Posts

How Much for a Fake I.D.?

If you want a Puerto Rican identity, it’s about $6000 for a “tripleta,” which can be used to hide illegal immigrants. Other forms of identification vary in price. A United States passport can range from $950 to $1650 to as much as$5500.

In the U.S., we have as many as 200 different forms of identification circulating, including passports from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. These are paper and plastic documents that can be recreated with a PC, scanner, printer, and laminator.

McAfee Avert Labs researcher Francois Paget found and posted an ad showing U.S. identities for $650 each. It’s not incredibly difficult to buy fake IDs online, but will they pass muster with technologies that look for tampering? Unfortunately, many will.

An order form asks all the right questions:

“By placing your order, you must have read and agreed to our Terms of Service.

The order procedure is the following:

1. You send us all the necessary information (depending on the document you want to order). We receive and process your order and give you payment information.
2. You pay 50% upfront money for document(s) producing.
3. We start to produce your document(s). Time constraints are 2-7 days (depending on your order).
4. We send you scan/photos of your ready-made document(s). You check all the details and give us confirmation.
5. You send us the second half of amount and your delivery address. You will receive your document(s) in several days via UPS, FedEx, TNT Express, DHL or EMS (free of charge for you).”

Here in the U.S., we use numerical identifiers that have no physical connection to ourselves. Some documents contain pictures that may not look like us, especially if eye glasses, beards, hair coloring, hair growth, hair removal, or weight fluctuations are involved. Some identification documents don’t include a photo at all. This is not effective authentication. Worldwide, the system isn’t much more secure.

All this makes it easier to steal your identity. Once the bad guy has a few bits of information, he can easily become you.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national identification on Fox News.(Disclosures)

College Students At Risk For Identity Theft

September is National Campus Safety Awareness Month. I helped Uni-Ball conduct a survey of 1,000 college students and 1,000 parents. The survey revealed that while about 74% of parents believe students are at a moderate to high risk for identity theft, and 30% of all identity theft victims are between 18 and 29, only 21% of students are concerned about identity theft.

It’s no surprise that most college students are indifferent when it comes to their personal and information security. When you are in your late teens or early twenties, you feel a sense of invincibility. However, once you have a few years under your belt, you begin to mature and gradually realize the world isn’t all about keg parties and raves.

Here are a few more interesting statistics:

  • 89% of parents have discussed safety measures with their kids, yet kids continue to engage in risky behavior
  • 40% of students leave their apartment or dorm doors unlocked
  • 40% of students have provided their Social Security numbers online
  • 50% of students shred sensitive data
  • 9% of students share online passwords with friends
  • 1 in 10 have allowed strangers into their apartments

College students have always been easy marks because their credit is ripe for the taking. Students’ Social Security numbers have traditionally been openly displayed on student badges, testing information, and in filing cabinets and databases all over campus. Landlords and others involved in campus housing also have access to students identifying information.

Any parent sending a child off to college should be concerned.

Limit the amount of information you give out. While you may have to give out certain private data in certain circumstances, you should refuse whenever possible.

Shred everything! Old bank statements, credit card statements, credit card offers, and any other documents containing account numbers need to be shredded when no longer needed.

Lock down your PC. Make sure your Internet security software is up to date. Install spyware removal software. Secure your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers. And never share passwords.

Be alert for online scams. Never respond to emails or text messages that appear to come from your bank. Always log into your bank account manually via your favorites menu.

When sending students back to school, consider protecting your family with a subscription to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on any of your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Killer Computer Viruses

When most people think about a virus, they think of a fever, chills, and maybe a potential pandemic. But when they think about a computer virus, they think of a headache, or worse, identity theft.

Unusually, one report claims that a computer virus played a role in the deadliest air disaster in Spanish history. Others refute this claim, arguing that a virus was not the cause.

