Posts

10 Ways to Help Protect Yourself from Identity Theft

No one wants to be a victim of identity theft (at least not that I’m aware of). But even though we may say this, our actions don’t always indicate this—and actions speak louder than words.

10DSome of this information may seem basic or like common sense, but these are still tactics that identity thieves utilize because THEY WORK! So here are some tips to make sure you’re protecting your identity:

  1. Be careful when sharing personal information – Make sure you question who is asking for this information and why. Just because a site asks or even your doctor’s office form asks, doesn’t mean it’s absolutely necessary. Also make sure you understand how they are protecting your personal data.
  2. Don’t open attachments or clicks on links from people you don’t know – Whether this be via email, text message or social networking sites, exercise caution as these could be phishing messages designed to steal your personal information.
  3. Protect your home Wi-Fi connection – Not changing the default settings on your wireless router can lead to not only someone using your connection for free, but also to them accessing all the files on the devices that are connected to it. Using default settings is never a good idea for anything, but can have bigger implications with your Wi-Fi connection. Here’s tips on how to protect your Wi-Fi.
  4. Don’t shop or bank online from public computers – You don’t know if there is any security protection on these computers and if the Internet connection is secure. It’s just best not to do this.
  5. Don’t fall for 419 email scams – These are emails asking you help to get access to a big sum of money and in exchange you’ll get a portion of the money. Now come on…if a stranger asked you this in real life, would you believe them? Probably not…I mean…how many us really need to help a Nigerian prince? (Note: 419 refers to the article of the Nigerian Criminal Code dealing with fraud)
  6. Don’t accept all friend requests on social media – Remember that “friend” may not really be your friend. Only connect with people you know in the real world. And even then you should be careful when clicking on the links they post. I’d recommend you use a product like McAfee® SiteAdvisor® that provides easy, red, yellow and green site rating icons in your search results and in your Facebook, LinkedIn and Google+ feeds (for PC or Mac). It will also put up a warning screen if you click on a site we know to be dangerous (for PC, Mac or mobile)
  7. Carry as little possible with you – This includes credit cards, debit cards, your Social Security number or Identification card and scraps of paper with your PINs and passwords. You wallet or purse can be a treasure trove to thieves, so make sure to carry only what is absolutely necessary.
  8. Lock your mailbox – This may seem extreme, but many thieves raid mailboxes for credit card applications, fill then out and change the address, then they don’t pay the bill, and the debt collector comes looking for you! So ask the companies to stop sending you this mail and make sure your mailbox is locked
  9. Be careful what you put in your trash – Some thieves raid trash cans, especially if you have a locked mailbox. So that pre-approved credit card application that you relegated to the trash before it even entered your house is a gold mine for thieves. So make sure you employ the use of a cross-cut paper shredder before you throw these types of things away.
  10. And of course, make sure you have protection on all your devices – Comprehensive security on all your devices (not just your PCs) is a must these days. I use McAfee LiveSafe™ service, which protects all my PCs, Macs, smartphones and tablets. And it comes with McAfee SiteAdvisor that I mentioned above!

So remember, we all have to help ourselves by being proactive to protect our identities, both online and offline.

Stay safe!

 Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Change Your Password. World Password Day

We also say we want to be safe online. Yet sometimes our actions betray our words—especially if we’re using simple, short passwords for our online sites. Passwords with less than eight characters are the easiest to crack, especially if they include a proper noun or a word that’s in a dictionary. Hackers especially love passwords of all one character. Lose the “ilovedogs” password please.

WorldPasswordDayTake a look at your passwords. Are they simple and include an actual word, or are they long and unique?  World Password Day. Take the pledge and change your passwords.

And don’t balk about changing your passwords; you must change them to be safe online. Your password is your first line of defense—not only for your online accounts, but also on your devices. Be like Nike and “Just Do It!” Think about this if you’re reluctant to change them:

  •  Research shows that 90% of passwords are vulnerable to hacking
  • The most common password is “123456”  and the second most common password, is “password”
  • 1 in 5 Internet users have had their email or social networking account compromised or taken over without their permission

Now, believe it or not, a password of eight characters, even with various symbols and no dictionary words, can be cracked. However, a password the length of “Earthquake in the Sahara” would take over a million years to unearth. Ladies and gents, size does matter when it comes to passwords.

