Posts

Parents Navigating the Social Media Mess

Robert Siciliano Identity Theft Expert

Children say and do things that make them vulnerable to dangers in the outside world. A parent can parent all day long and do everything possible to protect their kids from themselves, but a child’s persistence to have their way can wear a parent down. It’s a constant fight that makes a parent adopt a philosophy where they “pick their battles.

Growing up, it wasn’t all that uncommon for a parent to spank their kids to teach them a lesson. I experienced the occasional “windmill” from my father that set me straight more than once. And I’m thankful for it. By all accounts, if you add up all the number of risks I took and how many times the speedometer redlined and all the stupid things I did, I really shouldn’t be writing this. If a cat has nine lives I have 999,999,999,999. I think that’s trillion.

At one point political correctness crept into our culture and the fear of a child calling the Department of Social Services (DSS) on their parents because of a deserved fanny smack sent a cold chill down every parent’s spine. I’m certainly not saying it’s OK to beat your kids, or cage them for that matter. And when a child has zero fear of a parent, they tend to walk all over them. It’s in their nature to manipulate until they get their way. I’m just sayin.

A 16 year old ungrateful, self righteous teen has filed charges against his mother for making entries on his Facebook page. The kid further filed a no contact order against his mother. The mother apparently took over his Facebook account after she noticed some reckless behavior.

She was quoted saying “I read things on his Facebook about how he had gone to Hot Springs one night and was driving 95 m.p.h. home because he was upset with a girl and it was his friend that called me and told me about all this that prompted me to even actually start really going through his Facebook to see what was going on.”

What mother wouldn’t be concerned?  Hey kid, the day you deliver anything in excess of 10 pounds out of an orifice on your body, then you can have a say. I hope you have kids just like you.

I think my head is going to explode.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America

ID Theft Ring Gleaned Socials From Medical Records

Robert Siciliano Identity Theft Expert

Medical identity theft occurs when the perpetrator uses your name and in some cases other aspects of your identity, such as insurance information, to obtain medical treatment or medication or to make false claims for treatment or medication. As a result, erroneous or fraudulent entries wind up on your medical records, or sometimes entirely fictional medical records are created in your name. Financial identity theft as it relates to new account fraud is when an identity thief gets the victim’s Social Security number and opens new financial accounts under the victim’s name. There’s very little protection from this due to a flawed system of open credit and lack of authenticating the actual “owner” of the SSN.

In Chicago, ABC News reports “Seven people have been arrested in an identity theft ring that allegedly used information stolen from victims’ medical records to obtain credit cards. The identities of more than 200 patients of a Chicago hospital were stolen. The information was stolen from the offices of the Northwestern Medical Faculty Foundation. That information led to $300,000 worth of goods and services being racked up on fraudulently.The suspects are even accused of using Facebook to post photos of themselves posing with stolen clothing and jewelry.”

One of the rings leaders alleged to have been a part of the group, is being held on $100,000 bond. Apparently her third run-in with the law.

Her mom said “That’s really not her. She is a good person. She do have a heart.” She “do”, huh? She do like to steal identities too. And she do like to buy her nice stuff with those stolen identities. The victims have to spend many hours cleaning up their good names. They may be denied loans in the process or jobs or insurance due to bad credit.

You do need to protect yourself from new account fraud and identity theft protection and a credit freeze is the best way. I did a spot on Good Morning America on this story below.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ID Theft Ring on Good Morning America

Social Media Security: Using Facebook to Steal Company Data

Robert Siciliano Identity Theft Expert

There is a reason why computer users are called “users.” Like crack addicts who are drug users, more is never enough. And when under the influence, people do stupid things. I find myself scanning the Dell catalog like it’s the latest (or any) Victoria Secrets catalog. I’m amazed at how many people I know are online all day long and digitally stoned. The bad guy knows you are obsessed and uses this against you. He sees that you are comfortably numb here. He understands that in the virtual world you’re delirious and more apt to respond to his message then log your credentials.

Meanwhile Facebook’s security and privacy issues are being challenged from all sides. And during the brouhaha one of the Facebooks investors fell for a Facebook phishing scam.

Steve Stasiukonis is vice president and founder of Secure Network Technologies Inc. and publishes to Dark Reading tested his clients network using a bogus identity, and joined the companies Facebook site and started mining the names and email addresses of individuals who identified themselves as employees.

As he collected a database of names for a penetration test in the phish, he secured a domain name similar to that of his client. This domain name took on the appearance of a human resources or benefits portal. When he emailed the employees as “human resources,” they were redirected to a Web page, such as https://www.xyzcompany-benefits.com.

He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his companie’s Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers’ network.

Steve says:

— Officially sponsor the social networking site and assign an administrator who is responsible for permitting employees to join. This will help control somebody infiltrating the site for devious purposes.

— Establish a social networking policy. If your employees are participating in social networking sites (company sponsored or not) make sure company policies dictate what is and is not permissible. For example, divulging your corporate email account on social networking sites should not be permitted.

