Posts

IRS Fully Reliant on Social Security Numbers

On the Policy, Practice & Procedures page of their website, the IRS addresses the public’s concern regarding Social Security numbers on checks:

Complete Social Security Numbers (SSN) on Checks or Money Orders Remitted to IRS

Issue: Tax Professionals and clients have concerns about taxpayers putting their full SSN on checks remitted to IRS in payment of a balance due. Page 74 of the Form 1040 instructions directs taxpayers to put their full SSN on checks.

Response: The SSN Elimination and Reduction program is presently working on mid-to-long-term solutions to address the use of SSNs on checks remitted to IRS in payment of a balance due. To ensure payments are posted to the correct account, we encourage taxpayers to include their SSNs on checks and money orders submitted to the IRS. IRS processes millions of returns and payments each year, including many from taxpayers with the same or similar names. If you are concerned about providing the SSN, you may consider using the Electronic Federal Tax Payment System. EFTPS is a secure alternative to mailing a check.”

Essentially, if you want to be sure that you’re properly credited for any money paid to the IRS, and avoid being labeled a tax evader, you don’t have much of a choice about including your Social Security number on checks and money orders.

The IRS sent 201 million notices to taxpayers during the fiscal year 2009, and most of those mailings included Social Security numbers. Social Security numbers may also appear in more than 500 computers systems and 6,000 internal and external forms. According to the Treasury Department Inspector General, “this is because Social Security numbers are used to associate correspondence and documents with taxpayer accounts.”

The IRS is currently in the process of reviewing their current reliance on Social Security numbers as primary account numbers for all citizens. Some have suggested that we may eventually switch to barcodes, but if this transition ever does take place, it isn’t likely to happen anytime soon.

At present, the IRS, along with many other government agencies and corporations, relies on Social Security numbers and will do so for years to come. This continued reliance will inevitably result in additional data breaches and therefore, more stolen identities.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore their identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Live ATM Skimming Video Confiscated

ATM skimming, the top ATM-related crime, accounts for about $350,000 in fraud every day in the United States, exceeding a billion dollars a year.

An organization called EAST, or European ATM Security Team, posted seized video footage from a compromised ATM, depicting the installation of a camera and skimmer. The video shows how criminals collect cardholders’ PINs.  It also shows how easily cardholders can protect their PINs. This must-see video is simple, but says a lot. (You can watch more ATM skimming demonstrations on Extra TV.)

EAST explains, “while the vast majority of ATM transactions are completely secure, criminals do occasionally target cash machines to try to either steal cards (card trapping) or to copy cards (card skimming). In both cases, the criminals need to obtain the 4-digit cardholder PIN to allow for fraudulent cash withdrawal. The video shows criminals installing a micro camera above an ATM PIN pad and then placing a skimming device over the card reader throat. The scenes that follow show cardholders conducting transactions at the ATM and it’s easy to see that the criminals can’t obtain the PIN of those who cover their hand when entering it.”

To help combat this type of crime, ADT has introduced the ADT Anti-Skim ATM Security Solution, which helps prevent and detect skimming on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

When using an ATM, beware of skimming devices. The following cardholder security tips are courtesy of the LINK ATM Scheme.

– Protect your PIN by standing close to the ATM and shielding the key pad with your other hand.

– Check to see if anything looks unusual or suspicious about the ATM. If it appears to have anything stuck onto the card slot or key pad, do not use it. Cancel the transaction and walk away. Never try to remove suspicious devices.

– Be cautious if strangers offer to help you at an ATM, even if your card is stuck or you’re having difficulties. Don’t allow anyone to distract you.

– Where possible, use an ATM which is in clear view and well lit.

– Check that other people in the queue are a reasonable distance away from you.

– Keep you PIN secret. Never reveal it to anyone, even someone who claims to be calling from your bank or a police officer.

– Avoid opening you purse, bag or wallet when you’re in the queue. Put your money away immediately.

– Regularly check your account balance and bank statements, and report any discrepancies to your bank immediately.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss ATM skimming on Fox Boston. (Disclosures)

Top 5 Scams to Watch Out For

#1 Nigerian Scams: According to a Dutch study, victims of advanced-fee scams, which are also known as 419 scams or Nigerian scams, lost more than $9 billion in 2009, almost 50% more than the previous year. (This PDF contains the statistics from the study.)

