s name. Then, they went to a bank and opened an account in their true name and had that money wired to their account.”

Consumers must:

  • Protect themselves from account takeover by monitoring their accounts closely, protect their passwords, and refute unauthorized charges.
  • Protect themselves from new account fraud by locking down their credit with a credit freeze or identity theft prevention services.
  • Protect their devices with antivirus, antispyware, antiphishing and a firewall.

Identity theft will continue to plague citizens until smart systems are put in place to mitigate new account fraud and account takeover. Businesses are engaging an emerging device identification technology by Oregon-based iovation Inc. that spots cybercriminals by analyzing the reputation of computers and mobile devices used to connect to online businesses. They proactively investigate for suspicious activity and check for characteristics consistent with fraudulent users.

In one major case, iovation helped bust a fraud ring that victimized over 15 people where tens of thousands of fraudulent charges were racked up. The case started when a report of $5,000 in fraudulent credit card charges at a large electronics store and two department stores was reported. It just so happens that the credit issuer was using iovation to flag fraudulent credit card applications and tracking that back to the specific computers and mobile devices used. This information, combined with surveillance photos and other offline detective work, provided the perfect blend of digital and physical data that law enforcement needed to bust the crime ring.

How Do I Restore My Identity Once It Has Been Stolen?

/in /by

The Federal Trade Commission offers invaluable tools for restoring your identity if it has already been compromised. The tools can be found at the FTC Recovery Guide page. On this website, you will find a complaint form, affidavit of your identity, and sample letters. You will also find a log to chart your actions while restoring your identity. It is important to utilize this log to keep a record of contacts you have made with the authorities, credit card com­panies, banks, and credit bureaus. If something gets lost in the process, the log ensures detailed notes to help prove your efforts, and ultimately, rescue your identity from a criminal.

If you have an all-encompassing identity theft protection service, your provider can take care of much of the restoration.

The first call you make should be to the police, to report the crime. According to the FTC, “A police report that provides specific details of the identity theft is considered an Identity Theft Report, which entitles you to certain legal rights when it is provided to the three major credit reporting agencies or to companies where the thief misused your information. An Identity Theft Report can be used to permanently block fraudulent information that results from identity theft, such as accounts or addresses, from appearing on your credit report. It will also make sure these debts do not reappear on your credit reports. Identity Theft Reports can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. An Identity Theft Report is also needed to place an extended fraud alert on your credit report.”

When filing an identity theft report, you will first want to fill out an ID Theft Complaint with the FTC, which you should bring with you to the police station.

They key to restoring a stolen identity is to exercise patience. Recognize this is not the end of the world, it’s an inconvenience and can be fixed with time and persistence.

Identity Theft on the Rise…Again

/in /by

CaptureAccording to a report released by Javelin Strategy and Research and another by the FTC, the incidence of identity fraud increased in 2012 for the second consecutive year, affecting 5.26 percent of U.S. adults. This increase was driven by dramatic jumps in the two most severe fraud types, new account fraud (NAF) and account takeover fraud (ATF).

Key findings from the FTC’s report:

  • Over one million complaints were fraud-related. Consumers reported paying over $1.4 billion in those fraud complaints; the median amount paid was $535.
  • Fifty-seven percent of all fraud-related complaints reported the method of initial contact. Of those complaints, 38 percent said e-mail, while another 34 percent said the telephone. Only 9 percent of those consumers reported mail as the initial point of contact.

Key findings from Javelin’s report:

  • Identity fraud incidents and amounts stolen have increased. The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion—a three-year high, but still significantly lower than the all-time high of $47 billion in 2004. This equates to one incident of identity fraud every three seconds.
  • One in four recipients of a data breach notification became a victim of identity fraud. This year, almost 25 percent of consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010. The study found consumers who had their Social Security number compromised in a data breach were five times more likely to be a fraud victim than an average consumer.
  • Small retailers are losing out. Fraud victims are more selective where they shop after an incident, and small businesses were the most dramatically impacted. The study found that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants. This is a much greater percentage than those that avoid gaming sites or larger retailers.