— Last but not least, if employees feel the need to gather and converse about their day-to-day work, personal lives, and hobbies, consider a corporate intranet. Maybe someday social networking vendors will launch a product that will provide the same features and benefits, but with the security tools needed to keep employees and company secrets safe. But in the meantime, it’s up to you.

Sober up and protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

Criminal Hacker Gets 20. Books, Movies and Hollywood Starlet Next

Robert Siciliano Identity Theft Expert

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided “dumps,” a term which refers to stolen credit card data, to “carders.” “Carders” are the people who buy, sell, and trade stolen credit card data online.

“Gonzalez and his hacking buddies hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster’s, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They used some of the stolen numbers to remove cash from ATM machines and sold many of the other numbers to other criminals, including those in Eastern Europe.”

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Wired reports Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

It was reported that Gonzalez buried a million dollars in the backyard of his parents’ Miami home. At one point he cracked and drew a map for investigators to find the money. WOW!

How many people in the course of history have actually dug a hole and buried a million bucks in it? I can’t wait to see the movie. I’d be happy playing a part in it. I’ll be the shovel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America

Why Debit Cards Are a Nightmare

Robert Siciliano Identity Theft Expert

Not all plastics cards are created equal. The major differences in credit vs. debit is in the protections (or lack of protections) that come along with the fine print. A debit card is connected directly to a persons bank account and when compromised can devastate your bank balance.

I know too many people who’ve fallen victim to some type of debit card fraud whether through skimming or unauthorized purchases and never recouped their losses. Sometimes the banks just won’t budge. They tend not to believe a person who’s PIN and card number was leaked.

Creditcards.com reports The Federal Reserve’s Regulation E  (commonly dubbed Reg E), covers debit card transfers. It sets a consumer’s liability for fraudulent purchases at $50, provided they notify the bank within two days of discovering that their card or card number has been stolen. TWO DAYS. That’s it! After that, the maximum liability jumps to $500. Some banks will extend the grace period up to a year, but good luck getting your money back.

Federal laws limit cardholder liability to $50 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

Don’t use a debit card. Use credit cards and pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Debit Card Fraud on CNBC

If You Want To Be an Identity Thief, Go To Jail

Robert Siciliano Identity Theft Expert

Willie Sutton a famous thief when asked why he robbed banks he was quoted saying, Because that’s where the money is.” Where’s the money today? Identity Theft! What’s a great way to commit identity theft? Go to jail.  Prisons in eight states let convicts work in jobs that give them access to Social Security numbers and other personal information for the public, despite years of warnings that the practice should end, a federal audit finds.

In a related story all sex offenders convicted of pedophilia will be made swimming coaches at summer camps.

“Although we recognize there may be benefits in allowing prisoners to work while incarcerated, we question whether prisoners have a need to know other individuals’ Social Security numbers,” the audit says. “Allowing prisoners access to Social Security numbers increases the risk that individuals may improperly obtain and misuse (the data).”

States where prisoners have direct access to Social Security numbers: Alabama, Arkansas, Kansas, Nebraska, Oklahoma, South Dakota, Tennessee and West Virginia.

“In Kansas, where five prisons allow inmates to hold jobs processing data with personal identifying information, a prisoner was found last year to have stolen names, birth dates, and Social Security numbers while in a job making digital images of public records, the audit says. The data was found in a routine search of inmates when their shift is over”.

What we’ve got here is a failure to communicate. Some men you just can’t reach. And I’m not talking about the prisoners. Any government agency head that sees fit to put a felon in charge of personal identifying information that can lead to identity theft needs to be put on a chain gang himself. With incompetence like this its no wonder 10-12 million people are victims of identity theft every year.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News.

Top 10 Cities for Cyber Crime

Robert Siciliano Identity Theft Expert

I love that dirty water, oh Boston you’re my home. Boston Legal, “Cheers,” Boston Bruins, Red Sox, Celtics, Chowda, Lobsta, Pahkin the Cah in Havad Yahd and home to the second worst ranking of cyber crime in America. Lovely! Seems whatever advice I give in Boston media, means squat. After all, I am a Proper Bostonian. Boston missed first place by a lousy 11 points. I blame the college kids. Boston has the highest concentration of college students on the planet. It’s their fault. Seattle took first place. What’s your excuse Seattle? Microsoft?

1. Seattle
2. Boston

3. Washington, D.C.

4. San Francisco

5. Raleigh, N.C.

6. Atlanta
7. Minneapolis
8. Denver
9. Austin, Texas

10. Portland, Ore.

Cities with high concentrations of “spam zombies” placed the highest. Becoming a Zombie and part of a Botnet happens to PCs that aren’t properly secured, coupled with user behavior that invites attacks.

If you are surfing porn all day or gaming on distant websites in foreign countries then you are at a higher risk. Downloading files from P2P sites or seeking software cracks or pirated content is also risky. Remember frat boy, there is no honor among thieves.

The Boston Business Journal stated another factor is the Hub’s many unsecured WiFi hotspots — 53.6 per 100,000 residents — where cyber criminals may lurk, trolling for unwitting users. While high-profile or widespread computer attacks are relatively rare, small-scale attacks like these threaten even savvy computer users, the report noted.