While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams were launched from 69 other countries in 2009. Scammers are broadening their targets to include emerging Internet markets, rather than simply targeting English-speaking nations.

#2 Romance Scams: If you ever hear talk like this, run far and fast: “In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them! ROMANCE is the key to my happiness and to my heart and soul!”

#3 Classified Ad Scams: This story caught my eye: “An online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet. An ad posted to a local online classified website by a man who claimed he was living in Florida. The seller said he had recently moved to Miami, and couldn’t keep his dog due to his new living conditions. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.“

#4 Phishing: Phishing continues to become more sophisticated, more effective, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 between December 29 and January 2, 2010.

#5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component, which gives the phisher full access to the user’s data, including user names and passwords, credit card and bank account details, and Social Security numbers.

Never, ever click on links in the body of an email. There is always a workaround.

Like mom said, if it sounds too good to be true, it probably is. And even if you will never fall for these scams, someone in your life might be a tad more naïve. So educate them.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss job scams on Fox News.(Disclosures)

Mobile Phone Security Under Attack

As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for content creators’ latest innovations, which often require more and more device access. As applications and other content are more widely distributed, security breaches will be inevitable.

The speed of technological advancement and the demand for new products and services make mobile phones particularly vulnerable. In some countries, almost all banking takes place with the use of phones.

Spyware, which was created as a legitimate technology for PCs, further complicates matters. Spyware can track and record social networking activities, online searches, chats, instant messages, emails, keystrokes, websites visited, and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. When a PC or phone becomes infected with spyware, all the data on that PC or phone is immediately compromised.

Mobile phone spyware is relatively new, and is quickly grabbing headlines. As PCs shrink to the size of a smartphone, spyware continues to evolve. This software records nearly everything a person does on a phone. Some spyware programs can record everything in a video file that can then be accessed remotely.

Spyware can be installed on your cell phone remotely or directly. To protect your phone, never click on links in texts or emails, since these links may actually point toward malicious downloads. Keep your phone with you, don’t let it out of your sight, and don’t share it with others. Make sure your phone requires a password, as this makes it more difficult to install spyware.

If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the phone’s operating system. Consult your user manual or call your carrier’s customer service for step-by-step help with this process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss mobile phone spyware on Good Morning America(Disclosures)

Five Ways Identities Are Stolen Online

Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

There are several motives for this type of theft, but the most prevalent is to steal identities. Your identity is your most valuable asset, but most consumers lack the time, knowledge, and resources to protect their identities. Five of the most common ways identities are stolen online are through phishing scams, P2P file sharing, social networking, malicious websites, and malicious attachments.

Phishing: Phishing scams still work. Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish. “Whaling,” or targeting a CEO or other high level executive with a phishing email can be even more successful. As they say, the bigger they are, the harder they fall. Never click links in emails, even if they appear to come from a bank or other trustworthy source. Instead, type the address in manually or use a bookmark.

P2P File Sharing: Peer-to-peer file sharing is a fantastic way to leak company and client data to the world. Obama’s helicopter plans, security details, and notes on Congressional depositions have all been leaked on government-controlled computers via P2P. You should set administrative privileges to prevent the installation of P2P software.

Social Networking: One of the easiest ways into a company’s networks is through social media. Social networking websites have grown too big, too fast, and can’t keep up with security. Criminals know exactly how to take advantage of this, so create policies and procedures that outline appropriate use, and beware of social networking scams.

Malicious Websites: Websites designed to attack your computer and infect it with viruses number in the millions. Hacked websites, along with out-of-date operating systems and vulnerable browsers, put your identity at risk. Use antivirus software to protect your PC and your data.