With iovation’s services, when computers or mobile devices with fraudulent histories connect to a retailer’s website, the business is alerted in real time. If velocity or geolocation alerts are triggered, the retailer knows that too, also in real time. The company maintains a living database of device intelligence, sharings the data across its global base of finance, gaming, travel, shipping, dating, and retail clients. Information is shared in order to detect fraudulent activity as soon as possible—before a product is shipped and chargebacks and fees are incurred. iovation calls it device reputation; I call it another bit of common sense for retailers.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Phony Identities Result in $200 Million Fraud

/in /by

Recently, the FBI arrested 13 people in four states. Their crime? Allegedly creating thousands of phony identities with which to steal at least $200 million in one of the largest credit card fraud schemes ever charged by the Department of Justice.

Bloomberg reports that after using 7,000 false identities to obtain 25,000 credit cards, the conspirators ran the scam through real businesses such as jewelry stores, and at least 80 sham companies under more than 1,800 addresses. Capture

The defendants charged in the complaint allegedly used fake Social Security numbers to fabricate identities and obtain credit cards, doctoring credit reports to pump up the cards’ spending and borrowing power. They would then borrow or spend as much as they could (based on their fraudulently-obtained credit history) and proceed to default on the debts, robbing businesses and financial institutions of more than $200 million in confirmed losses. When the credit card balances went unpaid, there was no one to hold responsible. In the end, however, retailers, merchants, banks, and credit card companies paid the bills.

According to a statement by the FBI, “This elaborate network utilized thousands of false identities, fraudulent bank accounts, fake companies, and collusive merchants to defraud financial institutions of hundreds of millions of dollars in order to facilitate extravagant lifestyles they could otherwise not afford.”

It appears that this scam was particularly lucrative for the criminals because there were no actual flesh-and-blood victims of identity theft to take notice.  One device may be opening a new credit card account—then going to an online retailer and applying for instant credit—all within minutes. Frauds like this, while highly sophisticated in nature, can be detected early with the right tool in place. Through velocity triggers and shared experience across multiple businesses, iovation can proactively detect the activity, alert affected businesses, and thwart the attacks. This is great news for the protected businesses, and also great news for the consumers who would otherwise be dealing with fraudulent charges made under their identities.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

FTC: Identity Theft Top Complaint Once More

/in /by

Last year, 2012, marks the first year in which the FTC received more than two million complaints overall, and 369,132, or 18 percent, were related to identity theft—an increase of 30% over 2011. Of those, more than 43 percent related to tax- or wage-related fraud.

As the internet grows ever more pervasive and essential, we find ourselves conducting most of our business online. We use the internet to shop, pay bills and manage bank accounts. We will increasingly rely on the electronic exchange of personal information as the internet continues to evolve and become even more consumer friendly. Subsequently, criminals will also evolve, working day and night to find and exploit vulnerabilities within our networks. These hackers will not sleep until they gain access to all of our information, which they can utilize to steal our identities or gain access to our financial accounts.

Statistics show that one in four American adults has been notified by a business or organization that his or herinformation has been compromised due to a data breach. This means that you could be taking all the necessary precautions to keep your information safe, but by simply doing what every other person in the world does—sharing your Social Security number or credit card information with a trusted organization—you put yourself and your security at risk. So, how do you protect yourself?

  • Lock down your PC with antivirus, antispyware, antiphishing and a firewall.
  • Always keep your devices’ OS and critical security patches updated.
  • Consider getting a credit freeze and/or identity theft protection.
  • Shred—don’t just throw away—personal information.
  • Lock down your wireless network with WPA2 encryption.
  • Protect data on wireless devices, particularly when using a public WiFi network, with a free VPN such as Hotspot Shield.

