Posts

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

I feel like my head is going to explode.

The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.”

The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many pieces of identifying information, he “did not assume a false or fictitious identity or capacity,” and “did not hold himself out to be another person.” The court found the defendant’s use of a false Social Security number “irrelevant,” since the number was provided to fulfill “a lender requirement, not a legal requirement.”

Justice Nathan Coats dissented, writing, “The defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes” was “precisely the kind of conduct meant to be proscribed as criminal.”

This is yet another example of the lack of justice in the judicial system. The justices erred by failing to understand what identity theft really entails, especially when considering the distinction between a “lender requirement” and a “legal requirement.” Whether or not a Social Security number is legally required in order to obtain credit, it is still a legal identifier in many circumstances.

42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), a federal law enacted in 1996, determines when the numbers should be used. This law requires a Social Security number to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” It can also be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

“Synthetic identity theft” occurs whenever an identity is partially or entirely fabricated. This commonly involves the use of a real Social Security number in combination with a name and birth date that are not associated with the number. This type of fraud is more difficult to track because the evidence does not appear on the victim’s credit report or on the perpetrator’s credit report, but rather as a new credit file or subfile. Synthetic identity theft is a problem for creditors, who grant credit based on false records. It can also create complications for individual victims if their names become associated with synthetic identities, or if their credit scores are impacted by negative information in an erroneous subfile.

With this decision, the Colorado Supreme Court has fundamentally upset the balance of law, effectively opening a Pandora’s box of problems. This saga is far from over.

Since the law won’t protect you, at least in this scenario, consider investing in McAfee Identity Protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, plus access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims onThe Morning Show with Mike and Juliet. (Disclosures)

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Identity Theft – Common Consumer Errors

The major problem that consumers face today is a fundamental lack of understanding of what identity theft actually is. Most people think of identity theft as when someone uses your credit card without your permission. Fraudulent credit card use is certainly a multibillion dollar problem, but it’s only one small part of the identity theft threat. A comprehensive understanding of what identity theft and what it is not empowers citizens to make informed decisions about how they should protect themselves.

People who have been victimized by identity theft often have a difficult time functioning as a result of their circumstance. Some deal with minor administrative annoyances whiles others suffer financial devastation and legal nightmares.

No one is immune to identity theft:

A woman contacted me who was previously a very successful real estate agent and the president of her local real estate group. She had climbed the ranks from sales to broker/owner and oversaw dozens of employees. A former boyfriend stole her Social Security number and his new girlfriend used it to assume her identity. Over the course of five years the ex-boyfriend and his new girlfriend traveled the world on stolen credit and destroyed the real estate agent’s ability to buy and sell property. Her real estate license was suspended and her life was turned upside down.

Awareness is key:

Do you carry your Social Security number or a Social Security card in your wallet? Do you provide this number to anyone who asks for it? The most commonly dispensed advice in response to these questions is: don’t carry the card and don’t give out the number. But in reality, there are many times when you have to use your Social Security number. Because this number is our primary identifier, we have to put it at risk constantly. Refusing to disclose your Social Security number under any circumstances is like refusing to eat because the food might be bad for you. There are always risks. The key is managing those risks and making smarter decisions.

Do you know what ATM skimming is? Have you seen a skimmer? Have you been phished? Would you know what a fraudulent auction looks like? Do you put your name on a “stop delivery list” when you travel? Do you know how to update the critical security patches in your computer’s operating system? Do you know if the doctor’s office your child just went to has done background checks on all the employees who handled your and your child’s Social Security number? Most people struggle to answer questions like these.

We live in a technologically dependant time and we rely on all these tools and modes of communication, and most people do not understand the risks. The good news is, I do. And McAfee does. And what we do is keep you informed of your options, so that you know how to protect yourself and your family.

The most important thing you can do right now is not worry about this stuff. But you do need to take some time to educate yourself.

Download McAfee’s eGuide,“What You Need to Know to Avoid Identity Theft.”

Take five minutes to assess your risk of identity theft. Fill out the Identity Theft Risk Assessment Tool to get your “risk profile.”

Keeping Kids Safe Online

It is no surprise that cybercriminals are taking advantage of the Internet and the people who use it. The Internet is like a bad neighborhood with bad guys around every corner. Any parent with an ounce of sensibility should recognize that when your child is on the wild wild web, they are at the same risk as they would be walking through the red light district in any big city.

I’m not saying this because I want to instill fear and panic, I’m bringing this up because sex offenders, pedophiles, criminal hackers and identity thieves treat the online world as if it was the physical world and use the anonymity of the web and the easiness of approach to seduce your children into doing things they wouldn’t normally do.