Ditch your old passwords

They may already be on the black market, and if not, it’s inevitable. Especially in this post Heartbleed time, we need to make sure we all change our passwords.

Think pass-sentence, not password

Just four words (with spaces) will make a killer password. Toss in punctuation. Create a sentence that makes no sense, like “Sharks swimming in the shower” and then add some space, numbers and special characters so it’s “Sh@rks swimming >n The Sh0wer!” That’s a 30-word password, technically known as a passphrase, and beats out #8xq3@2P. And which is easier to remember?

And don’t use something that a person who knows you might be able to guess: If you own five black cats, don’t make a passphrase of “I love black cats.”

Here’s a fun way to make a passphrase.

Make the change

Now that you have a passphrase that will take millions of years to crack, it’s time to make use of it. Sift through all of your accounts and change your passwords, using a different passphrase for each account, and not similar, either, for optimal uncrackability.

Once all of your new passwords (passphrases) are in place, you’ll have peace of mind, knowing that it would take millions of years for these passwords to be cracked.

Remember, there’s no better time than World Password Day to change your password!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation.

social_engineeringIn our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financial gain. Social engineering can take many forms from an email, phone call, social networking site, text messages, etc., but they all have the same intent—to get you to part with valuable information.

Any one of us can be a target. And social engineering continues to be a tool that cybercriminals use because it works. They play on our emotions and our innate sense to want to trust others and be helpful. The also rely on the fact that many of us are not aware of the value of the information we possess and are careless about protecting it.

For instance, after major natural disasters or major news topics, like a hurricane or earthquake, cybercriminals sent out scores of bogus emails, calling for sympathy and donations for the victims, just so they could line their pockets.

In addition to sympathy, the bad guys also barter in fear, curiosity and greed. From emails offering fake lottery winnings (greed), to dangerous download sites advertising a preview of the latest Lady Gaga song (curiosity), to devious popup messages that warn you that your computer is at risk (fear), today’s cybercriminals are masters at manipulating our emotions.

And because their tricks often look legitimate, it can be hard for you to identify them. You could wind up accidentally infecting your machine, or sharing personal and financial information, potentially leading to monetary loss and even identity theft.

How can you protect yourself?

  • Never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages, and any time the phone rings and they are requesting personal information consider it a scam.
  • Be suspicious of any offer that seems too good to be true, such as the lure of receiving thousands of dollars just for doing a wire transfer for someone else.
  • If you are unsure whether a request is legitimate, check for telltale signs that it could be a fake, such as typos and incorrect grammar. If you are still unsure, contact the company or organization directly. Financial institutions, and most sites, don’t send emails or text messages asking for your user name and password information.
  • When using social networking sites, don’t accept friend requests from people you don’t know, and limit the amount of personal information you post to your profile.
  • Consider using a safe browsing tool such as McAfee® SiteAdvisor® software, which tells you whether a website is safe right in your search results, helping you navigate away from phony sites.
  • Make sure your all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets.

So remember to ask yourself if this is really legit, the next time you get a message that plays on your emotions. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is Cookiejacking?

“Cookiejacking” may sound like someone taking a bite out of that delicious chocolate chip cookie you were planning to have after lunch, but it is actually an online security risk that could lead to your personal information falling into the hands of a cybercriminal.

2DBut to understand this risk, you first need to know about Internet cookies. An Internet cookie is a small text file that gets stored on your computer or mobile hard disk from a website that you have previously visited, so the next time you’re on that site, it alerts the site that you’re back.

The cookie holds information such as an identifier the site assigns to you, and any preferences or personal information you may have shared with that website, such as your name and email address. Cookies are the reason why you may see a message that says “Welcome back, John” when you revisit a website.

