Posts

School Officials Warn of Identity Theft

In a small Maine town, local school officials buck state requirements and tell parents not to give out their child’s Social Security number.

The Bangor Daily reports “School departments across the state are required by a new state law to collect students’ Social Security numbers for all enrolled this fall. Parents, however, should know that they can decline”. Local school officials, worried about the possibility of identity theft, are encouraging parents not to provide their children’s Social Security numbers to the state so the students can be tracked as they leave school and get jobs.

“We’re required to ask but we’re encouraging parents not to tell,” Superintendent Daniel Lee said on Monday.

The SSNs are supposed to be used for a 12 year study that will track each students and their progress throughout school. This is a perfect example of “functionality creep” of the SSN.  Functionality creep occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform.  An alternative to relying on SSN to track the students, another identifier could be assigned.

It is precisely this type of expanding use of an individual’s SSN that puts their personal identity at risk. Each child who coughs up their SSN has to worry whether or not someone who has authorized or even unauthorized access to the data base may use that child’s primary identifier to open new credit.

McAfee Identity Protection includes proactive identity surveillance to monitor a child’s identity and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing child identity theft on NBC Boston (Disclosures)

Britain Scrapping National Identification Card

The Telegraph reports that UK National Identity Cards containing biometric details, including fingerprints, “were championed by the previous Labour government as a way of preventing terrorism and identity theft.” But the new administration immediately scrapped the initiative, introducing the Identity Documents Bill to Parliament in May, which provided for the cancellation of the UK National Identity Card and the Identification Card for EEA nationals, as well as the destruction of the National Identity Register. As a result, the National Identity Register and all personal information supplied with identity card applications will be destroyed by February 2011.

My opinion is this is short sighted of the UK. Bahrain, Belgium, Finland, Italy, the Netherlands, Germany, Oman, Portugal, Qatar, Saudi Arabia, Spain, Sweden and the UAE are some of the countries that have planned or already started to deploy electronic national ID (e-ID) cards. These cards are more secure because they can contain smart card chips. Some countries are implementing e-IDs that also include biometrics, and the ability to digitally sign documents.

Citizens can use their e-IDs for standard uses, like getting a driver’s license or a passport, or benefits from the government. But the cards also allow citizens to access more secure e-Government applications. Some examples including secure electronic filing of taxes, e-Banking, and even e-Voting.

More information on smart cards can be found at http://www.smartcardalliance.org, and at http://www.eurosmart.com/.

According to Information Week, “Surveys of British nationals revealed they wouldn’t mind carrying such an ID, provided they didn’t have to pay for it. Suggested in the wake of Sept. 11, a draft bill to introduce the cards appeared in 2004, before they became law in 2006. At various points, the government promised the ID cards, containing biometric data, would help prevent everything from terrorism and identify fraud to illegal immigration and crime.”

In the US, the government has attempted to standardize the identification process once and for all with the REAL ID Act, which will likely be squashed  under Homeland Security Secretary Janet Napolitano, who has proposed a repeal of the act. This is due to the amount of resistance RealID is facing from state governments and privacy advocates who don’t understand that the value of effective identity documentation of the degree of security that goes into an ID technology.

We have as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates, and 49 versions of the Social Security card. We use for-profit third party information brokers and the  vital statistics agency that works to manage each state’s data. A good scanner and inkjet printer can compromise any of these documents. This is not established identity. This is an antiquated treatment of ID delivery systems. Identity has yet to be established. We need a better plan.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses Social Security Numbers as National IDs on Fox News. Disclosures

Military Members Face Identity Theft Threat

Service men and women face an elevated level of identity theft due to the ubiquitous use of the Social Security number (SSN) both here and abroad.

Military personnel use their SSNs for a variety of reasons every day from everything including on various forms, IDs, access to facilities, and in Iraq they have it painted on their laundry bags.

A report published in the New York Times says “Service members and their families are burdened with a work environment that shows little regard for their personal information,” the report says, adding that the service members, “their units, military preparedness and combat effectiveness all will pay a price for decades to come.”

For the past 70 years, the Social Security number has become our de facto national ID. The numbers were first issued in the 1930s to track income for Social Security benefits. But functionality creep, which occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform, soon took effect.

Here we are, decades later, and the Social Security number has become the key to the kingdom. You’re forced to disclose your Social Security number regularly, and it appears in hundreds or even thousands of files, records, and databases, accessible to an untold number of people.