The Secret Online Lives of Teens, a survey conducted by McAfee, reveals that tweens and teens are relatively clueless about online privacy. The study sheds light on this generation’s tendency to use the Internet in ways that translate to danger in the real world.

There always has, is, and will be a predatory element out there. Generally, most people don’t want to think about that or even admit that it’s true. Instead of acknowledging the risks, most people completely discount this reality, telling themselves, “It can’t happen to me or my kids.”

The good news is you can do something about it. As soon as a family member becomes active online, it’s time to educate them—no matter what age they are—about cyber safety.

  • Set up the computer in a high-traffic family area and limit the number of hours your children spend on it.
  • Be sure you have computer security software with parental controls.
  • Decide exactly what is okay and what is not okay with regard to the kinds of web sites that are appropriate to visit
  • Use only appropriate monitored chat rooms
  • Never log in with user names that reveal true identity or that are provocative
  • Never reveal your passwords
  • Never reveal phone numbers or addresses
  • Never post information that reveals your identity
  • Never post inappropriate photos or ones that may reveal your identity (for example: city or school names on shirts)
  • Never share any information with strangers met online
  • Never meet face-to-face with strangers met online
  • Never open attachments from strangers

Once you have established the rules, make a poster listing them, and put it next to the computer.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security and Identity Theft on TBS Movie and a Makeover. Disclosures.

Renting and Securing an Apartment

The time has come to leave the nest. The little birdie has to spread its wings and fly on their own whether they like it or not.  The process is often overwhelming and difficult and the results can end up being great or awful. But knowing what you’re getting yourself into ahead of time can save you all kinds of headaches down the road.

Check the crime climate of the city/town/neighborhood you are considering moving to.  Often we make moving decisions based on convenience and price.  However consider spending a little more (or even less) if another location is safer but less convenient.

Protect your identity. Landlords almost always ask for a Social Security Number in order to check an applicant’s credit prior to considering them for a move. It is generally not an option to say NO. However by investing in a credit freeze or credit monitoring you can reduce your risks that the Social Security Number will be used for identity theft.

Check out potential roommates. I did the roommate thing throughout my entire 20’s. I had the best and the worst roommates of all times. Some, I am friends with today and others, I wish I never met. There are numerous considerations to be made. The most important consideration is your personal security. Do a background check before signing a lease with a potential roommate.  Determine if they have any type of a criminal history. A background check may also determine if they have even been bankrupt.

Ask the landlord about options for installing an apartment security alarm for maximum safety. Apartment security systems today are easy to install for a do-it-yourselfer or certified alarm dealer. Often they require minimal wiring which means the landlord should have a problem with it. Wireless home alarms are even easier and only require batteries and two sided tape. If the landlord opposes an apartment security system, then the apartment is the right fit for you.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston.

How Secure is your Mobile Phone?

I love my iPhone. The fact that I have a full web browser and can access all my data anytime from anywhere is fantastic. Plus my iPhone allows me to peek in on my home security system with an application that’s connected to my home security cameras. If I’m on the road I can log in and see the family doing whatever activities in our outside the home.

If you don’t have a phone that you can integrate with your home security system I strongly recommend considering an iPhone. Besides being the coolest thing to be able to show someone live video of your home base, it is incredible peace mind to check in.

And consider if that phone fell into the wrong hands what could come of it? In my case not much due to the fact I’m pretty well locked down.

If you have one of the popular brands below pay attention:

BlackBerry:

The Blackberry is easily the most popular Smartphone on the market and, according to cellphones.org, the most ‘natively’ secure. Just by having a Blackberry, you are one step ahead but that doesn’t mean you don’t still have to enable your security settings.

Enable your password. Under General Settings set your password to ‘on’ and select a secure password. You may also want to limit the number of password attempts. Test to make sure that your password works by locking your phone to confirm.

Encrypt your data. Under Content Protection settings, enable encryption. Then, under ‘Strength’ select either ‘stronger’ or ‘strongest’. Though ‘strongest’ is the most secure, ‘stronger’ has faster encryption/decryption. Under the Content Protection settings you will also have the option to encrypt your address book.

When visiting password protected internet sites do not save your passwords to the browser. Anyone who finds your phone and manages to unlock it will then have access to all of your account data and your identity will be stolen. It may be annoying to have to enter your password every time but the extra 30 seconds is certainly worth avoiding identity theft.

iPhone:

The iPhone, which has captured over 25% of the Smartphone market, the second highest share in the industry, has notoriously poor encryption capabilities. As such, enabling the included security features and adding apps that allow you to secure your information is key to being a ‘safe’ iPhone owner.

