Identity Theft Archives - Page 8 of 19

Family Identity Theft is Ugly

August 29, 2014/in Identity Theft /by Robert Siciliano

Identity theft isn’t just the stuff of exciting movie and TV dramas; this happens in real life—and often. In fact, that Target breach that made headlines, Neiman Marcus, those 1. 2 Billion records the Russian cyber gang hacked: all identity theft.

In 2012, according to one research firm, 12.6 million people in the U.S. alone were victims of ID fraud. This translates to this crime occurring every three seconds. If that isn’t bad enough, it’s estimated that one-third of ID theft is committed against the thieves’ own family members.

Sometimes a person learns this when requesting a copy of their credit report. Expecting to see a high score, they instead see pages and pages of fraudulent credit card activity—and a very damaged credit. The thief can even be the victim’s own mother. Or spouse. Or daughter, son, sister, brother.

As appalling as this is, it’s not the least bit unusual. It’s easy, for instance, for a parent to access their child’s name and Social Security number, then open up a phony account—even if the victim is literally a child. Most companies don’t check the ages, so that’s why this crime can go undetected for years.

The victim may not even learn of the crime until adulthood when they apply for their first credit card or student loan. Learning that the thief is a family member, particularly a parent, delivers a particularly hard blow, for obvious reasons. At least there’s no emotional impact when the thief is a stranger or even someone outside the family whom you know.

It can take quite some time to restore damaged credit. The Federal Trade Commission has an online guide that will help victims recover from the crime of identity theft.

Children can’t protect themselves, so adults need to do it for them. That often requires an investment of time and money.

Credit freezes or fraud alerts aren’t available to children until their identity is stolen.

Applying for a fraud alert every quarter to 6 months and being denied means no credit has been established.

Identity theft protection in many cases will help prevent child identity theft. However not all services offer this option. The good news is that child identity theft protection is generally less than $50.00 a year per child when the parent invests in a family plan.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

15 ways to prevent Travel related Identity Theft

August 8, 2014/in Identity Theft /by Robert Siciliano

See if you’ve been employing the safeguards below to protect your identity while traveling.

#1 Put snail mail on hold.

Crooks love to scavenge through overflowing mail boxes to seek out personal information to steal an identity. Prevent this by arranging the postal service to put a stop on your mail.

#2 Clean up, thin out.

It’s been said that the laws of physics are defied when a woman empties her purse. Before traveling, dump out anything and everything: drug prescriptions, old memos, business cards, even expired documents. A thief could use this information to steal your identity.

#3 Be cautious with public computers.

A public computer is a very fertile area for identity theft, and this includes the computer in your hotel’s lobby. Never save passwords or use the auto-save function for forms. When you’re done, delete the search history. Never visit your financial institutions’ sites either.

#4 Wireless means watch out.

Free public Wi-Fi means anyone can snatch your personal information out of the air because this kind of Wi-Fi does not include encryption (which scrambles data). Use Hotspot Shield on your PC, Mac, tablet and mobile to encrypt your wireless communications.

The ability to snag your private information requires only a basic knowledge of computers plus a simple plugin, and voila—this person can spy on your browser activities. Try to use only WEP, WPA and WPA2 networks. Otherwise, visit only secure websites (they have the “https” in their address).

#5 Keep your phone number private.

Other than giving it to reps for your airline and hotel reservations, keep it to yourself. If it gets out, a fraudster could use it to pull phone scams on you.

#6 Protect your smartphone.

If your mobile device is loaded with personal information, it should have a home-screen-locking password. This can even be a fingerprint scan, depending on the model. Androids need antivirus the same as PCs do.

#7 Beware of ATMs.

ATMs can be fake or skimmers can be installed. A phony ATM kiosk can be set up on a street corner, beckoning for you. You swipe your card, and your card information is stored for later pickup by the thief who put the kiosk there.

If you must use an ATM, use a bank’s during regular business hours. Protect yourself from skimmers by blocking the keypad with your other hand as you enter your PIN. But still check your statements because keypad overlays can be installed too. Shred receipts immediately.

#8 Pay with cash.

Though stolen cash can’t be replaced, it also won’t lead to identity theft. Limit credit card use to secure payment systems found at major retail outlets and airports. Be suspicious of clerks who want to leave your visual range to swipe your credit card. And just plain don’t use a debit card when traveling.