“Children of military personnel as young as 10 carry ID cards with Social Security numbers, as do their parents.”

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing Social Security Numbers as National IDs on Fox News. (Disclosures)

11.7 Million Identity Theft Victims Occur Per Year: Are You Next?

According to Bureau of Justice Statistics, 5% of U.S. residents over the age of 16 fell victim to identity theft within a two-year period. More than half of those affected were victims of credit card fraud.

Identity theft was defined in the survey as the attempted or successful misuse of an existing account, such as a debit or credit account, misuse of personal information to open a new account, or misuse of personal information for other fraudulent purposes, such as obtaining government benefits.

Nationwide 1 out of 4 of those victims faced out of pocket loses of an average $1,870.00. Total losses exceeded $17 billion dollars.

More and more banks and credit card companies are getting better at detecting and preventing fraud in addition to offering zero liability policies. However there is still a significant dollar loss as the public is still being victimized at a staggering rate.

People are victimized in a number of ways including run of the mill scams, advanced fee scams, dumpster diving, mail theft, email phishing and criminal computer hacking.

The study further showed ages 65 and older were least likely to be victimized while those under 35 are much bigger targets. Those with incomes of $75,000.00 are more likely targets.

  1. Invest in a locking mailbox
  2. Shred everything disposable that has personal information
  3. Protect your PC with updated anti-virus and critical operating system security patches
  4. Beware of scams and ruses trying to separate you from your money
  5. Pay close attention to bank and credit card statements and refute unauthorized charges within 60 days.
  6. To ensure peace of mind —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. Backed by $1 million Guarantee, if your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. Please see Guarantee for details.

For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures).

Montana Town Sees Significant Rise in Identity Theft

Montana is “Big Sky Country.”  With guns, beer, fishing rods, and meat are sold at gas stations, some argue that it should be called the “Don’t Mess With Me” state.  Butte, MT had Evel Knievel, and he was one tough cookie.

And Butte, like many cities and towns across the country, is facing an identity theft epidemic. The Butte police recently received a staggering 135 identity theft reports in one week!

The Montana Standard reports, “Sheriff John Walsh said the Secret Service suspects the identity thefts may have occurred earlier this year and that the charges are just starting to be made. The unauthorized purchases are common this time of year because it’s the holiday season and clerks are often too busy to check for proper identification, authorities said.”

Walsh has been a victim of credit card fraud himself, with his debit card being used to run up about $900 in fraudulent charges at grocery stores, restaurants, and other businesses.

This type of fraud generally occurs when a bank or retailer’s server is breached. Customer accounts stored on the server are then taken over and used for unauthorized transactions. Your information could be compromised today, but the identity thief might wait months before using it to make the first fraudulent charge.

It’s very important to pay attention to your statements and refute any unauthorized charges immediately. Legally, you are only protected for up to 60 days after an unauthorized charge on your credit card, and an even shorter length of time for unauthorized debit card transactions. Reconcile your online statements weekly, and shred paper statements before discarding.

McAfee Identity Protection includes proactive identity surveillance, which monitors for subscribers’ credit and personal information in online black market forums. Subscribers have access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Lost and Stolen Wallets Lead To Identity Theft

A friend called me in a panic because she had lost her wallet, which contained her driver’s license, credit cards, debit card, store cards, and her Social Security card. (You should never carry your Social Security card or Social Security number in your purse or wallet.)

Anyway, she was freaked out and wanted to know what to do. There are certain things you can do now, before your wallet is lost or stolen, to mitigate future damage, and other things that should be done once a wallet is missing.

While you still have your wallet, thin it out as much as possible. If you have multiple credit cards, store cards, Social Security cards, insurance cards, and more, then, “Houston, we have a problem.” All these ancillary cards serve no purpose other than putting you at risk for new account fraud or account takeover.

Remove unnecessary cards and put them in a safe, or cut them up and cancel the accounts. I have a MasterCard and an American Express, and if everyone took American Express I’d only have one card. I also carry a Costco card, driver’s license, and a debit card to make deposits and get cash. That’s it.

Beyond that, no other card is needed, including insurance cards. Insurance cards only need to be carried the day of an appointment. They are not necessary in emergency situations.

Photocopy all the cards in your wallet (front and back) and keep them in a safe.