Enable the Pass code Lock and Auto-Lock. Go into your phones General Settings and set the 4-digit phone pass code to something that you will remember but is not ‘significant’ to you. That means no birth dates, no anniversary dates, no children’s ages. Then, go back into General Settings and set the Auto-Lock. Although you can choose from 1 min to 5min, the quicker your phone locks the safer it is from those who might be tempted to tamper with it while you aren’t looking.

Turn your Bluetooth off unless you are using it. Bluetooth allows you to easily connect to a hands-free head set or to send files from your phone to a computer. However, this also works the other way. A tech savvy hacker with a laptop can easily hack your phone from the Bluetooth connection if it’s on.

Download Simple Vault 1.2. Simple vault adds a second layer of protection to your iPhone by allowing you to password protect each of your apps. It also allows you to store your sensitive information right on your phone, unlike other security apps which send it to you over the internet when you access it

General:

Whenever possible, wait till you get to your computer on a secured network before accessing sensitive information. When responding to important work emails or checking your bank account balance it really is best to wait until you can access this information from a secure network. Anti-virus and anti-malware software as well encryption capabilities for computers are miles ahead than what is currently available for phones. So ask yourself before you enter your credit card number to that online store: Is it worth identity theft for me to do this now or can it wait till I get back to the office/home?

Robert Siciliano personal security expert to Home Security Source discussing Mobile Phone Spying on Good Morning America

Google Street View Security Issues

You may not realize it but a picture of your own home is very likely available on the Internet thanks to the popular Google Street View map program.

I’m a big fan of Google. They’ve done a great job or organizing the world’s information. All their tools and apps like Gmail, calendar and docs are fully functional and mobile. They seemed to have taken the fight out of technology with these tools.

Then, there is Google Street View. Zoom, rotate and pan through street level photos of cities around the world. I remember the day Google Street View came down my street. I live on a private dead end and they came right down my driveway. They got stuck trying to turn around and we had to move a car for them.

Then, a few months later there it was on Google Street View. It’s an ambitious attempt at mapping the world just like you were there yourself.

So how does this affect you? For one thing, it allows anyone anywhere to gain intelligence about your street, fences, gates, driveway and information about your home and in general scope out your neighborhood. Certainly someone can simply just driveby and use a video camera or take pictures and Google Street View makes it even easier.

But what if Google captured much more than a picture?

Now Google admits they messed up a little. An ambitious Google Street View engineer plugged some code in their data collection process that they planned on using to collect data on “Public Wi-Fi Hotspots”.

The code pulled more the just hotspots. There could have been enough data pulled to steal someone’s identity.

Protect yourself by making sure your wireless router is protected with a password.

When you have an unsecured wireless connection, it’s just like leaving the front door to your home open and inviting the world to come inside to take a peek.

Google says its Street View cars will stay in park until the problem is fixed.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston

Security Breach Threatens Soldiers’ & Civilians’ Personal Information

Robert Siciliano Identity Theft Expert

Burglars tend to go after high ticket items that can be immediately turned into cash. They may include electronics such as TVs, computers, game consoles or various kinds of stereo equipment. Jewelry has always been the favorite of the thief, and they know most women keep their jewelry box on their dresser or in the top or bottom drawer.

What many are beginning to realize is that the information on the computers or laptops that are stolen is worth much more than the hardware itself. The money today is in the data that is stolen that can be used to commit identity theft.

In the past few years, numerous data breaches have occurred simply because a laptop or PC was stolen from someone’s home. A Veterans Administration employees home was broken into and his work PC was stolen which had almost 26.5 million Social Security numbers of veterans and their families. That’s almost 10% of the US population on one computer! That PC cost the VA maybe $1000.00 to purchase, but the data loss cost hundreds of thousands of dollars to mitigate.


“CNN reports The personal records of thousands of soldiers, employees and their families were potentially exposed after a laptop computer containing the information was stolen over the Thanksgiving holiday weekend, the military says.

The security breach happened where the rental apartment of an employee was. The computer contained “names and personally identifiable information for slightly more than 42,000 records including names, Social Security number, home address, date of birth, encrypted credit card information, personal e-mail address, personal telephone numbers, and family member information.”


A theft of this kind in your own home, whether it is your company’s computer or your own can have a devastating effect. The key is to prevent it from happening in the first place.

1. Always lock your doors and windows no matter what time of the year it is.

2. Make sure all exterior ladders are locked up to prevent someone from accessing an upper level window.

3. Install a home security system that calls you and the local police when tripped.

4. Make sure your computers are locked down too.  For desktops, it is a good idea to cable them to a desk or wall. For laptops they should be put in a safe.

5. Install encryption software on all PCs that makes the data unreadable and useless to the thief.


Robert Siciliano personal security expert to Home Security Source discussing stolen laptops on the Today Show. Disclosure