Now that you know what an Internet cookie is, you can better understand cookiejacking. This is when your device’s cookies are stolen, potentially giving thieves access to the information they hold.

This can be problematic when the cookies stored on your computer contain sensitive and personal data, such as your bank login information and social media account passwords. A cybercriminal could use the stolen information to access your accounts or impersonate you.

Of course, clicking on links in malicious emails or on risky websites increases the odds that you could fall victim to cookiejacking, so the more dangerous clicking you do, the more at risk you are.

How do you avoid cookiejacking?

Here are a few simple tips to help you avoid falling victim to this security concern:

  • Be careful where you click—Especially when playing games on social networks since this could be a trap set by a cookiejacker; all of your clicking will enable the thief to steal your cookies. Also be wary of links in emails, text messages and instant messages, especially if they’re from people you don’t know personally.
  • Use a safe search tool—Utilize a free browser plug-in, like McAfee® SiteAdvisor® that warns you if you are going to a risky site. For Android users, this feature is available as part of the free McAfee Mobile Security.
  • Consider using private browsing mode—The private browsing mode prevents access to cookie files already saved on your device, but more importantly, it stores cookies for the active session in memory. This means that a page crafted for cookiejacking cannot access older cookies nor active ones, because there is no path to them.
  • Install comprehensive security on all your devices—Make sure you protect all your devices with security like McAfee LiveSafe™ service that includes anti-malware, anti-spam, anti-phishing and a firewall so that you are less likely to be a click-jacking victim.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Online Tax Time Scams: How to Avoid

Filing your taxes online is convenient but also comes with some potential security problems. My job as an expert in all things online-security is to spell out what these online tax scam risks are and how to avoid them. As you get ready to file your taxes this year, here are some things you should know about.

9DThere were billions of fraudulent refunds that the IRS discovered for just 2012. Both consumers and business owners (small to medium) are being targeted by hackers during tax time. Following are tax time scams that are related to online filing:

  • Phishing: If you get an unsolicited email that seems to be from the IRS or similar, requesting personal information (especially bank account information, passwords or PINs) or claiming you’re being audited, it’s time to smell a big rotting phish. The IRS will never contact you via email, text message or social media. Make sure you don’t click on any links or open or download any attachments if you even suspect that the message is fake. Report any time of phishing to phishing@irs.gov.
  • The fake IRS agent: Crooks will pose as IRS agents and contact you by email or phone. They’ll already have a few details about you, probably lifted off your Facebook page, using this information to convince you they’re the real deal. If you sense a scam, go to IRS.gov/phishing.
  • The rogue tax preparer: It’s best to use a reputable tax return service, rather than an independent-type preparer. After all, some of these preparers have been known to charge extra high fees for getting you a bigger return, or steal some of your refund.

Additional Tips for Online Tax Time Scam Protection

  • Protect your data. From the moment they arrive in your mailbox, your personal information (financial institution numbers, investment records, Social Security numbers, etc.) must be secured. Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact and are sure of the recipient.
  • Chuck the papers. Opt for electronic statements to be received via email to eliminate paper statements coming into your mail box where thieves could get at them.
  • Check and monitor your statements. To ensure that you’re not a victim, the best thing to do is to monitor you monthly bank statements and do a credit report at least once a year.
  • Use a clean machine. Make sure that the computer you use is not infected or compromised. The operating system and browser should be updated. It should have comprehensive, up to date security software, like McAfee LiveSafe™ service, which protects all your devices, you data and your identity.

If you’re vigilant and follow these guidelines and you won’t have to deal with online (or offline) tax time scams. You can also watch this video from the IRS.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

What is a Denial-of-Service Attack?

You may have heard news reports about popular websites such as CNN, Amazon and Yahoo! being taken down by a DoS attack, but have you ever wondered what DoS means?

3DThis common tech term stands for “denial-of-service,” where an attacker attempts to prevent legitimate users from accessing a website entirely or slowing it down to the point of being unusable.  The most common and obvious type of DoS attack occurs when an attacker “floods” a network with useless information.