Malicious Attachments: PDFs used to be safe, but Adobe is the same boat today that Microsoft found itself in years ago: hack central. Adobe’s software or files are used on almost every PC and across all operating systems, and criminal hackers love it. Every browser requires software to view PDFs and many websites either link to PDFs or incorporate Adobe Flash to play video or for aesthetic reasons. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged an Adobe Reader vulnerability.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss P2P file sharing on Fox News. (Disclosures)

Half Billion Records Breached in 5 Years

In the late 90s and early 2000s, hacking had evolved from “phreaking” (hacking phone systems) to “cracking” (breaking into networks). At the time, hackers hacked for fun, for the challenge, and for fame and popularity within the hacking community. But soon enough, the public began spending more time online, shopping, banking, and managing personal affairs. Hackers are no longer wreaking havoc for its own sake, deleting files, or tormenting IT administrators. Now, they’re stealing proprietary data. Instead of fun and fame, today’s hackers are motivated by illegal financial gain.

Over the past five years, criminal hackers from all over the world have been targeting huge databases of Social Security and credit card numbers. The endgame for criminal hackers is identity theft. Once they obtain stolen data, their objective is to turn it into cash as quickly as possible. This either entails selling the data to identity thieves on black market forums, or using the information to create new accounts or to take over existing credit card accounts.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of incidents in which personal data is compromised, lost, or stolen: “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

So when a so-called “identity theft expert” claims that you can protect yourself from identity theft for free, simply by shredding documents, not giving out your Social Security number, locking your mailbox, and monitoring your online accounts, that person does not have the full picture. You should take all these precautions. But when almost everyone’s personal information has been stolen or compromised once or twice, as a result of breaches that are entirely out of our control, it’s clear that you simply can’t protect yourself on your own. This is why identity theft protection is a must.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

Social Media is a Criminals Playground

Social media has become a playground for adults, teens, and tweens. And like on any playground, when you hit the jungle gym or horseplay on the seesaw, there is always a chance that you may go home with an egg on your forehead. Or, if you are like me, a broken collarbone.

Twitter and Facebook have become the most popular sites for frolicking, and the most popular sites for identity thieves — the bullies in the playground. These criminal hackers make social media very dangerous. They are attacking these sites to get at you, the end user. Users’ computers can become infected after users click links that appear to be safe, but actually prompt a malicious download or lead to a spoofed website.

New worms and viruses are infecting social networking websites every day. As these sites expand, they adopt new technologies that sometimes create holes through which they can be attacked. Social networking websites’ open nature allows users to upload content including files that may contain “scripts,” or code, designed to infect the site. Participating in user-submitted surveys, quizzes, and other applications may result in spam or stolen data.

The websites themselves host millions of users and they simply can’t protect every user. New technology is developed at a rate that vastly outpaces the security necessary to keep those technologies bulletproof. Essentially, you’re on your own.

While it is rare for a user to post Social Security numbers, which can directly lead to identity theft, on a social networking website, these websites or their users’ actions can compromise PCs, which does ultimately lead to identity theft.

Always make sure to run antivirus software, such as McAfee Total Protection, and invest in McAfee Identity Protection, which monitors your Social Security number and several other parameters of your identity. Learn more about how to protect yourself at http://www.counteridentitytheft.com/.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Facebook scammers on CNN. (Disclosures)

Identity Theft Consumer Education is Paramount

Credit card companies, banks, financial advisors, retailers, hospitals, insurance companies, and just about every other industry and organization that deals with finances has been affected by identity theft.

All these entities have to deal with fraud at some level. For some it’s an occasional nuisance and for others it’s a part of their daily grind. Most have heavily invested in multiple layers of security, but all remain targets. Each has its own set of issues to overcome and each copes with the same underlying constant: the consumer is often the most vulnerable variable in the equation.

Joe and Sally Main Street generally offer the path of least resistance when a scam is launched. Everything from phishing emails, spoofed websites, un-patched or unprotected PCs, open wireless connections, lack of attention to statements, not shredding data, carrying too much information in a wallet, and overall lack of attention to personal security allows fraud to flourish.

Anne Wallace, president of the Identity Theft Assistance Center, explains that the risks are compounded by the increasing popularity of new technologies like mobile banking and social networking. “The crooks are ever-creative,” she says. “They’re always exploiting new schemes to extract information from consumers.” According to Wallace, ITAC members have an obligation to educate consumers about the security threats posed by emerging technology. “It’s so important to keep talking to people about the old threats, the new threats – on a recurring basis.”

I totally agree. Every institution that deals with identity theft has an obligation to effectively inform and educate their client base about how they can protect themselves from fraud.