#9 Don’t use your passport for ID.

Instead use your driver’s license or international ID. If you rely only on a passport and it gets stolen, you’ll end up in a bind you’ll never forget. Have backups of both scanned and available online.

#10 Hotel scams

Never give out private information over your hotel room’s phone, even if the caller says they’re from the front desk and need to straighten something out. Instead, deal with them at the front desk so you know it’s not a scam.

#11 Lock up valuables.

This doesn’t just mean jewelry, but use your hotel room’s safe to lock up passports, airline information, credit cards, cash and electronic gadgets unless you’re using them. Better yet, take them with you, or better still only travel with valuables you absolutely need.

#12 Review credit card statements.

Check your statements every month for unauthorized charges so that they don’t pile up.

#13 Encrypt laptop/mobile data.

When traveling with digital devices make sure to use encryption software that makes your data useless to a thief.

#14 Install tracking software.

Mobile devices should have a lock/locate/wipe software that does just that in the even your device goes mobile without you.

#15 Get identity theft protection

Both identity theft protection and a credit freeze should be used by everyone traveling or not.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Business Identity Theft; Big Brands, Big Problems

August 2, 2014/in business identity theft /by Robert Siciliano

Cyber criminals go after brand names like vultures, infiltrating company websites, hijacking mobile applications and tainting online ads, among other tricks.

Some corporate websites aren’t as secure as business leaders think they are—and cyber thieves know this. They use the “watering hole” technique to infiltrate the system. Ever see an animal TV show in which the lions wait in the brush, camouflaged, for their unsuspecting prey to approach the lone body of water? You know the rest.

Think of the company’s website as the watering hole. The company typically uses “landing pages” to entice people to their main site, but leave the landing pages up after they’ve served their purpose. Here’s where trouble starts, fewer resources are devoted to monitoring or updating these pages, allowing hackers to pounce on the vulnerabilities and insert malicious code, luring visitors to malicious sites using the trusted reputation of the brand..

Ultimately, the brand name becomes associated with this. Some examples as reported by Forbes.com:

The nbc.com home page was infected with the Citadel/Zeus installation malware.
The U.S. Veterans of Foreign Wars’ website was infected with malware.
Third-party app stores are a source of downloaded malware, since these are usually un-policed. Apps can be repackaged with mal-code, creating an association of bad with the brand name of that app. The mal-code could gather personal data on the purchaser, which is then sold to data brokers, violating user privacy, making the user think pretty negatively about the brand name.
Malvertisements are malicious ads that crooks place on legit websites. These normal-appearing ads spread bad things around, and do NOT have to be clicked to trigger a viral attack.
Banner ads can also be the target of injected mal-code.
These clever crooks will even pose as an actual name-brand company and put up legitimate ads on a website, but then replace those with mal-ads over the weekend—which go undetected because IT departments are lax on the weekends. After oh, say, a few million computers and mobiles are infected, the thieves stick the original, legit ad back in, which makes their crime difficult to track.

Third-party networks place a lot of ads, making it very hard to hunt down malvertising fraud. This complexity can make it virtually impossible for companies to protect themselves against 100% of malicious attacks.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Medical Identity Theft Can be Deadly

July 24, 2014/in Identity Theft /by Robert Siciliano

If you feel like you are starting to get the flu, going to the doctor’s office can get you some medicine and get you on the road to recovery. But, there’s no pill or surgery that can protect you from medical identity theft—which can kill you. Literally. The thief who steals your identity doesn’t mean to kill you; he just wants to obtain free medical care on your dime.

If a thief has access to your personal information, he can pose as you and see doctors and have procedures done—for free or for a nominal copay. The crook uses fake IDs and phony insurance cards to pull off this scam.

The problem really starts kicking in when the imposter’s medical situation gets tacked onto your medical record—since they are posing as you. This can result in a number of harmful outcomes for you. Not only can it potentially cause misdiagnoses, you could be issued a prescription to a drug that you have a fatal reaction to.

Just think about it for a moment: Someone else’s medical condition getting integrated with yours. This can cause a lot of problems. You could be denied medical coverage or lose your current coverage because of false information in your medical records. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) protects your right of access to your medical records. If someone else is pretending to be you and accessing your records, you might not be able to access your own records. That’s a scary thought.