When you type a URL for a particular website into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying access to legitimate users.

A distributed denial-of-service (DDos) attack is one where a site is attacked, but not by just one person or machine. DDos are attacks on a site by two or more persons or machines. These attacks are usually done by cybercriminals using botnets (remote computers that are under their control), to bombard the site with requests. Cybercriminals create botnets by infecting a collection of computers—sometimes hundreds or thousands—with malware that gives them control of the machines, allowing them to stage their attack.

There is also an unintentional DoS where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site’s regular users–potentially hundreds of thousands of people—click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. When Michael Jackson died in 2009, websites such as Google and Twitter slowed down or even crashed.1

While this can be an inconvenience to you, as you may not be able to complete transactions or access your banking site, there’s no real danger for you. But unbeknownst to you, your computer or mobile device could be part of the botnet that is causing a DDos attack.

To make sure you’re not part of a DDos attack:

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use

“Web slows after Jackson’s death”BBC News

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

ID Theft, Medicare Fraud Prevention in People Over 45

My job as a security analyst is to educate people on the prevalence of ID theft, and this especially includes those over 45, and I also must point out that scams involving Medicare are on the rise.

3DAccording to Reuters, Identity theft led the list of top consumer complaints once again in 2013, with U.S. consumers reporting that they lost over $1.6 billion to various types of fraud. Of the 2 million consumer complaints that the commission received last year, 290,056, or about 14 percent, were related to identity theft, the FTC said.

People over 45 attract identity thieves because often the 45-plus crowd is more trusting, and have more wealth and disposable income built up. They’re not too eager to report identity theft for fear their families will think they’ve lost control. Crooks know all this. Learn how people over 45 can protect against identity theft and Medicare scams.

Identity Theft Prevention for the 45-Plus Crowd

  • Know that those closest to you (family members, caregivers) can be a thief waiting for a prime opportunity. Be leery of anyone asking for even a small loan or giving a sob story.
  • ID information and other personal data and documents should be locked up in a safe.
  • Get a PO box for your mail—to receive and to take outgoing to.
  • Shred personal documents you no longer need.
  • Thieves like to rummage through trash for discarded direct mail and credit card offers. Call the FTC OPTOUT at 1-888-567-8688 to stop these offerings.
  • Memorize your SSN so you don’t have to bring it in public.
  • Thin out your wallet.
  • Cancel unused cards.
  • Never have any personal information printed on your checks except your PO box address. Have only your first and middle initial with your last name printed on checks.
  • Have your bank issue an ATM-only card rather than an ATM debit card.
  • Don’t wait till you’re a victim of crime to have a handy list of all your financially related contact information already composed.
  • Update your devices operating systems
  • Update your devices antivirus, antispyware, antiphishing and firewall.
  • Lock up your devices with a password.
  • Use string passwords including upper/lower case and numbers.
  • Use a passwords manager. Never use the same passwords twice.

Credit Card Scams

  • Don’t be phishing bait. An e-mail comes to you claiming you must make a payment and includes a link where to do this. These scam e-mails make gullible people think they’re from banks, retailers, even what seems like the IRS. The link to a phony website entices victims into typing in their bank account or credit card numbers: a done deal for the thieves.
  • Review bank and credit card statements promptly. Reporting something suspicious within two days means minimal liability with bank accounts. Wait too long and you may never recover your loss.
  • Never lose sight of your debit card. Always watch clerks swipe it. Don’t hand it to anyone else at the store.
  • Consider ditching the debit/credit card. Use an ATM card and a separate credit card rather than the combo.
  • Never give your card to anyone. This means a caregiver, nanny, dog sitter, relative—you never know what they may do.
  • Never give your card or account information to someone who phones you.
  • See more “credit card security tips HERE

Social Media Scams

  • Friend only those who you actually know, like and trust.
  • Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so be careful what you share online or via your mobile device.
  • Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.
  • Put a PIN on it—Make sure you have your smartphone and tablet set to auto-lock after a certain time of unused and make sure it requires a PIN or passcode to unlock it. This is especially helpful to protect any information you do not want seen should your device be lost or stolen.
  • Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.
  • Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.

