Posts

Phishers Ties Up Victims Phones, Killing Notification

/0 Comments/in , , /by

Identity Theft Expert Robert Siciliano

Many of today’s automated processes are designed with security and/or convenience in mind. For example, if a credit card companies’ anomaly detection software detects irregular spending on your credit card the software may freeze your account or call you to make sure you are infact the one making the charge. While this may help to secure you, it also may inconvenience you if you are traveling overseas and are declined or just in a hurry and trying to catch a flight.

These same technologies may or may not involve a human at different touch points during their activation periods. What’s happening today is the bad guys are figuring this out and they are determining when theses touch points occur and are tricking the system so they can move forward with their fraudulent activities.

In some cases when a money transfer may prompt an automated call alerting an account holder to the transaction the only requirement of the system is to make the call. The automated system doesn’t necessarily have to talk to a human and the human doesn’t need to do anything. This seems like a flawed system.

In the case of a Florida doctor a telephony denial-of-service attack flooded the victim’s phone with diversionary calls while the thieves drained the victim’s account. In some cases, the victim heard recordings from sex chat lines and in other calls he heard dead air when answering the phone. Sometimes he heard a brief advertisement or other recorded message.

Wired reports the doctor discovered that $399,000 had been drained from his Ameritrade retirement account. About $18,000 was transferred then $82,000-transfer followed two days later. Five days after that, another $99,000 was drained, followed by two transfers of $100,000. The thieves withdrew the money in New York.

Most likely the initial compromise was via a phishing email that he responded to. Once he responded to the phish, the criminals began the process of setting up VOIP telephones systems to bombard his telephone lines so he couldn’t answer the phone to receive the alert.

Currently any financial institution that employees technology that automatically relies on the telephone system to notify account holders of a transaction is at risk.

If you mistakenly respond to a phish email and give up your data, knowingly or unknowingly, and find yourself being bombarded with a flurry of odd phone calls, it may be a sign you’re being scammed.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing criminal hackers on Fox News.

10 Ways To Prevent Phishing

/3 Comments/in , , , /by

Identity Theft Expert Robert Siciliano

The Anti Phishing Working Group published a new report seeking to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖ phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and ―crimeware – malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts. Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.

There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.

Adapted from APWG

1. Be suspicious of any email with urgent requests for personal financial information. Call the bank if they need anything from you.

2. Spot a Phish: Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately

3. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.

4. Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle

5. Avoid filling out forms in email messages that ask for personal financial information in emails

6. Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.

7. The newer version of Internet Explorer version 7 and 8 includes this tool bar as does FireFox version 2

8. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate

9. If anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers

10. Ensure that your browser is up to date and security patches applied

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Mobile Phone Becoming Bigger Target For Hackers

/0 Comments/in , , , /by

Identity Theft Expert Robert Siciliano

Mobile Internet access and mobile service usage is growing rapidly and cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for innovation created by application developers and other content creators who are increasingly demanding more device access. As their requests grow in numbers and they distribute their products more widely, security breaches will be inevitable.

Mobile phones used to be bulky and cumbersome; they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Clearly, cell phones have evolved. Today’s mobile phone is a compute, that rivals many desktops and laptops being manufactured today. I’m continually blown away at the capabilities of my iPhone.

What makes Mobile phones vulnerable is the speed and advancement of technology and businesses continued demand for products and services that work on a phone. In other countries almost all banking is done on a phone.

Complicating matters is spyware. Spyware was created as a legitimate technology for PCs. Spyware tracks and records social network activities, online searches, chats, instant messages, emails sent and received, websites visited, keystrokes typed and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. As a virus, spyware on a PC or phone is an immediate compromise of that phone’s data.

When anti-virus vendors like McAfee introduce anti-malware solution to secure Android-based smartphones, then you know mobile phone hacking has gone mainstream. The McAfee® VirusScan® Mobile technology is available now for users of Android and Windows Mobile-based smartphones providers.

The scary part is mobile phone spying software is affordable and very powerful. I worked with Good Morning America (GMA) on this issue.

GMA found thousands of sites promoting cell phone spying software, boasting products to “catch cheating spouses,” “bug meeting rooms” or “track your kids.” Basic cell phone spying software costs as little as $50.“ Someone can easily install a spyware program on your phone that allows them to see every single thing you do all day long, via the phone’s video camera. GMA spent $350 to get the features that remotely activate speaker phones, intercept live calls and instantly notify you every time a call is made.

Not all spyware is bad. Certainly if you install spyware on your 12 year old daughters phone, it’s to monitor and protect her, but when installed unknowingly on a phone that’s used for mCommerce, or business applications, then there is cause to be concerned.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Want Privacy? On Facebook? Shut Up!