Many of these organizations have policies that shift the burden of loss away from the consumers. This is a double-edged sword that does not stop fraud. I’m a big believer in personal responsibility. Whether fraud is the fault of the consumer or a larger entity, a resolution in the best interest of both parties should be sought. It is imperative, however, that the party responsible acknowledges that responsibility. This is how we learn from our mistakes, and how we will eventually overcome fraud. If all parties escape blame, only the scammer wins, and fraud flourishes.

For additional tips and identity theft education, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

Victim Rebuilds Life After Identity Theft

This story is about a victim of criminal identity theft. The victim is a trucker who discovered that his identity had been stolen when his commercial driver’s license was suspended because the thief who stole his identity had been busted for drinking and driving on four different occasions. Imagine.

The consequences of identity theft are often so overwhelming that the pressure affects every aspect of the victims’ lives. Sometimes the stress is so great that people just fall apart. In the case, the victim lost his license, his possessions, and his marriage.

After testifying against the identity thief, the victim, Earl Robert Hood, told the Associated Press, “It was just hard to sit there in that room with him, knowing what he’d done to me and my family. It’s not just me that it affected; it affected all four of my children, too. Because for two years, they didn’t have Christmas.” The victim went on to say the thief didn’t just steal his name; he stole his life. “I’ve lost everything,” he said. “It just completely wiped me out.”

When this victim’s commercial driver’s license was suspended, so was his ability to earn a living. With no money coming in, bills piled up and the downward spiral began.

Hood’s identity was stolen after he handed his personal information over to a potential employer. Job applications often require applicants to provide home addresses, copies of existing driver’s licenses, Social Security numbers, and, in some cases, birth certificates. This is more than enough information for an identity thief to assume a victim’s full identity.

Victims of identity theft are generally presumed guilty until proven innocent. In this case, the perpetrator committed crimes in multiple states, which further complicated the situation. It took years for this victim to recover his license, even after contacting his state’s Attorney General.

Identity theft can happen to anyone.  McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

P2P File Sharing On College Campuses

Peer-to-peer file sharing, or P2P, has become enormously popular on college campuses across the country because it allows students to easily exchange music and video files over the Internet. Tens of millions of people use P2P applications such as Limewire, eDonkey, and BearShare to fill their MP3 players and hard drives with all the music and movies they want, all for free. But even “free” has a cost.

In addition to violating copyright laws, there are other potential dangers when downloading files via P2P. For instance, hackers know that source files on P2P networks are not being validated, so it’s easy to trick you into downloading a virus or spyware instead of the Justin Beiber video you thought you were getting.

The other major issue is the simple fact that P2P programs share your data with all of the other P2P users in cyberspace. Because of this, there is a good chance you might unknowingly share your most precious and private data with the rest of the world.

During installation, P2P programs scan your hard drive, looking for files to share. If you do not exercise caution, your entire hard drive, including any confidential documents it may contain, could be left wide open for anyone to access.

Think about the files you have on your PC right now. Are you storing documents that have your passwords, Social Security number, or bank account information? If you have P2P software on your PC, you could be targeted for identity theft.

Digging through P2P networks for my own research, I’ve uncovered tax returns, student loan applications, credit reports, and Social Security numbers. I’ve found love letters, private photos, videos, and just about anything else that can be saved as a digital file.

P2P networks have even exposed details on a U.S. Secret Service safe house for the president and his family, and revealed blueprints for President Obama’s private helicopter. While you probably don’t have state secrets stored on your PC, you should still take care to keep your sensitive files safe.

Here are some tips to protect you from accidentally sharing data on a P2P network:

The smartest way to stay safe is not to install P2P software on your computer in the first place.

If you think a family member may have installed P2P software on their computer, check for new, unfamiliar applications. A look at your “All Programs Menu” will show nearly every program on your computer. If you see one you don’t recognize, do an online search to see if it is a P2P application.

Set administrative privileges on your computer to prevent the installation of new software without your knowledge.

Use comprehensive security software such as McAfee® Total Protection and keep it up to date.

Make sure your firewall is enabled, and if an application asks you to change your settings to enable access to the Internet, don’t allow it.

P2P file sharing can be tempting, but in most cases, the costly dangers just aren’t worth it.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.