But even you are lucky enough not to suffer any negative consequences to your health as a result of the medical identity theft, cleaning up the mess can be enough to give anyone a heart attack.

So how can you prevent becoming a victim of medical identity theft?

Protect your mail: Install a locking mailbox so no one can access your mail.
Keep medical documents secure: Keep all of your hard copy medical documents in a file that locks. If it’s in cyberspace, make sure the files are encrypted and not in folder on your desktop that says “Medical.”
Shred all medical documents: Make sure to properly dispose of your medical documents so you don’t become a victim to dumpster-diving thieves. This includes digital files as well.McAfee LiveSafe (put tm in here and links this) service comes with a digital shredder that uses higher than government standard file shredding—don’t rely on simply putting something in the “trash bin” on your computer and then emptying it.
Leave medical cards at home: Only take them when you are visiting the doctor. If you’re worried you might need them in the event you have an accident and need immediate medical treatment, memorize your health ID number. If you’re unconscious upon arriving at an ER, you’ll get treated anyways—it’s the law. Simply provide your medical card after the fact. Don’t carry identity cards either: Identification cards or Social Security number cards should also be left at home in a safe place. Since many medical systems use these numbers as your identifier on the policy, you don’t want them falling into the wrong hands. And with access to these cards, a thief could easily create the fake credentials needed to commit medical identity theft.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Don’t Get Kicked By Football Players Online

June 18, 2014/in online security /by Robert Siciliano

The biggest sporting event of the year just kicked off. If you’re not a football fan (that’s soccer for us Yanks), this is the ultimate goal and it’s just getting started. Many fans will head to Brazil to watch these games and their favorite players, but many more fans will flock online to find out information about the players and teams.

Cybercriminals once again are taking advantage of these large numbers and have pounced on the eagerness of fans of the world’s most popular sport. Portugal’s Cristiano Ronaldo dos Santos Aveiro just barely edges other football stars as the world’s riskiest football player to search for online and tops the McAfee “Red Card Club.”

The McAfee “Red Card Club” is a list of eleven Brazil bound players whose web pages are considered to be risky for fans to search for online. Following Ronaldo are Argentina’s Lionel Messi, Spain’s Iker Cassillas, Brazil’s Neymar and Algeria’s Karim Ziani.

The sites most likely to be risky are those offering videos showing the athlete’s skills, and screensaver downloads. These rigged sites are just waiting to trick you into giving up personal information so that the thieves can steal your identity or get ahold of credit card information and max out your cards.

The study uses McAfee® SiteAdvisor® site ratings, which indicate which sites are risky when attached to football players’ names on the Web and calculates an overall risk percentage.

So what’s an excited football fan to do? While it’s probably not feasible for us to stop searching for information about these stars, we can make sure we are safe while doing so. Here are some tips for you to stay safe online:

Be suspicious — If a search turns up a link to free content or too-good-to-be-true offers, it usually is.
Be extra cautious when searching on hot topics—Cybercriminals set up fake and malicious sites that dominate these time-sensitive search results.
Use web protection— Make sure to use a safe search tool that will notify you of risky sites or links before you visit them. McAfee SiteAdvisor software can be downloaded for free here.
Check the Web address—Look for misspellings or other clues that the link might be directed to a phony website.
Protect yourself—Use comprehensive security on all your PCs, Macs, smartphone and tablets, like McAfee Live Safe™ service, that comes with McAfee SiteAdvisor, a complimentary tool that protects your from going to risky websites and prevents malicious downloads.

Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Teens’ Online Behavior Can Get Them in Trouble

June 8, 2014/in online security /by Robert Siciliano

Do you really know what your kids are doing all the time? Probably not, unless you’re a stalker (just kidding). But really, there has to be some element of trust and you can’t physically be everywhere your kids are. And that also applies to the online world. As parents, we need to be aware of what our kids are doing, teach the “rules of the road,” and help them stay safe, but we can’t always be there with them every moment of every day.

But we do need to understand that our kids are doing things online that could expose them to risk. McAfee’s 2014 Teens and Screens study showed that tween and teens continue to interact with strangers online and overshare information, even though they realize that these activities can put them at risk.

So what else did the study unveil? About 75% of tweens and teens friend people whom they know in the real world, however, 59% engage with strangers online. And one out of 12 meet the online stranger in real life. This could be because 33% of them say they feel more accepted online than in real life.

Additional facts to understand:

Our tweens and teens overshare personal information – 50% posted their email address, 30% their phone number and 14% (which is 14% too many) posted their home address, even though 77% know that what is posted online can’t be deleted and 80% have had a conversation with their parents on how to stay safe online
Social media friends are not always friendly – 52% have gotten into a fight because of social media, 50% have gotten into trouble at home or at school and 49% have regretted posted something.
Our kids are still hiding things from us – Although 90% believe their parents trust them to do what is right online, 45% would change their online behavior if they knew their parents were watching, 53% close or minimize their web browsers when their parents walk into the room and 50% clear the history of their online activity

Alarmingly, 24% said that they would not know what to do in the event of cyberbullying (how about stay away from the bully’s page and block the bully from your page?). A whopping 87% have witnessed cyberbullying and 26% have been victims themselves.

So with all these, how do we ensure we help our kids stay can enjoy the benefits of being online, while staying safe online. Here’s my top tips:

Establish rules: Parents should establish pinpointed rules about computer activities including sites the kids can visit and what is and isn’t appropriate behavior online, including the fact that online is forever.
Check in: Kids should be told to immediately report cyberbullying. whether they are witnessing it or being a victim.
Meet their “friends”: If it’s not possible to meet that person in person, then your child shouldn’t be chatting with them online.
Learn their technology: You should know more about the various devices that your kids use than your kids do, not the other way around.
Get their passwords: Parents should have full access to their kids’ devices and social media accounts at all times; they need the passwords.
Have security software on all their devices: Make sure all your kids’ devices and yours have comprehensive security software, like McAfee LiveSafe™ service.

Or you can just relegate your kids to their rooms and never let them out—like I’ve told my girls. Just kidding. But on a serious note – parents, it’s time to make this a priority, for you and your kids.

To join the conversation online, use #TeensNScreens or follow @McAfeeConsumer or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

USB Drives – With Convenience Comes Risk

May 28, 2014/in online safety, online security /by Robert Siciliano

I’m sure most of us have used a USB drive (or thumb drive) at one point or another. They are super convenient to transfer files, especially when they are too large for email or you don’t have access to an Internet connection.

But it’s this same convenience of being portable, readily available, and inexpensive that make them a prime target for cybercriminals. There’s a number of ways that these devices can fall victim to the underworld.

Because USB drives are primarily used to share and transfer files, it’s an easy target for hackers who are looking to distribute malware. And because most USB drives are set to auto-run (meaning that when you plug it into your computer, it will automatically open up the drive), the malicious software could be automatically transferred to your computer as soon as you plug this in. So once they get you to copy an infected file to the USB drive, it’s easily spread to other computers every time the USB drive is plugged in.

While their small size and portability make them easy to carry in your pocket or pretty much anywhere, it also makes them susceptible to loss or theft. Depending on what type of information is stored on here, losing this device could expose your personal information. A USB drive could easily be misplaced, dropped or taken from a table so it’s important to be careful when using these devices.

Another thing to keep in mind is that files aren’t really deleted, even if you hit the “delete” button to take something off your USB drive. In this case “delete” really means “hide” so unless you run a “wipe” program to really get rid of the files, someone could still retrieve your data, so you still need to make sure you are careful with these devices.

So here’s some tips how can you ensure that you stay safe and protect your information when using USB drives:

Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Remember just as with being online, we need to make sure our conveniences don’t expose us to risk.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is a Man-in-the-Middle Attack?

May 24, 2014/in cyber crime /by Robert Siciliano

There’s a reason why most people feel uncomfortable about the idea of someone eavesdropping on them—the eavesdropper could possibly overhear sensitive or private information. This is exactly the risk that computer users face with a common threat called a “Man-in-the-Middle” (MITM) attack, where an attacker uses technological tools, such as malware, to intercept the information you send to a website, or even via your email.

Just imagine you are entering login and financial details on an online banking site, and because the attacker is eavesdropping, they can gain access to your information and use it to access your account, or even steal your identity.

There are a variety of ways that attackers can insert themselves in the middle of your online communications. One common form of this attack involves cybercriminals distributing malware that gives them access to a user’s web browser and the information being sent to various websites.

Another type of MITM attack involves a device that most of us have in our homes today: a wireless router. The attacker could exploit vulnerabilities in the router’s security setup to intercept information being sent through it, or they could set up a malicious router in a public place, such as a café or hotel.

Either way, MITM attacks pose a serious threat to your online security because they give the attacker the ability to receive and request personal information posing as a trusted party (such as a website that you regularly use).

Here are some tips to protect you from a Man-in-the-Middle attack, and improve your overall online security:

Ensure the websites you use offer strong encryption, which scrambles your messages while in transit to prevent eavesdropping. Look for “httpS:” at the beginning of the web address instead of just “http:” which indicates that the site is using encryption.
Change the default password on your home Wi-Fi connection so it’s harder for someone to access.
Don’t access personal information when using public Wi-Fi networks, which may, or may not, be secure.
Be wary of any request for your personal information, even if it’s coming from a trusted party.
Protect all of your computers and mobile devices with comprehensive security software, like McAfee LiveSafe™ service to protect you from malware and other Internet threats.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Medical Identity Theft Protection And Prevention

May 19, 2014/in Medical Identity Theft /by Robert Siciliano

Identity theft can be fatal to the victim — if it’s of the medical kind. Medical ID theft can result in getting the wrong blood type during a transfusion, the wrong diagnosis or the wrong prescription — all because the thief’s medical history gets integrated with the victim’s.

I hope you’re scared, because that’s my goal.

Up to 43 percent of ID theft is medical, says the Identity Theft Resource Center. The nonfatal fallout of medical identity theft can be quite dastardly, like the crook using your private data to commit other forms of ID theft.

Prevent Medical ID Theft

Always review your medical bills. Is a bill for service your child never received?
Never give your health insurance card to anyone for their use.
Shred medical documents you no longer need, including prescription information.
Every year, examine your credit report from the big three outfits.
Give your health insurance card the same protection you’d give a credit card. Contact your insurance company asap if it gets lost. In police reports, include it as a loss if it’s stolen.
If news breaks of a data breach involving a company you use, inquire about this.
Be especially alert to reviewing documents if you’ve been receiving extensive medical treatment.

Suspicious Activity

Call the provider and insurance carrier if you spot an unfamiliar charge on a medical bill.
Save all relevant documents and record the names of every person you connect with and the dates.
Contact the big three credit reporting agencies.
Filing a police report may be necessary.
If you’ve already been the victim of medical ID theft, inquire about the accuracy of your records with your provider, and request a copy of the records.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Private Identifiers Not Private

May 15, 2014/in privacy /by Robert Siciliano

Today’s commerce occurs very much online, with products and services ranging from A to Z. Hence, these many online merchants have hundreds of millions of people around the globe registered with them for convenient purchases.

To verify authentication as the true user of these services, the registrant must supply personal data. If cyber criminals get ahold of this data, much of it can be changed by the user after the breach, such as user name, password and even the address they’ve been using.

However, the Social Security Number and date of birth cannot be changed. When cyber crooks get personal data off of these online retailers and service providers, it invades the customer’s privacy.

Online enterprises must take full responsibility for stolen data. It’s a real serious issue when permanent (“static”) data like DOB and SSN is breached, as opposed to temporary data like a password or answer to a security question.

Of course, the registrants to these sites do bear some culpability when they post their personal data in the public domain. But business sites make posting personal data a requirement to use their site. Unique data like the SSN should not be a requirement.

The online commerce world should know that such a requirement destroys confidence in current and potential customers, and that their competitors who abandon this practice will have the upper hand in gaining and retaining business.

More and more users are realizing that the security systems of online enterprises are weak, putting users at risk for identity theft—a risk that they’re catching onto.

NSS Labs, Inc., a world leader in information security research and advisement, has the following recommendations:

Online businesses should limit requiring data that can be shared among other enterprises.
Online enterprises should be designed with the anticipation of possible data breaches; this way they’ll minimize risk and be more prepared to mitigate problems.
Third-party data breaches should be analyzed by online companies to protect users if data seeps out.
“At risk” users should be able to be re-authenticated.
Governments need to reassess the idea of using static data like DOB and SSN.
Online enterprises must embrace the possibility that legislation will eventually make it illegal to require SSNs from users.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

Posts