/0 Comments/in , , , , , /by

Identity Theft Expert Robert Siciliano

There seems to be a groundswell of people who are anti-Facebook today.

Google “Facebook” and “Privacy” and 761,000,000, that’s seven hundred and sixty-one million results come up in a quarter second. WHY? BECAUSE THERE IS AN OBVIOUS ISSUE WITH FACEBOOK AND PRIVACY. The major issue here is not that Facebook isn’t private, it’s that some people want it to be private and its not and they can’t have their cake and eat it too. Privacy has always been a hotbed media grabbing issue that sells news too, so the few privacy pundits that there are, get all this attention by pointing the finger.

Mark Zuckerberg, Facebooks head dude said “people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.Then he went on to say “that social norm is just something that has evolved over time.”

Nick Bilton a New York Times writer interviewed a Facebook employee and shortly after tweetedOff record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.”

So if the head of an organization is telling you straight out, privacy isn’t really a concern, then why expect anything different? If you are about to book a cruise and you are told the captain of the ship likes to drink ALOT and he has a habit of hitting icebergs, would you get on the ship? If you don’t like the way things are done at Facebook either shut up or delete your profile.

I personally have no hard feelings towards Facebook, I also don’t share intimate details of my life and I understand the implications of the service. My angst is towards its users who say and do things that make themselves vulnerable to crime and online reputational disasters. Like Howard Stern’s dad used to say to him “I told you not to be stupid you moron.

And now that politicians are stepping in and making a fuss, Facebook is now the new privacy battle ground. These same politicians won’t do anything or accomplish anything. They just love the attention. And with 400 million people on board, I think privacy is deader than dead, a rotting corpse that just smells bad and we will complain as long as the stink lingers. Openness and transparency along with sharing too much information is the norm. But that doesn’t exclude you from at least understanding the risks, taking some responsibility and being smart about how to use it.

Protect yourself:

Use URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave your networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

Criminal Hackers Had Their Best Year

/0 Comments/in , , , , , /by

Identity Theft Expert Robert Siciliano

The FBI reported that last year, organized criminals made double what was reported in 2008. Phishing emails containing the name and logo of the FBI were one of the top money makers for scam artists.

Successful scams included auction scams where products were bought and paid for but product was not delivered. Advanced fee scams also topped the list.

Scammers will say and do anything to get a person to part with their money.

Never automatically trust over the phone or via the internet. Unless the business is one that is well established online; don’t ever send money that you can’t get back. Never send money in response to an email or a phone call or even a classified ad. Money orders and wiring money have less security than a credit card does.

Anytime the transaction involves wiring money, that’s a dead giveaway. In any virtual transaction, I’d suggest using a credit card, but not without first checking the legitimacy of the business or the individual. A quick scan online of a company, individual, or even the nature of a transaction can often provide enough information to make an informed decision.

Scareware was also a big player. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

The software is sometimes known as “AntiVirus2009” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Ransomeware on Fox Boston.

Top 10 Jobs For Criminal Hackers

/0 Comments/in , , , /by

Identity Theft Expert Robert Siciliano

So you wanna go to the dark side? You’ve been hearing all about this hacking thing and you’d like to impress your girlfriend and show her how you can hack into corporate databases eh? Well, first if you are nodding your head, you’re an idiot. Second, chances are better than ever that you’ll get caught. Law enforcement is actually getting pretty good at finding the bad guy. In the meantime, the FBI posted the top jobs in computer crime and the bad guys are hiring.

They need:

1. Programmers: They are the dudes that write the actual viruses that end up on your PC because you were surfing porn or downloading pirated software off of torrents.

2. Carders: the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet.

3. IT Dudes: these are like any computer professionals who maintain all the hardware to keep the operation running as it should.

4. Criminal Hackers: these are the tech savvy penetration testers who aren’t legitimate penn testers but black hat hackers. They look for vulnerabilities in networks and plant code to exploit the users.

5. Social Engineers: these are the scammers and liars that think up all the different scams and communicate with people via phishing emails.

6. Hosted Systems Providers: are often unethical businesses that provide servers for the bad guy to do his dirty work.

7. Cashiers: provide bank accounts where criminals can hide money.

8. Money Mules: these may be unsuspecting Americans who act as shipping managers and do the dirty work for the bad guy and open bank accounts too. Sometimes the mule may be foreign and travel to the US specifically to open bank accounts.

9. Tellers: Help transfer and launder money through digital currency’s such as e-gold.

10. Bosses: These are the Mafia Dons. They run the show, bring together talent, manage, delegate, tell people what to do and maybe cut a head or two off.

If this whole writing, speaking and consulting thing doesn’t pan out I know who is hiring.

Invest in Intelius identity theft protection and prevention. Not all forms ows.f identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing hackers on Fox News.