USA Today reports, “Spanish newspaper El Pais cites a 12,000-page investigative report that outlines how a computer infection, spread via an infected USB thumb drive, may have been a contributing factor. The report says a malicious program precipitated failures in a fail-safe monitoring system at the airline’s headquarters in Palma de Mallorca.”

Whether or not a virus contributed to the delay or cancellation of the flight’s departure, which led to the crash, this type of scenario is possible. Now and in the future, incidents like this may involve malicious technology.

Technology plays a role in many aspects of our lives, and when that technology is corrupted, the results can be disastrous. Consider the extent to which hospitals, banks, water treatment facilities, electrical grids, airports, gas stations, and even roads rely on technology.

Steve Stasiukonis, a penetration tester, describes how USB thumb drives can turn external threats into internal ones in two easy steps. After being hired to penetrate a network, he says, “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.”

In this scenario, the USBs were dropped in a bank parking lot, then picked up by the employees and used to compromise the network. Fortunately for the bank, this was only a test of the network’s security.

Bad guys will use every possible mechanism to accomplish their goals. Do your best to increase your security intelligence. Regardless of your job description, security is everyone’s responsibility.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Good Morning America. (Disclosures)

Internal Revenue Service Identity Theft Scams

There have been many articles written about scammers who pose as representatives of government agencies. But perhaps the most inventive are the scams that appear to originate from the IRS. It makes perfect sense for the IRS to reach out regarding your finances. And regardless of the season, the IRS is really always in business.

I’ve never received a call or an email from the IRS. As far as I know, they do not make calls or send emails. Emails that seem to come from the IRS will often have a name, title, and even “IRS” at the beginning or end of the email address. However, email addresses can easily be spoofed.

Unless you are actively engaged in dialog with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it almost certainly means that someone else has filed a fraudulent return on your behalf in order to steal your refund.

If you are ever a victim of an identity theft issue related to an IRS scam, you may be very disappointed in the way it is handled via the various government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you have an idea who may have done it, the IRS or any other government agency will not release that information. Either way, knowing who did it won’t help you.

All you can do in the event of tax related identity theft is to follow the IRS’s instructions for contacting an agent and resolving the issue. Just be patient, as rectifying the issue may take many hours.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Poor Money Mule Not So Poor

“Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts.

Mules often get hooked into a “small business” or employment that is a function of a criminal enterprise. The mules often respond to “help wanted” ads from online job placement sites. Shipping scams are a common tactic criminals use to employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule, and are generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end, the mule is often bilked and ends up with an empty bank account.

But not this mule, who was arrested and sentenced to 46 months in federal prison for sending more than $860,000 to offshore online scammers. He was caught after a sheriff’s deputy became suspicious during a traffic stop. They found eleven cell phones, fake IDs, $53,200 in cash, and 76 Western Union receipts. This ain’t no poor unsuspecting mule. This guy knew exactly what he was doing.

“He admitted accepting and cashing wire transfers from online shoppers for vehicles, boats, motorcycles and vehicle trailers, then sending that money to Romania or Spain in small amounts to make detection less likely. The items for sale did not actually exist.”

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss money mules and job scams on Fox News. (Disclosures)

Almost 13 Million Records Breached in 2010…So Far

According to the Identity Theft Resource Center, there have been 371 data breaches that have exposed 12,871,065 records so far this year in the United States.

NetworkWorld reports that businesses suffered the most breaches, making up 35% of the total. Medical and healthcare services accounted for 29.1% of breaches. The government and military made up 16.2% of breaches. Banking, credit, and financial services experienced 10.5% of breaches, and 9.2% of breaches occurred in educational institutes.

Even if you are protecting your PC and keeping your critical security patches and antivirus definitions updated, there is always a chance that your bank or credit card company may get hacked. I’ve received three letters accompanied by three replacement cards from my credit card companies over the last few years.

Beyond that, if someone else’s database is hacked and your Social Security number is compromised, you may never know about it unless they send you a letter or if you discover that someone has opened new accounts in your name.