By following these guidelines, you will keep your identity safer. You know who you are; don’t let anyone else think he can be you.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10,000+ Identity Theft Rings In The U.S.

/in /by

Identity theft is the easiest crime to commit and the hardest crime to get caught for. It has been said numerous times that identity theft is the closest we’ve ever come to the perfect crime.  This explains why a recent study by ID Analytics found more than 10,000 identity fraud rings in the U.S.  An identity fraud ring is a group of people actively collaborating to commit identity fraud. This study is the first to investigate the interconnections of identity manipulators and identity fraudsters to identify rings of criminals working in collaboration.

In a press release, ID Analytics states that many of these fraud rings are made up of two or more career criminals, surprisingly, others are family members or groups of friends. The ring members may be either stealing victims’ identities or improperly sharing and manipulating personal identifying information such as dates-of-birth (DOB) and Social Security numbers (SSNs) on applications for credit and services.

Other findings of the study include:

Hotbeds for Fraud Rings—States with the highest numbers of fraud rings include Alabama, the Carolinas, Delaware, Georgia, Mississippi and Texas. The three-digit ZIP codes with the most fraud rings observed are areas around Washington DC; Tampa, Fla.; Greenville, Miss.; Macon, Ga.; Detroit; and Montgomery, Ala.

Fraud in the Countryside—While many fraud rings occur in cities, a surprisingly high number were also found in rural areas of the country.

Consumers’ best protection against identity theft begins with a credit freeze or identity theft protection. But businesses can do more to protect the public by not allowing stolen credentials to be used for fraud in the first place.

Identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials.  For businesses, what might typically look like a single transaction can often be calculated attacks across multiple businesses, according Oregon-based iovation Inc. and the businesses that it protects. One computer (or a group of related Internet-enabled devices including smartphones) may open new credit card accounts, make online retail purchases, and schedule shipment of stolen goods — yet iovation’s view of device-related activity can connect these relationships across multiple businesses, geographies and industries — in order to detect and stop cybercrime, and make the Internet a safer place to interact and do business.

Credit Card Fraud Really Isn’t Identity Theft

/in /by

With the holiday shopping season and after holiday season sales over, it’s time to review our credit card statements and make sure that everything that is on there was something you purchased. With most of us using our card a lot more during this time, there’s more chance of fraud or identity theft.

When most of us think of identity theft and being a victim of identity theft, we are really referring to credit card fraud. This form of credit card fraud is called account takeover and it occurs when a thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps you simply hand it over when paying at a store or restaurant.

Another form of credit card fraud is called new account fraud. This occurs when someone gains access to your name, address and, in the US, your Social Security number. With this data, a thief can open a new account and have the card sent to a different address. This is true identity theft as the thief has access to your personally identifiable information.

Once the identity thief receives the new card, he or she maxes it out and doesn’t pay the bill. Over time, the creditors track you down, hold you accountable for the unpaid bills, and demand the owed funds. New account fraud destroys your credit and is a mess to clean up.

Victims of account takeover are likely to discover the fraud in numerous ways. They may notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim’s established spending habits.

Credit card companies have anomaly detection software that monitors credit card transactions for red flags. For example, if you hand your credit card to a gas station attendant in Boston at noon, and then a card present purchase is made from a tiny village in Romania one hour later, a red flag is raised. Common sense says you can’t possibly get from Boston to Romania in one hour. The software knows this.

Victims of account takeover only wind up paying the fraudulent charges if they don’t detect and report the crime within 60 days. During that time, you are covered by a “zero liability policy,” which was invented by credit card companies to reduce fears of online fraud. Under this policy, the cardholder may be responsible for up to $50.00 in charges, but most banks extend the coverage to charges under $50.00.

After 60 days, though, you are out of luck. So pay attention to your statements. As long as you do, account takeover should not hurt you financially. Protecting yourself from account takeover credit card fraud is relatively easy. Simply make sure you pay attention to your statements every month and refute unauthorized charges for purchases you did not make.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.