Posts

Identity Theft Tops 2011 Consumer Complaints

The Federal Trade Commission today released its list of top consumer complaints received by the agency in 2011. For the 12th year in a row, identity theft complaints topped the list. Of more than 1.8 million complaints filed in 2011, 279,156 or 15 percent, were identity theft complaints. Nearly 25 percent of the identity theft complaints related to tax- or wage-related fraud.

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted.

The next nine complaint categories are:

Debt Collection Complaints

Prizes, Sweepstakes, and Lotteries

Shop-at-Home and Catalog Sales

Banks and Lenders

Internet Services

Auto Related Complaints

Imposter Scams

Telephone and Mobile Services

Advance-Fee Loans and Credit Protection/Repair

All of these scams can be avoided when the consumer does their necessary homework and puts systems in place to protect themselves. Some scam can be avoided just by knowing they exist and not falling for them. Others may require some form of a protection service while others simply require a little legwork and research to know your options. Always do searches on companies you do business with, check licenses and IDs, get second opinions and if it seems to good to be true, then you know the story.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

What Are the Latest Identity Theft Statistics?

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research, reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010. Countering this rise is the successful effort to combat identity fraud coupled with greater consumer awareness of the issue. While the number of fraud incidents increased, the total amount lost remained steady.

One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.

According to the survey the three most common items exposed during a data breach are:

— Credit card number

— Debit card number

— Social Security number

What Are the Latest Identity Theft Statistics?

Here are some eye-opening statistics:

•           500 million—the number of consumers from 2005 to 2009 whose personal and financial data has been exposed as a result of corporate data breaches—events the victims cannot control despite taking personal safety measures

•           400%—victims who found out about their identity theft more than six months after it happened incurred costs four times higher than the average

•           165 hours—the average amount of time victims spent repairing the damage done by creation of new fraudulent accounts

•           58 hours—the average amount of time victims spent repairing the damage done to existing accounts

•           43%—the percentage of identity theft occurring from stolen wallets, check-books, credit cards, billing statements, or other physical documents

•           1 in 4—number of American adults who have been notified by a business or checkbooks, credit cards, billing statements, or other physical documents

•           Once every three seconds—how often an identity is stolen

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

9 Warning Signs Your Identity Has Been Stolen

The Federal Trade Commission (FTC) provides the following list of warning signs that your identity may have been stolen:

  1. Accounts you didn’t open and debts on your accounts that you can’t explain
  2. Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your Social Security Number, address, name or initials, or employer
  3. Failing to receive bills or other mail (this could indicate that an identity thief has taken over your account and changed your billing address—follow up with creditors if your bills don’t arrive on time)
  4. Receiving credit cards that you didn’t apply for
  5. Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason
  6. Getting calls or letters from debt collec­tors or businesses about merchandise or services you didn’t buy.
  7. You may find out when bill collection agencies contact you for overdue debts debts you never incurred.
  8. You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan.
  9. You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

6 Tips for Cyber Monday

Bad guys know perfectly well that when the online bargains begin after Thanksgiving, specifically, on the Monday after Thanksgiving, you will be providing your credit card number to retailers all over the world.

1. Go big. Do your online business with major retailers, or those you already know, like, and trust. The chances of a major online retailer stiffing you, or of their database being compromised, are slimmer than those of an unknown.

2. Do your homework. If you search for a particular product and wind up at an unfamiliar website, do some research on the retailer before putting down your credit card number. Search for the company’s name and web address to see if there have been complaints.

3. Don’t give out more personal data than necessary. Many retailers require your name, address, phone number, and credit card information. This is normal. But if you are asked for anything beyond that, like bank account numbers or your Social Security number, run hard and fast.

4. Vary your passwords. Often, online retailers will ask you to register with their website when you make your first purchase. Never register using the same password you’ve already used for another website. Otherwise, if one website is hacked, your password could be used to infiltrate your other accounts.

5. Use HTTPS sites. Websites that have a secure checkout process, with “https://” in the web address (as opposed to “http://”) are safer.

6. Print out and save online receipts. Keeping track of what you bought, where, and for how much can become confusing when making multiple purchases online. You need to pay close attention to your purchases in order to reconcile your credit card statements.

Smart retailers are already protecting consumers behind the scenes by implementing multiple layers of fraud protection. One very effective fraud detection technology is the use of device identification and device reputation to alert businesses to known fraudsters on their site. iovation Inc. provides this service, taking it another level to analyzing the device’s reputation by assessing risk on each transaction.

“The most reputable online sites all ramp up their security processes during the holidays,” says Molly O’Hearn, iovation’s VP of Operations & Co-founder. “This is a very good thing for online consumers because this is the time of year that your identity and credit card information is most at risk.”