Why Everyone Should Learn to Be A Hacker

/1 Comment/in , , , , /by

I know enough about hacking to make all of my software un-usable, mess up my operating system, and crash my PC. I also know enough about hacking to re-install my operating system, re-install all my software and get my PC running fresh and relatively secure. I’m no criminal hacker. And I am not suggesting that. Nor can I program; I don’t know code but I do know enough to hack in a way that keeps me running, and again, secure.

Hacker isn’t a bad word and hacking isn’t a bad thing to do. It’s something that if everyone who plugs into a PC every day did, they’d be a heck of a lot more versed in the functionality and security of a computer.

The beauty of becoming a “do it yourself” (DIY) hacker is you don’t need to pay a dude to come to your home or office to fix your computer when it’s not working. Three hundred and twenty five years ago I used to pay someone to fix me. Now I can do most of it myself, and when I don’t know how to do it I look it up on Google. Chances are if you have had this problem, then thousands of others have too. There are a bazillion forums that you can go to and solve annoyances and real technology issues.

Once you start asking questions you begin to find people who know the answers. Next thing you know you are the person with the answers. Along the way you connect with people that are smarter than you are who actually do know code and how to really hack a system. Then keep this stable of experts on your contact list so when you are in a pinch, you reach out. But do your best to figure it out on your own first so you aren’t constantly bugging them. You’d be amazed at how capable you are once you invest the necessary time to learn this stuff.

Another great way to learn how to be a DIY hacker is through tech support of your new PC. Most computers come with a one year guarantee that includes phone support. Now many people complain about lousy support, but the hundred or so hours I’ve spent over the years with these people from all over the world has definitely upped my hack-abilities. Even when the tech support guy is wrong, you learn something.

Recently I got rid of all my old 5-6-8 year old PCs and upgraded all but one to Windows 7 boxes and couldn’t be happier. In the process, I had to go through a litany of changes that were always frustrating, but made me a better, smarter, faster DIY hacker. I’ve spent about 20 hours with tech support on the phone getting everything to work like it should and now I know how to do it myself when things go wrong.

“Why I want my daughter to be a hacker” is the title of a post that’s been making waves in the blogosphere. It doesn’t exactly make my point, but worth a read.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the identity theft on CNBC.

Why We Need Secure Identification

/0 Comments/in , , , , , , /by

New York police have served warrants dozens of times to an elderly couple looking for suspects the couple has no knowledge of. “Police have knocked on their door 50-plus times since the couple moved into their home in 2002, looking for suspects or witnesses in murder, robbery and rape cases, according to reports. The couple has been visited by law enforcement up to three times a week. Authorities are investigating the possibility that the Martins’ identities may have been stolen.”

Criminal identity theft is when someone commits a crime and uses the assumed name and address of another person. The thief in the act of the crime or upon arrest poses as the identity theft victim. Often the perpetrator will have a fake ID with the identity theft victim’s information but the imposters’ picture. This is the scariest form of identity theft.

In Mexico plans are rolling out to identify  110 million citizens into its national ID card program. “The program will be among the first to capture iris, fingerprint and facial biometrics for identification.  Similar programs around the world use biometrics for voter registration and even financial transactions. Possible uses for the card include  identification, driver licenses, collection of tolls, a travel card and an ATM card.”

In India, they are in the process of creating the Unique Identification Authority to identify their 1.1 billion citizens. A uniform ID system with biometric data, which should launch next year, will be designed to curb fraud and effectively identify their citizens. It could also make many new commercial transactions possible by allowing online verification of identities by laptop and mobile phone.

In the US, in order to end illegal immigration politicians have proposed a worker identity card and quoted from the New American “Ending Illegal Employment Through Biometric Employment Verification,” Reid, et al, set forth their chilling scheme to require all Americans to carry a 21st Century version of the Social Security Card. The national identification card will be embedded with biometric data detectable by federal agents. Specifically, the Reid plan will mandate that within 18 months of the passage of immigration reform legislation, every American worker carry the “fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer.”As if that isn’t enough to freeze the blood of any ally of freedom and our constitutional republic.”

“Chilling scheme” and “freeze the blood” or a step towards security? I wonder if the couple in New York or the millions who have had their identity stolen wish they were properly identified.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Social Security numbers on Fox News.

Why American’s Identities Are Easily Stolen

/1 Comment/in , , , /by

Identity Theft Expert Robert Siciliano

We can fix this thing, but we won’t because we don’t want to be inconvenienced. I’m introduced to amazing technologies every week that will stop this. All they need is government support and system wide adoption. Meanwhile, Chuck Schumer and Ed Markey and the rest of the grand standing politicians scream about privacy and security issues when they see an opportunity for publicity, but their follow through is less than satisfactory.