When your wallet is lost or stolen, pull out the photocopies of your cards. Call the credit card issuer to report the loss and request new cards.

Easy enough. However, there is one thing I’d recommend you do prior to losing your wallet — invest in an identity theft protection service.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (For details, see McAfee’s guarantee.) For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Typosquatting Scams in Social Media

Typosquatting, or URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter or criminal hacker.

In a new twist, some typosquatters have begun using these domains to advertise deceptive promotions, offering gift cards or iPads to lure visitors.

“Twiter.com,” for example, redirects all the would-be Twitter users who missed one “t” to http://twitter.com-survey2010.virtuousads.com/survey.html. Notice that this copycat page’s URL begins with “http://twitter.com,” but clearly is not part of Twitter. Mistyping “youube.com” or “acebook.com” will send you to similar pages, which are designed to resemble YouTube and Facebook.

This scam benefits affiliate marketers who get paid when users click links and fill out forms. The shadiness of these sites, and the misleading techniques of their operators, indicates that any information you provide will most likely be misused, leading to annoyance and possibly fraud.

Typos are a common occurrence with no solution. But users who do find themselves on one of these alternate pages need to check the address bar and use common sense. Familiar colors, fonts, and logos may imply that you’re at the right website, but pay closer attention to be sure you’re not heading down a rabbit hole of spam and scams.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Please educate and protect yourself by visiting www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

Online Shoppers Concerned About Identity Theft

Shopping online is unquestionably more convenient and efficient than traditional commerce. But is it safer?

We face risk everywhere we go. We risk car accidents on the way to the mall. Muggers and thieves present a risk. Heck, you risk catching a cold from a sniffling salesclerk!

Similarly, shopping online creates another set of pitfalls, most of which involve financial loss, credit card fraud, or certain forms of identity theft.

According to a recent study conducted by the National Cyber Security Alliance, of almost 3500 United States adults surveyed, 64% have not made an online purchase from a specific website because of cybersecurity concerns. 60% said this was because they were unsure whether the specific website was secure. 51.4% worried about providing the requested information, and 48.4% felt a website requested more information than was necessary for the transaction.

When shopping online, you risk unintentionally visiting an infected website, which could infect your PC with keylogging spyware, which would be used to steal your stored data. Or, you might provide your credit card information to a legitimate online merchant that then falls victim to a data breach. Another risk is that you might order a particular product but receive something of lesser quality, or a different item entirely, and you may then have to contend with poor customer service.

Based on the potential risks, I don’t worry about shopping online. In most cases, you can protect yourself from keyloggers and malicious websites by running the newest version of your browser, keeping your antivirus software updated, and installing critical updates to your operating system.

To defend against credit card fraud, pay close attention your statements and refute any unauthorized transactions within 60 days.

The only way to avoid getting scammed by shady sites is do business only with trusted web merchants. It’s also a good idea to do an online search for the website or company’s name prior to making a purchase, since in many cases, review or opinion websites will provide background on a business’s reputation.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Cyber Monday on Fox.(Disclosures)

Botnets Lead to Identity Theft

When a virus recruits an infected PC into a botnet, a criminal hacker is able to remotely access all the data on that computer.

Robot networks, or botnets, have a varied history. A bot, which doesn’t necessarily have to be malicious or harmful, is essentially a program designed to connect to a server and execute a command or series of commands.

As reported by a McAfee study, networks of bots, otherwise known as drones or zombies, are often used to commit cybercrime. This can include “stealing trade secrets, inserting malware into source code files, disrupting access or service, compromising data integrity, and stealing employee identity information. The results to a business can be disastrous and lead to the loss of revenue, regulatory compliance, customer confidence, reputation, and even of the business itself. For government organizations, the concerns are even more far reaching.”

In the second quarter of 2010, more than two million PCs were recruited into botnets in the United States alone. That’s more than five out of every 1,000 personal computers. The rise and proliferation of botnets will continue to put identities at risk.

Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5 or 6, or older versions of Firefox offer the path of least resistance.

To protect yourself, update your operating system to Windows 7 or XP SP3. Make sure your antivirus software is set to update automatically. Keep your critical security patches up to date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.

In order to protect your identity, it is important to observe basic security precautions. When you conduct transactions with corporations and other entities, however, the safety of your information is often beyond your control.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visitwww.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft. (Disclosures)