Whether you are buying electronics as gifts this holiday season, or sports and entertainment tickets for friends and family, iovation is working hard in the background of these sites to keep the bad guys out so you can have a safe and fun experience.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

The Evolution of Holiday Thievery

Black Friday, the day after Thanksgiving, kicks off the holiday shopping season. Retailers advertise Black Friday bargains in order to lure you through their doors.

As far back as I can remember, police have been warning of thieves who target cars in parking lots, smashing windows to steal shopping bags left in plain sight. Then, we’d be warned that as the Christmas lights went up, thieves would target the wrapped gifts underneath the tree. I thought, “It can’t get worse than this?”

Then Cyber Monday came along. It was born as a marketing opportunity that has taken on a life of its own over the past five or six years. Online retailers promote their Cyber Monday offers throughout the fall, creating hype that whips shoppers into a frenzy. It’s become as essential to the retail community as Black Friday.

Now the warnings are different: no longer so focused on crime in the physical world, but instead, on threats in the virtual world.

When shopping online, you risk unintentionally visiting an infected website, which could infect your PC with keylogging spyware, which would be used to steal your data. Or you might provide your credit card information to a legitimate online merchant that later falls victim to a data breach. Another risk is that you might order a particular product but receive something of lesser quality, or a different item entirely, and then have to contend with poor customer service.

And, of course, your identity might get stolen. Lovely. My, how times have changed!

Online retailers would spread more holiday cheer if they did their part to protect the public from credit card fraud by implementing device reputation. Device reputation, offered by iovation Inc., taps into a global device identification network that also contains millions of verified fraud and abuse events such as chargebacks, identity theft, shipping fraud on those devices. The device’s reputation is assessed in real time when a transaction is being attempted on a retailer’s website.  And when the device (such as a computer, phone or tablet) has no prior history, iovation profiles its potential risk for the online retailer, identifying high-risk activity before the transaction is approved or product shipped.

Stopping fraudulent transactions upfront spares many holiday revelers the burden of covering the bill for the gift lists of cyber criminals.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Holiday Headaches Coming for Consumers

Gearing up for the holidays, consumers are getting ready to pull a Wilma Flintstone and, “Charge it!” Many don’t realize that you cannot protect your credit card number. Every time you use a credit card, you increase the chances of that card number being used fraudulently.

  1. When handing your card to a clerk or cashier, pay close attention. The card should be swiped through a point of sale terminal or keyboard card reader once, maybe twice. If your card is swiped through an additional reader, the card number may have been stolen.
  2. Shop only at trusted sites. Phantom websites appear online all year round. They look legitimate, resembling well-known online retailers. But only do business those you recognize. Established online merchants are best.
  3. Unsolicited emails that request sensitive data such as credit card numbers or lead you to a too-good-to-be-true offer are most likely phishing emails. Don’t disclose your information, and don’t click unknown links.
  4. Check your credit card statements daily, if possible. Once a week is sufficient. Refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Internet crime schemes steal millions of dollars annually from victims.  If you are looking for more helpful tips, the Internet Crime Complaint Center is a great resource. Their site provides preventative measures that help you be more informed prior to making purchases on the Internet.

Holiday schemes will be in full force this year.  Charge or purchase wisely.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Introducing: 99 Things You Wish You Knew Before Your Identity Was Stolen

Yes, it’s a glorious day with the birth of my new book. I’ve spent 15 years in the trenches, reporting on all issues of personal security. Now I’ve taken what I know about protecting your identity and avoiding fraud and packed it all into 99 tips, a quick read of less than 35,000 words. Now you can also become an expert on how to protect yourself from these horrible crimes.

But I didn’t do it by myself. McAfee, the largest and most trusted name in digital security, helped me. Their teams of threat experts are constantly fighting off the bad guys, and I drew upon their vast experience and research.

In 99 Things You Wish You Knew Before Your Identity Was Stolen, I proactively demystify identity theft and computer fraud by presenting the relevant information surrounding these issues in the form of simple, bite-sized chunks, In order to make consumers, families, employees, and small businesses safer and more secure. Readers will learn the difference between scareware, ransomware and spyware. They’ll learn about the types of cybercriminals, such as black hats, crackers, script kiddies, and hacktivists. And most importantly, readers will learn how to protect their identities, both online and in the physical world.

As millions of consumers begin searching and shopping online during the holiday season, McAfee understands the necessity of spreading awareness of cybercriminals’ tactics and methods for protecting oneself from identity theft and online fraud.

So, from November 9th through the 15th, McAfee will be offering a complimentary PDF copy of my just-released book through Facebook. To get your free copy, click “like” on McAfee’s page.

After November 15th99 Things You Wish You Knew Before Your Identity Was Stolen will be available in print, ePub, and PDF, and can be found on Amazon, the Amazon Kindle, the Sony eBook Store, and 99-Series.com from $5.99-$14.97.