We use easily counterfeited identification, Social Security numbers that are written on the sides of buses and we rely on the anonymity of the phone, fax, internet and snail mail as a means of application.

In other countries they solve problems. They have priorities and don’t deal with the rhetoric.  They put security first, convenience second.

Cedric Pariente from B32Trust tells us that in Paris, France you need to open an account first before a loan is granted by a bank. In order to do so, you need to provide them with a printed copy of your ID card and proof that you still live where you claim to live (last electricity bill usually.) Then they can check your credit history and decide to grant you with a loan or not. Most of the time, they just check that your debt is not over 30% of your income. You have to be a bank client. Doesn’t seem they allow phone, fax, internet or snail mail transaction when granting credit.

In the UK, Keith Appleyard echoed something similar to France’s system: you have to present yourself in person with a Government-issued Photo ID such as Passport or Drivers License, plus a proof of address less than 3 months old, such as a bank statement or utility bill. Keith further explained the whole UK population had vetting their Identity Credentials and one of the last people to be vetted was the Queen of England, but she is not exempt. So she meets with her Bankers, but she doesn’t have a Passport or Birth Certificate or Drivers License. So she asks them to take a Sterling Currency note out of their wallet, points to her picture engraved on the note, and says “yes, that’s me”. So they officially recorded the Serial Number on the Currency note as being her Identity Document. I think that process may need looking into. J

In Australia, Stephen Wilson from the Lockstep Group discussed identification of customers opening bank accounts has been regulated since the 1980’s.  They have a roster of “evidence of identity” documents (passports, Australian driver licenses, government issued cards of various sorts, other bank accounts, utility bills, birth certificates, naturalization certificates …) each of which is equated to a set number of “points” reflecting broadly the quality of the document as proof of id.  You need to present 100 points total to open an account.  Usually passport + driver license suffices.

Gavin Matthews of SECCOM GLOBAL in Australia adds the system can only be compromised with forged items, which are not that easy to obtain. Like our money these days we have holographic licenses, chipped passports etc. However it does happen regularly and organized crime is the main culprit (Asian gangs, motorcycle clubs etc) and replication of stolen items probably makes up 70-80% of beating this system. There have been cases here of people working for drivers licensing authorities in various states being indicted for fraud etc and being linked back to organized crime.

In Finland, Kalle Keihanen from the Nordea Bank Finland Plc added the modern IDs are pretty tough to forge and forgeries easy to spot by professionals like bank tellers. If there is a suspected fake document the police are summoned and their database includes pictures and such of the real person.

When opening a bank account, the social security number on the ID is first mathematically verified (it has a simple algorithm built in), and then submitted electronically to a national registry, which then returns the name, address and credit info tied to that SSN. Utility bills or such are therefore not needed.

The low identity theft figures in Finland are mostly due to the SSN, where the system does real-time checks on the status of the identity, combined to a difficult-to-forge array of ID papers (passport, driver’s license, national id). Also, nearly 100% of Finns always carry a picture ID, since the law requires “every person of age 15 and up to be able to reliably prove their identity to the authorities.” Thus, there is a “chain of picture identity papers” starting from childhood in the national registry and any new ID application is verified against previous ones and the photos in the database, making applying for an ID with a stolen identity extremely difficult. You can only apply for an ID to replace one that is broken or expiring. Stolen or lost IDs are always submitted for criminal investigation before a replacing ID is issued.

While none of these systems are perfect, they are a step in the right direction and far better than the US’s honor based system. At least we have corporations that are providing what the government won’t. But that still doesn’t fix the problem.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the criminal hackers on Good Morning America.

Secret Service: ATM Card Skimming Five Times Higher This Year

/1 Comment/in , /by

Identity Theft Expert Robert Siciliano

ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight. Skimming devices have been found recently at ATMs at a Bank of America in Daytona Beach and one weekend last month people came and went from the automated teller machine outside a Chase Bank in Escondido, California. They slipped in their cards, took their money and left.

In Boston, police uncovered an international ATM skimming ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals. Apparently a few more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe.

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

Don’t expect the banks employees to protect you. At a bank in NY an alert customer pulled a skimmer off the ATM and brought it into the bank manager who had never seen a skimmer.  She thanked him. He came back in moments later with the small wireless camera. She thanked him again then she shut down the ATM.

Generally, if you can pull something off the face of the ATM where you’d slide your card through, that’s probably an ATM skimming device see pictures here.. Banks are investing in new technologies, such as internal hardware that can jam the signal of skimming devices. But customers need to be aware of the problem and keep an eye out for devices affixed to the front of ATMs or cameras mounted near small mirrors or on brochure holders.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

See more skim demonstrations on Extra TV.

The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

You can protect yourself from these types of scams first by covering your pin!! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations.

Ultimately, you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases an can be as early as a week.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston.