Posts

How Is All This Hacking Affecting My Identity?

Without question, 2011 is the year for hackers of all kinds to get their 15 minutes of fame. But it feels like it’s lasting a lot longer than 15 minutes. With so many different breeds of hackers, each with their own agenda and an endless supply of potential targets, the media has certainly been more than willing to give them all the attention they could possibly want.

Major publications, including The Wall Street Journal, The New York Times, and Forbes, seem to have journalists working fulltime to cover the hacker chronicles. Significant players and events like Wikileaks, HB Gary, Anonymous, Lulz, IMF, Sony, RSA, Epsilon, the News of The World voicemail hacking scandal in Britain, and so many others have helped bring data security and identity theft issues to the forefront of the public’s attention. Much of the coverage has been sensationalist, but the reality is that we are indeed hemorrhaging information all over the place.

Initially, hackers went after sensitive personal data like Social Security numbers. Then they moved on to credit card numbers and bank account numbers, and then usernames and passwords. Military records have been breached, corporate emails have been exposed, and there have been targeted attacks on government records. At one point last year, the total number of records breached hovered around half a billion. But if we were to broaden the definition of what counts as a breached record, I’d guess that number would have to quadruple, at least.

No matter how you slice it, your information is at risk, whether it’s on your own PC or some other computer or database somewhere. It isn’t a matter of if but when you’ll receive a letter from some company saying they were breached and you are at risk.

In security, as in sports, is the best defense is a good offense. The worst thing you can do now is nothing.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (See Guarantee for details.) For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss the Epsilon breach on Fox News. (Disclosures)

Insider Identity Theft Still a Problem

More than ten years ago, when I began speaking to organizations about personal security and identity theft, headlines often read “Utility Worker Steals Identities” or “Human Resource Officers Steal Identities” and even “Police Officer Steals Identities.” Back then the primary concern was insider identity theft, perpetrated by those who had direct access to victims’ data.

Ecommerce grew up, and more people started banking and shopping online. Black Friday turned into Cyber Monday, and companies like eBay and Amazon have made it easier than ever to find and inexpensively ship anything you might need. This has created many new opportunities for criminal hackers, and the result has been lots and lots of data breaches.

Headlines have shifted to “Bank Loses 1.2 Million Records to Hackers” or “Hackers Steal Over 100 Million Credit Card Numbers.” The stereotypical bad guy has become a mysterious criminal hacker, slipping into our PCs or our banks in the dead of night.

But just last month, a nurse was accused of stealing Social Security numbers and other sensitive information from patient files at several hospitals in Denver, Colorado. Prosecutors say the defendant opened credit cards in patients’ names and made purchases.

My point is that even today, the Human Resources director at some company may have a new boyfriend who happens to have a drug problem, and who needs her to steal your identity so that he can get a fix. The fundamental issue of identity theft hasn’t changed, and the people doing it are the same. Frequently, they are those on the inside, with direct access to your data.

It is important to observe basic security precautions to protect your identity. But when you provide information to businesses, its safety is beyond your control.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features as well as live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Bill Would Remove Social Security Numbers From Medicare Cards

The most basic advice for protecting your own identity is to protect your Social Security number. The obvious solution is simply never to disclose your number, but this is silly, since, depending on your age, you have probably provided it to hundreds of people, on hundreds of forms. It now sits in hundreds of databases, accessible to thousands, and possibly even available for sale.

40 million Medicare subscribers currently have their Social Security numbers printed on their Medicare cards. This means that their identities are at risk every time they hand over their cards, and in the event that any of their wallets are ever stolen.

The proposed “Social Security Number Protection Act” would resolve this issue by prohibiting Social Security numbers from appearing on Medicare cards or on any communications to Medicare beneficiaries, as well as requiring the Department of Health and Human Services to eliminate the unnecessary collection of Social Security numbers.

Social security numbers should certainly be removed from Medicare cards and any other cards, for that matter. But while this bill is a step in the right direction, it cannot protect any of those 40 million subscribers from future fraud.

Only identity theft protection, in combination with a credit freeze, will begin to protect citizens from the new account fraud associated with stolen Social Security numbers.

With more than 11 million victims last year alone, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Researchers Say Identity Theft Has Lasting Psychological Effects

Identity theft victims don’t need Jessica Van Vliet, an assistant professor in counseling psychology at the University of Alberta, to tell them that they no longer feel safe when conducting everyday financial transactions, which most of us take for granted. But she did a study highlighting a fact that many of us in the industry have already known: identity theft makes a mess out of your life.

MedicalExpress.com reports, “Van Vliet recently conducted an exploratory study on the experiences of individuals who were victims of identity theft. Participants who recounted their experience during in-depth research interviews expressed a pervasive sense of vulnerability each time they use a credit card or a bank machine. Some participants also felt like they were being treated as criminals when they attempted to clear their names.”

Most of the identity theft victims felt they had been taking appropriate precautions to safeguard their personal information, and had no idea how their data fell into the wrong hands. The lack of specifics makes it difficult for victims to attain any closure and move forward. “No matter how well they monitor their financial records for the rest of their lives, they may still feel vulnerable,” Van Vliet says.

I’ve lost count of how many frantic emails and phone calls I’ve received from identity theft victims. These are people who have done all the right things to maintain a respectable position in society, only to be brought down by a vicious identity thief.

Over and over again I have stressed the importance of being proactive. You don’t want this happening to you. McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Cybercriminals Target Senior Citizens

Cyber scams happen to the young and the old, the rich and the poor. It doesn’t matter how good or bad your credit is, or whether or not you have a credit card. Cybercriminals target everyone, regardless of how much or how little you rely on a computer.

The lowest of the lowlifes, however, tend to prey upon the weak and uninformed. And all too often, that means children or elderly.

Senior citizens are in a unique position because they often have money in the bank, plus access to additional lines of credit. They are less likely to be frequent Internet users, relative to younger generations, and are therefore less likely to be aware of the many scams that may be targeting them.

Many common scams take place using the telephone rather than the Internet, such as “grandparent scams,” in which victims receive calls from their supposed grandchildren, requesting money.

Online, beware of social media and dating scams. Not everyone who contacts you online is your friend, so be cautious before sharing personal information. Never, under any circumstances, should you send money on the basis an online relationship.

You’re most likely heard the term “phishing,” and have certainly received a fake email at some point. But scammers are getting better at creating targeted, personalized emails that include your name, email address, and even stolen account numbers. Never click any links within an email. Instead, go to your favorites menu or manually type the address into the address bar. If you suspect that an email might not be legitimate, hit delete.

Scammers are constantly searching for the information they need to take over your existing accounts, either by hacking into your own personal computer or by stealing data from your bank, credit card company, a government agency, or any other institution that keeps personal data on file. To prevent account takeover, keep your antivirus software updated, and pay close attention to all your bank statements. Refute any unauthorized transactions right away.

Bad guys love your Social Security number, because they can use it to open new credit accounts in your name. You’ve probably disclosed your Social Security number hundreds of times in your life, and can’t avoid disclosing it in the future. But you can protect yourself with identity theft protection and a credit freeze.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

 

What Identity Theft Protection Is and Is Not

To all you security companies out there, listen up: “identity theft protection” has become an overused and abused marketing term, which is often used to sell a product or service that doesn’t actually protect users from identity theft. It’s like labeling food “natural” when we know it’s not “organic.” It’s incorrect at best and a lie at worst.

Every security company on the planet claims to protect identities. But a firewall is not identity theft protection. An encrypted thumb drive is not identity theft protection. Antivirus software is not identity theft protection. One could argue that phishing alerts count as identity theft protection, but not really. Do these tools protect your identity? Sort of.

A true identity theft protection service monitors your identity by checking your credit reports and scanning the Internet for your personal information. It looks out for your Social Security number, and if something goes wrong, an identity theft protection service has people who’ll work with you to resolve the problem.

I get an email every month confirming my identity’s health. This is what identity theft protection looks like:

“Dear Robert Siciliano,

No news is good news! Your credit reports from all three bureaus, Experian®, Equifax®, and TransUnion®, have been monitored daily for the past month. We’re pleased to let you know that there is no new activity reported. As a McAfee Identity Protection user, we’ll continue to monitor your credit report every day for your protection.

Remember, McAfee Identity Protection helps protect you from the financial loss and hassle associated with identity theft. Log in to your Protection Center and review your protection status any time. Just click here and enter the Username and Password you selected when you enrolled.

As always, you can get help from a dedicated Fraud Resolution agent if any suspicious activity should appear on any of your credit reports.

If you have any questions about McAfee Identity Protection, please call Customer Support at 1-866-622-3911.

Sincerely,

McAfee, Inc.”

That’s what identity theft protection is. Don’t get me started!

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Medical Temp Arrested For Identity Theft

You’ve probably heard the phrase “a fox watching the henhouse.” Today, that applies to people on the inside of organizations who work in trusted positions, and who use those positions to steal client or employee information for their own personal gain.

As much as 70% of all identity theft is committed by individuals with inside access to organizations such as corporations, banks, or government agencies, or by someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it’s just too easy not to.

In a doctor’s office in Stamford, Connecticut, police arrested a 42-year-old New York woman for using patients’ credit card numbers, which she accessed while working as a temporary hire. When patients paid by credit card, the temp would copy down the numbers and later make fraudulent charges.

An identity thief begins by acquiring a target’s personal identifying information, such as name, credit card number, Social Security number, birth date, home address, account information, etc. If the thief has access to a database, this information is typically there for the taking.

Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim’s current address as “previous” and plugs in a new address, usually a P.O. box or the thief’s own address, where the new credit card or statement will be sent.

Protect yourself:

Currently, there is no way to prevent credit card fraud, or “account takeover.” Instead, check your statements diligently and refute unauthorized charges within 60 days, or two billing cycles. In most cases, your credit card company will quickly resolve the issue.