Robert Siciliano is an Online Security Evangelist for McAfee. See him discuss identity theft on YouTube. (Disclosures)

Bought a Car Recently? Watch Your Identity Information

Over the past 15 years, we have watched hackers’ evolution from “phreaking” phone systems, to hacking government agencies like NASA, and eventually creating viruses that take down networks. In the beginning, their primary motivations were fun, fame, and amusement. Over the past ten years, the game changed dramatically, from fun and fame to financial gain. Hackers targeted government agencies, then colleges, banks, retailers, credit card processors, hotels, and eventually, major multinational corporations.

Who are they hacking now? Well, everyone. And as journalist Brian Krebs has pointed out on his blog, Krebs On Security, they are targeting auto dealerships in a big way. Why? Because auto dealerships’ records include lots of Social Security numbers, which identity thieves can use to apply for credit cards in their victims’ names.

Krebs states, “Recent hacker break-ins at a half-dozen car dealerships nationwide are a reminder of just how easily one’s personal and financial information can be jeopardized by poor security at any of tens of thousands of organizations that have access to that data.”

This results in “new account fraud.” This is a form of financial identity theft in which victims’ personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are frequently used to commit new account fraud.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is a necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.  And when you are actively seeking credit, as Experian points out, “You should plan ahead and lift a freeze, either completely if you are shopping around, or specifically for a certain creditor, a few days before actually applying for new credit.”

Device reputation leader, iovation Inc., helps credit issuers spot new account fraud through the device intelligence that it provides back in real time. iovation alerts issuers to the computers or mobile devices that are applying for multiple credit accounts with different identity information, or masking its location while applying for credit, along with other highly-suspicious behavior.  The credit issuer simply sets up their own unique business rules and iovation runs those rules while the applicant is on the site, and returns back and Allow, Deny or Review response for the transaction along with the reasons why.

By identifying new account fraud in real time, credit issuers can save millions of dollars per year from fraud losses.  In one case, a Fortune 100 credit issuer using iovation identified 43,000 fraudulent credit applications saving them $8 million dollars from fraud loss over two years.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Beware of Robo-Call Scams

While out for an evening with friends talking about everything under the sun, including security, which I’m obsessed with – and people often quiz me anyways, my mobile rang from an “unknown” number. The caller, a computer, stated “Hello, this is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.” Eastern Bank is local to me.

This is hilarious because I don’t have an Eastern Bank account and I’m in the middle of a conversation with someone about identity theft. So I immediately put my phone on speaker and played the message for everyone who proceeds to look at me and then ask “whats wrong with your Mastercard?” While I’m laughing at the call, they are concerned about my card, not initially realizing this is a scam. No longer funny, this saddens me because these are intelligent people who could easily get bit by this crime.

So I had to explain that this is a “Robo-call scam” where scammers simply use free technology to call thousands of random people by telling a computer to call 555-1212 then 555-1213 in sequential order. Eventually someone is going to press 1 and enter all their credit card information and end up being compromised

I did a little research and Eastern Bank posted this warning that anyone from any bank should heed:

Notice of Fraudulent Phone Calls
Eastern Bank has been made aware that customers, as well as non-customers, are receiving automated calls on their cell phones with the following message:

“This is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.”

The recording then instructs the individual to enter their debit card number. There may also be a variation of this phone call that references other banks or asks the customer to enter their debit card number in order to activate it.

Please hang up and do not press 1.

Please be advised that these calls are a scam and are not being made by Eastern Bank.  This is a phishing attempt by criminals to obtain your personal account information.  Never provide your debit card number or any other private information in response to an unsolicited phone call or email.

REMEMBER: Eastern Bank will NEVER ask you for any private information (such as account numbers, passwords, Social Security numbers) through an unsolicited email or phone call.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Hackers Target Small Business

Big companies and big government get big press when their data is breached. And when a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often left in the dark, regardless of the various state laws requiring notification.

One reason for this is that smaller businesses tend not to keep customer names and contact information on file, and credit card companies discourage them from recording credit card data.

This is serious cause for concern. The Wall Street Journal reports that the majority of breaches impact small businesses:

“With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.”

If 95% of breaches affect small companies, it’s anyone’s guess how many times my or your credit card numbers have been compromised. I’ve received four new cards in the past three years as a result of major companies being breached. But I use credit cards at more than a hundred different retailers in a year. And it isn’t only credit card numbers that are stolen, but also usernames and passwords, Social Security numbers, email addresses, and more.

Check your credit card statements online weekly and refute any unauthorized charges. As long as you dispute charges within 60 days, federal laws limit your liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

Change up your passwords at least once every six months. If a business is hacked, they may not know for years, and can’t possibly notify you until it’s much too late.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)