Hey Top 10, pay attention:

Computers that are old and have outdated unsupported operating systems like Wind 95/98/2000 are extremely vulnerable.

Systems using older outdated browsers such as IE 5, 6 or older versions of Firefox are the path of least resistance.

Update your operating system to XP SP3 or Wind 7. Make sure to have automatic updates for anti-virus. Don’t engage in risky web-based behaviors.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM Skimming on Fox Boston.

Kickball is DEAD, 1 in 4 Children Hack

Robert Siciliano Identity Theft Expert

 A few months ago I interviewed a criminal hacker who hacks out of a hut in Ghana stealing data all over the world. He has children ages 9 and 12 and he stated “they hacked all over the world man.” He teaches his kids to hack. It’s not just a lifestyle, it’s an occupation. He and his kids are the most famous in their village.

 It comes as no surprise to me, but it may be to you that a survey has found that one in four school children have attempted some level of hacking.

SC Reports “Despite 78 per cent agreeing that it is wrong, a quarter have tried to surreptitiously use a victims’ password, with almost half saying that they were doing it ‘for fun’. However 21 per cent aimed to cause disruption and 20 per cent thought they could generate an income from the activity. Five per cent said that they would consider it as a career move.

Of those who had tried hacking, a quarter had targeted Facebook accounts, 18 per cent went for a friend’s email, seven per cent for online shopping sites, six per cent for their parent’s email and five per cent breached the school website. A bold three per cent had honed their skills enough to aim much higher with corporate websites under their belts.”

Children’s hacking is kids playing. Hacking is replacing dodge ball. Kids today don’t know what it means not to have the Internet. I see more articles talking about how to get your kid outside and away from the computer. Part of the problem is kickball got out a lot of the childhood angst and pent up energy out of their systems. Now they funnel that energy into using technology. For good and for bad. Kids are mischievous too. And given the opportunity will break, steal or deface whatever is in their path. I was 15 once too; but I was an Angel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Criminal Hackers on Fox News

Report 1.8 Billion Cyber Attacks Per Month

You read that right. While the US government sits high on its perch, snipers are taking aim 60 million times a day. The Senate Security Operations Center alone receives 13.9 million of those attempts per day.

The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point. The fact is, without NSA, US STRATCOM, which directs the operation and defense of the military’s Global Information Grid, and US CERT, attacks on our critical infrastructures would be successful. We’d be living in the dark, telephones wouldn’t work, food wouldn’t be delivered to your supermarket and your toilet wouldn’t flush.

“Like in the rest of the world, the attacks are increasingly targeted and using application flaws, including Office and Acrobat. “In the last five months of 2009, 87 Senate offices, 13 Senate committees and seven other offices were attacked by spear-phishing attacks, which appeared as e-mail messages to staffers, urging them to open infected attachments or click on bad links.” No matter how good their defenses are, nothing’s 100% effective. Some attacks get through.”

The Adobe Reader and Acrobat is a cross platform application that opens and its the Portable Document Format (PDF) ubiquitous on most PCs. Criminal hackers discovered a flaw that allows for an injection of hostile code into unprotected systems.  Studies show in the last quarter of 2009 as many as 80% of all web-based attacks were directed at PDFs.

Adobe Flash is also vulnerable software becoming standard on most PCs where multimedia is present. The Register reports Adobe advises users to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1, as explained in a bulletin here.

Run Windows Update, Install Anti-Virus, Install Spyware Removal Software, Run Firefox, Secure Your Wireless, Install a Firewall, Use Strong Passwords.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Identity Theft Ring Busted on MSNBC

National Identity Card Focuses on US Workers & Immigrants

Robert Siciliano Identity Theft Expert

The Wall Street Journal reports under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

There are too many forms of identification floating around right now that lack standards and overall security. The Social Security card is currently our national identification card that’s not supposed to be used for identification. From a NY Times article from 1998 it states: WASHINGTONFOR many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identification.” That assurance rings hollow today. Congress has authorized so many uses of the nine-digit number, and Americans use it for so many unauthorized purposes, that it has just about become a national identifier. Today your social is connected to everything.

Security Management reports that all workers and mariners attempting to access secure maritime and port areas nationwide will have to flash a government-approved Transportation Worker Identification Credential (TWIC), which includes a biometric identification card before entry. HSPD-12, or Homeland Security Presidential Directive 12, set universal identification standards for federal employees and contractors, streamlining access to buildings and computer networks. Then there is old and new versions of the passport, as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card.

Government has tried hard to create identification that will once and for all standardize the process under the REAL ID Act which is most likely going to be squashed under Homeland Security Secretary Janet Napolitano who is proposing the repeal of the Real ID Act.

“A person familiar with the legislative planning said the biometric data would likely be either fingerprints or a scan of the veins in the top of the hand. It would be required of all workers, including teenagers, but would be phased in, with current workers needing to obtain the card only when they next changed jobs, the person said.”

Many oppose biometrics and New Hampshire has even proposed legislation against it. My money is on biometrics creeping into our lives in the form of a national ID. Like it or not biometrics are coming.

Meanwhile, until there is assigned accountability, which means nobody can pose as you and work as you and open new accounts as you, protect your identity.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News