Medicare Card Scams

  • The weak link in Medicare is that the SSN can be used as the identifying information on the insurance cards.
  • After the first visit to a doctor, copy your Medicare card, ink out every thing but the last four numbers of the SSN, then use the copy for subsequent visits.
  • A Medicare representative will never call you to verify information so that medical bills can be paid. A call like this is a scam.
  • If somebody other than your physician asks for Medicare information, call 1-800-MEDICARE to report this. Only when you’re in your doctor’s office should your doctor request such information. If in doubt, never give your Medicare number out.

If You Are a Victim

What should people over age 45 do if they suspect identity theft?

  • Call one of these three credit reporting agencies to put a fraud alert out on your credit report:
  • Experian: 888-397-3742; Equifax: 800-525-6285; TransUnion: 800-680-7289
  • Contact only one company because they’re legally required to contact the other two.
  • Contact local law enforcement, banks and credit card companies if you suspect ID theft.
  • Call the FTC ID theft hotline: 877-438-4338; or online at www.consumer.gov/idtheft

Identity theft protection:

  • Does Identity Theft Protection Really Work? YES.
  • How effective are their scanning/monitoring methods? It all depends on the service. Check out BestIDTheftCompanys.com ratings.
  • Can they truly protect consumers? The answers may vary. Identity theft protection is designed to protect you from new lines of credit being opened in your name—and along with the recovery/restoration component; it’s designed to clean up the mess.

Read our blog post on “Identity theft protection HERE

7 Ways to Tell If It’s a Fake

Unfortunately in today’s world, scammers are coming at us from all angles to try and trick us to get us to part with our hard earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention—even if you know what to look for—they can get you.

9DThere are numerous ways to detect fake sites or emails, phishing, etc. Here are 10 you should know about:

  1. Incorrect URL. Hackers use fake sites to steal your information. Watch to make sure the URL is actually the one you want to be going to— if you notice the URL is different, that’s a good indication that the site is fake and you should NOT enter your information. There’s a number of ways you can protect yourself from this:
    1. If you’re on a computer, hover your mouse over the link to see a preview of the link URL in the status bar. Then check to see if the link site matches the site that it should be from. So for example if your email comes from North Bank or you type in North Bank into the Google search bar and the link is not going to www.northbank.com but something like www.banking-north.com you should not click.
    2. If you’re on a mobile device, use a link preview to see the actual URL before you click.
    3. You can also use McAfee® SiteAdvisor® on both your computer and mobile device to make sure the links you are going to are not bad links.
  2. Nosy Requests. Your bank won’t ask via email for your PINs or card information. Be suspicious of sites (or emails) requesting your Social Security number, identification number or other sensitive information.
  3. Sender’s Email Address. You can also check who sent the email by looking at the send address. It may say it’s from North Bank, but the email may be something strange like northbank@hotmail.com. The sender’s email should not be using a public Internet account like Hotmail, Gmail, Yahoo!, etc.
  4. Your Name. A legitimate email from your bank or business will address you by name rather than as “Valued Customer” (or something similar).
  5. Typos. Misspellings or grammatical errors are another sure sign that the message or site is fake.
  6. Fake Password. If you’re at a fake site and type in a phony password, a fake site is likely to accept it.
  7. Low Resolution Images. A tip-off to a false site is poor image quality of the company’s logo or other graphics.

Additionally…Hit delete. How about just hitting the delete button whenever an email comes to you from an unfamiliar sender? After all, if any legitimate entity needs to contact you about something urgent or crucial, they would have your phone number, right? They know your name, too. Remember, “just say no” to opening unfamiliar or suspicious looking emails.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

IRS announces a 66% Increase in Tax Identity Theft Investigations

Tax related identity theft is reaching nightmarish and epidemic proportions. Heed the following to minimize your risk.3D

  • File taxes early. ‘Tis the season for tax fraud, and scammers like to get a jump start from the beginning. File early before the fraudsters file.
  • Use electronic filing. Paying the IRS via e-filing is fast and more secure than the paper method. You’ll also get an e-confirmation of receipt. E-filing also lets you know promptly if another person has filed under your own information.
  • An IRS e-mail is probably a fake. You’ll never get an unsolicited e-mail from Uncle Sam asking for your SSN, date of birth or other private information. Don’t open these e-mails. If you accidentally open one, do nothing more than forward it to phishing@irs.gov.
  • Fake web sites. Telltale signs of a fraudulent site are typos and grammatical mistakes, odd page layouts, an unprofessional appearance and other oddities. Be suspicious if there’s not a tiny yellow padlock and “https” to the left of the URL.
  • Be careful where you store. Never store tax information on an Internet drive or cloud. If it must be stored on a computer, encrypt the drive. Better yet, store it on an external drive or disk that’s encrypted or password protected, and store this in a locked safe.
  • Strong, long passwords and usernames. Use an assortment of characters (letters, numbers, symbols like # and *).
  • Check your annual Social Security statement. It shows all income from U.S.-workers under your SSN.
  • Your tax preparer. Use a reputable, licensed tax preparation firm. There exist many tax fraudsters.
  • Be on red alert. Services that claim to have no or very low tax liability often sock you with very high fees, or divert refunds or take money from returns.
  • Snail mail alert. Monitor reception of tax forms. Take notice if any are late or seem to have been opened. If anything is awry, notify the provider at once to find out when they were sent out.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Beware of Employees Who Lie About Their Identity

It’s way too easy for anyone to pretend to be someone else. When hiring, make sure you use identity proofing measures so you don’t get scammed.

When hiring, the first concern most companies have is determining how effective an employee will be. In fact, the first concern should be determining if the person is actually who he or she claims to be. Regardless of the nature of your business, an employee masquerading behind a false identity can wreak havoc on your company.

Michael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

We are functioning in an environment in which humans have yet to be truly verified or authenticated. There are 7 billion people on the planet using thousands of various forms of identification, but with little security. In the United States, the Social Security number is, regrettably, a national ID that is available in file cabinets and databases everywhere, including for sale online. There are thousands of variations on birth certificates (I have five different versions of my own); there are people selling fake IDs, from kids on college campuses all the way up to organized criminals; and credit is wide open, which means anyone who gets hold of anyone’s identification can get credit under that person’s name.

Protecting Yourself

It’s important to understand what identity proofing is. As you might have guessed, identity proofing simply refers to proving that individuals are who they say they are. Identity proofing often begins with personal questions, such as asking for the name of a first grade teacher, mother’s maiden name, first phone number, or the make and model of a first vehicle—as though (in theory) only the actual person would be able to provide the correct answers. Of course, this technique is not foolproof, and now that personal information is so readily available on the Internet, knowledge-based authentication is effectively on its way to extinction—and for good reason. 

The next step in identity proofing is documentation, such as a birth certificate, a copy of a utility bill, high school yearbook, mortgage statement or, of course, a driver’s license or passport. Some of these identifying documents can be scavenged from the trash, but they are effective proof when combined with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Identity scoring, which is in use with many mortgage brokers today, is another effective identity proofing method. An identity-score system can tag and verify the legitimacy of an individual’s public identity using the Internet and both private and government websites. Identity scores are being used to prevent business fraud and to verify and correct public records. Identity scores incorporate a broad set of consumer data, including Internet data, corporate data, personal identifiers, credit records, public and government records, self-assessed behavior patterns and predicted behavior patterns based on empirical data.

Finally, fake IDs contribute to the exasperating problem of imposter fraud. Get the ID Checking Guide to assist you with employee ID verification. Verifying an ID is important, whether for an initial screening or a final ID check. By reducing fraudulent employment applications, time and money can be saved and problem employees who lead to litigation can be averted. 

Eventually, detection methods for fake IDs, such as smartcards, biometrics in all its forms, and multi-factor authentication, will help ensure that the identities presented can be trusted—and being an imposter won’t be so easy.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.