In many cases, if (and that’s a big “if”) a company finds out their records have been compromised, they might provide credit monitoring of some kind. Credit monitoring is definitely something you should take advantage of. However, I wouldn’t wait for your information to be hacked and a letter to come in the mail before you take responsibility for protecting yourself.

I did a radio show today and a man called in telling a story of how he got a letter from his bank, but they didn’t activate credit monitoring for almost six months after he received the letter. With millions of records being compromised every year, consider your data breached!

Don’t waste time by only handling identity theft reactively. Do something about it now.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing celebrity identity theft on CNBC. (Disclosures)

Celebrity Identity Theft Issues

The only difference between a so-called celebrity and you and I is exposure. Their lives are subjected to much more attention than most people and for that they pay a price. Ours is a celebrity obsessed culture that has multiple TV programs every day of the week that focus solely on the lives of the popular people. With that attention often comes baggage unforeseen by the individual prior. But once they are in the spotlight they either shine or crash and burn.

The unfortunate side effect of this much attention is security issues. When a person has so many millions of eyeballs on them chances are there will be a stalker or two along with someone who will do their best to swindle them.

As McAfee recently pointed out criminals are also using celebrities on the internet to hack your PC. Cybercriminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content. Cameron Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web.

Jennifer Anniston along with Anne Hathaway, Liv Tyler, Cher and Melanie Griffith, among others were victims of credit card fraud to the tune of hundreds of thousands of dollars by their beautician. Liv Tyler was swindled out of $214,000. If these celebs weren’t paying attention to their credit card statements chances are they ate most of those fraudulent unauthorized charges. Card holders only have 60 days to dispute fraud. After that it’s up to the discretion of the bank if they want to hear your plea.

To ensure peace of mind —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing celebrity identity theft on CNBC. (Disclosures)

Child Identity Theft

Child identity theft is a growing problem. The Federal Trade Commission estimates that there are 500,000 new victims every year. The culprits are often parents or others who have direct access to the child’s Social Security number. (In my own experience, I’ve had to give out my children’s Social Security numbers to hospitals, insurers, and schools more than I can count.) When irresponsible parents apply for credit in their children’s names due to existing financial hardships, the soiling of their credit begins.

Jason Truxel was denied a mortgage because of bad credit. He had no idea that his credit scores were low, so he pulled his credit reports. He discovered a tremendous amount of debt, and accounts he had never opened. One such account showed that a credit card had been opened in his name when he was 13 years old. Jason found out the hard way that he was a victim of child identity theft. When Jason was a child, his father was convicted of credit card fraud.

You may be saying, “Of course I would never steal my own child’s identity,” but sometimes the custodial parent discovers that his or her ex committed identity theft when notices from bill collectors begin to arrive.

If you ever determine that your child’s identity has been stolen, you should immediately file a report with a local police department. A police report is often the first step to have the unauthorized accounts removed from the child’s credit report.

Creditors often fail to verify the applicant’s age and simply accept a credit application at face value. Children rarely discover that they are victims of identity theft until they are adults, when they are denied a student loan or even a job, if their potential employer runs a credit check and deems the applicant irresponsible based on poor credit history.

Some would say, “Protect your child’s Social Security number,” which is okay advice, but not practical and not really possible. The best solution is to invest in identity theft protection.

To ensure peace of mind and protect your child’s most valuable asset, his or her identity, subscribe to an identity protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss child identity theft on NBC Boston. (Disclosures)

Cameron Diaz Named Most Dangerous Celebrity in Cyberspace

Cameron Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web, according to security company McAfee, Inc. (NYSE: MFE). For the fourth year in a row, McAfee researched popular culture’s most famous people to reveal the riskiest celebrity athletes, musicians, politicians, comedians and Hollywood stars on the Web.

The McAfee Most Dangerous CelebritiesTM study found movie stars and models top the “most dangerous” list this year while politicians like Barack Obama and Sarah Palin are among the safest.
Cybercriminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content.