Protecting yourself from new account fraud begins with closely monitoring your credit files at each of the three major credit bureaus. However, you need to monitor your credit daily, which is nearly impossible on your own, and far from cost-effective. That’s where identity theft protection comes in.

To protect yourself from scams, consider subscribing to an identity theft protection service, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

llegal Alien Steals Identity, Becomes Cop

In a story that could have come right out of a movie, a widely respected police officer turned out to be a Mexican national who stole an American identity and moved to Alaska to become a cop. I’ll bet Sarah Palin didn’t see this one coming.

Fox News reports that the identity thief had been employed as an Anchorage police officer using his assumed name since 2005. Police and federal prosecutors said he didn’t have a criminal record. He does now!

“Federal agents processing a renewal request for his passport discovered the alleged fraud. He was arrested Thursday after authorities searched his home and found documents confirming his true identity, officials said. The passport fraud case is similar to one involving a Mexican national who took the identity of a dead cousin who was a U.S. citizen in order to become a Milwaukee police officer in 2007.”

Crimes like this are possible because citizens have yet to be identified effectively and reliably. We are identified solely by paper documents and photographs, and our Social Security numbers are our primary identifying account numbers.

All an identity thief needs is your Social Security number, which they can use to apply for additional documentation and, eventually, a passport or driver’s license in your name. Once they begin this process they will also apply for credit under your name and, in most cases, ruin your credit history.

You will not know someone has obtained a passport or driver’s license under your name until there is a problem, unless perhaps a red flag pops up when renewing your identification. But by then, whoever has obtained identification in your name will probably have run up unpaid credit card bills in your name, too. That’s where identity theft protection comes in.

McAfee, the most trusted name in digital security, includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss illegal immigrant identity theft on Fox news. (Disclosures)

Teacher Bit by Social Media Identity Theft on Twitter

Here’s an identity theft story you’ll love to hate.

In Panama City Florida a local and respected teachers’ identity was used to create a fake Twitter profile which spouted off derogatory comments about autistic students. The teacher works with special needs students and had no idea this was going on until she was informed by officials questioning her and the profile.

The Twitter profile included the teachers name, photo, and town along with the derogatory comments. People all over the world started contacting locals officials demanding her ouster after they saw what “she” was writing.

When this came to the attention of the school they immediately brought her in for questioning to determine if she was the author. Their initial questioning led them to believe she was not the author; however they made her bring in her laptop and examined her hard drive for further investigation.

As I’ve said before, identity theft is the only crime I can think of where you are guilty until proven innocent.  Once something like this happens it can quickly and easily damage your reputation.

Online Security Tips:

Right now grab your name on all the popular social media sites. Sign up for every one of them even if you don’t intend on using them. If your name is gone use a hyphen or a dash. For free search over 500 popular social networks and over 200 domain names to instantly secure your brand across the social web at Knowem.com.

Set up Google Alerts to determine of your name is being used online. You want to instantly know if someone is using your name for any reason.

The worst thing you can do is nothing. Sitting back and just letting someone use your name can damage your brand, YOU.

Robert Siciliano personal and home security specialist to Home Security Source discussing social media identity theft on Fox Boston. Disclosures.

McAfee’s Most Unwanted Identity Theft Criminals

McAfee has created a tongue-in-cheek list of the most unwanted identity thieves, describing the various techniques thieves use to steal your information. It’s clever and, unfortunately, very real.

Pauly the Pickpocket & Sally Sticky Fingers work as a team to lift wallets and mobile devices from pockets and purses, often in broad daylight. Sally creates a distraction by dropping a shopping bag, crying for help, or stopping suddenly in your path, and then Pauly bumps into you from behind and picks your pocket.

To avoid having your pocket picked, keep your wallet in your front pocket, or keep your purse closed and hold it in front of you. Thin out your wallet and skip the backpack. Lock your cell phone with a password. And consider investing in McAfee’s Lost Wallet Protection service.

Trojan Sea Biscuit is a two-faced liar who sneaks malicious files into emails and hides viruses in PDFs and other downloadable files. He’s the champion ringleader in the ultimate identity theft derby of phishers, hackers, botmasters, and keyloggers.

To avoid a Trojan infiltration, use comprehensive security software, and be sure it’s set to update automatically. If a popup window prompts you to update software, hit escape or shut down the program. Go directly to the manufacturer’s website for the update.

Tim “The Skim” McCash is known for installing skimming devices and tiny cameras that can read your card data and PIN code. He targets ATMs at banks, concerts, arenas, convenience stores, and gas stations with the goal of draining your account of cash or credit before you or your bank recognizes the fraud.

To avoid having your credit or debit card data skimmed, use the same, familiar ATM whenever possible, and beware of ATMs with devices covering the card slot. Look for external devices like mirrors, brochure holders, or light bars that may hide a camera. Always cover the keypad with your other hand as you enter your PIN. And check your bank and credit card statements online at least once a week.

McAfee, the most trusted name in digital security includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)