“This year, the search results for celebrities are safer than they’ve been in previous years, but there are still dangers when searching online,” said Dave Marcus, security researcher for McAfee Labs.

“Through consumer education and tools, such as McAfee® SiteAdvisor® site ratings, consumers are getting smarter about searching online, yet cybercriminals are getting sneakier in their techniques. Now they’re hiding malicious content in ‘tiny’ places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.”

Cameron Diaz Searches Yield Ten Percent Chance of Landing on a Malicious Site
McAfee research found that searching for the latest Cameron Diaz pictures and downloads yields a ten percent chance of landing on a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Fans searching for “Cameron Diaz” or “Cameron Diaz and downloads,” “Cameron Diaz and screen savers,” “Cameron Diaz and wallpaper,” “Cameron Diaz and photos” and “Cameron Diaz and videos” are at risk of running into online threats designed to steal personal information. Clicking on these risky sites and downloading files like photos, videos or screensavers exposes surfers or consumers to the risk of downloading the viruses and malware.

The study uses SiteAdvisor site ratings, which indicates which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top 10 celebrities from this year’s study with the highest percentages of risk are:

Position Celebrity
1. Cameron Diaz – Searching for Diaz results in a one in ten chance of landing on a risky site. She has most recently been in the spotlight with blockbuster movies, “Knight and Day” and “Shrek Forever After.” When “Cameron Diaz and screensavers” was searched, 19 percent of the sites were identified as containing malicious downloads.

2. Julia Roberts – Academy Award-winning actress Julia Roberts is one of America’s sweethearts, and will soon be in the spotlight with her upcoming release of “Eat, Pray, Love.” The overall risk of searching for Roberts is nine percent, yet searching for “Julia Roberts and downloads” results in a 20 percent chance of downloading a photo, wallpaper or other file laden with malware.

3. Jessica Biel – Last year’s Most Dangerous Celebrity fell two spots with searches resulting in fewer risky sites this year. Biel continues to be in the spotlight with her on-again, off-again relationship with Justin Timberlake, and appeared in “The A-Team” in June 2010. While her overall search risk is nine percent, searching for “Jessica Biel and screensavers” results in a 17 percent chance of landing on a risky site.

4. Gisele Bündchen – The world’s highest-paid supermodel moved up two spots since last year. Searching for “Gisele Bündchen and screensavers” can prove risky, 15 percent of the search results for this beauty can put spyware, malware or viruses on your computer.

5. Brad Pitt – Pitt is often in the spotlight with news of his movies and his personal life. It’s no wonder why this leading man has been in the top ten for the past three years. He moved up in rank five spots this year. Downloading photos, screensavers, or other files of Brad can potentially put adware or spyware in your computer.

6. Adriana Lima – Searching for downloads of this Brazilian beauty can direct users to red-ranked sites. Lima is best known for being a Victoria’s Secret Angel since 2000.

7. Jennifer Love Hewitt, Nicole Kidman – Searching for these Hollywood starlets resulted in an equal number of risky download websites.

8. Tom Cruise – With recent buzz around his MTV Awards performance as well as his movie, “Knight and Day,” Cruise rises to the top ten.

9. Heidi Klum, Penelope Cruz – Both of these ladies are consistently in the spotlight, and share the #9 spot. Cybercriminals use their names to lure people to risky sites. Klum hosts “Project Runway” and Cruz has been in the spotlight recently for her role in the “Sex and the City 2″ movie and is expected to be in the fourth film of the “Pirates of the Caribbean” series.

10. Anna Paquin – This “True Blood” star is as dangerous on the Web as she is on the screen. Searching for screensavers of Paquin can lead you to downloads filled with malware.

“Cybercriminals follow the same hot topics as consumers, and create traps based on the latest trends,” continued Marcus. “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.”

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss celebrity identity theft” on CNBC. (Disclosures)