Posts

DOJ Alleges $8 Million Familiar Fraud at Transit Authority

Would Your Employees Notice Millions in Fraud?

The United States Department of Justice (DOJ) announced indictments against two individuals suspected of familiar fraud schemes that led to $8 million in losses for Massachusetts Bay Transit Authority commuter rail operator Keolis between July 2014 and November 2021. Both the scope and the longevity of these schemes are exceptional, although the methods used to steal the money are very common, raising questions about why the individual charged was able to commit this fraud for so long.

What Happened in the Keolis Familiar Fraud Case?

John P. Pigsley of Beverly, Massachusetts, a former Assistant Chief Engineer of Facilities for Keolis Commuter Services, has been accused of running two schemes that netted $8 million. In the first scheme, Pigsley is accused of conspiring with John Rafferty of Hale’s Location, New Hampshire, the former General Manager of LJ Electric, to create fraudulent invoices for vehicles and equipment, leading to more than $4 million in losses.

In the second scheme, Pigsley is accused of ordering copper wire for Keolis projects, picking it up himself or delivering it to his home address, then selling it to scrap yards. Over the course of several years, Pigsley is alleged to have made more than $4.5 million from the scheme. The actual value of the stolen material was not disclosed.

In a statement, Keolis Commuter Services said, “In late 2021, our enhanced financial controls and project management oversight identified project anomalies linked with the practices of an employee.” According to the DOJ indictment, this was 7 years after the fraud began.

Employees Must Be Empowered to Recognize Risks

Cyber threats are not the only challenges that businesses face. Familiar fraud, committed by an employee, family member or trusted business partner, can be more devastating and more difficult to detect. As with cyber security, employee training is essential to prevent losses. Employees must know how to recognize fraud and trust their instincts. They must also feel empowered to call out anything suspicious.

In the DOJ indictment against Pigsley, three common familiar fraud techniques that should have been caught stand out:

  1. Phony invoices: This is one of the most common types of familiar fraud. An employee with purchasing authority may conspire with a third party to create fake invoices and split the proceeds, or set up shell companies to invoice for goods and services that do not exist. This type of fraud can be difficult to detect in large, complex organizations, such as a railway operations company, or in businesses that frequently order large volumes of material from multiple vendors. Strong vendor approval and verification processes must be in place to detect this type of fraud; all new vendors should be verified by someone other than the person placing the orders. Shipments should be tracked and matched against invoices for at least the first 90 days of any new relationship. Any changes in volume or frequency in orders with a particular vendor should be flagged for follow up.
  2. Home deliveries. There are very few circumstances where an employee should receive materials shipments at home. Home addresses for all employees with purchasing authority should be kept on file by accounting staff. Any deliveries that match against a home address should be flagged for review. Any changes in regular delivery addresses, even if they only account for a portion of a shipment, should also be flagged for review.
  3. Personal pickup. Some employees may pick up and deliver materials as a regular part of their job. In an ideal world, purchasing and pickup are separate, so that no single employee has the ability to order and collect goods. When this is not practical, regular audits must be conducted of employees who can both order and deliver supplies, services and materials. Employees should be able to provide invoices for what was ordered, receipts for what was received and documentation for what was delivered.

Familiar fraud is one of the most difficult challenges that businesses face, because it comes not from external actors, but from trusted co-workers, friends and family. Proper business controls can prevent it, but only if employees understand what to look for and how to respond. Protect Now’s CSI Protection Certification training focuses on cyber crime but enables employees to spot any kind of suspicious behavior by teaching them to trust and act on their instincts. To learn more about our training programs, contact us online or call us at 1-800-658-8311.

This GUN Website is a Fraud. How to Determine if a Website is Fake or Real

There are many scammers out there, and one of the things they like to do is to create fake sites that are meant to trick people into giving them personal information, commit identity theft or wire fraud or they’re designed to facilitate a P2P payment like Venmo or PayPal or they’re designed to siphon money via a wire transfer.

One such site is https://empiregunshop.com/ Empire Gun Shop is set up specifically to scam users via a wire transfer. I stumbled upon the site via a Google search looking for a specific part for an old firearm that was provided to me. Google index’s the site, which is scary, and people are being scammed every day. The site has been in operation since March 2020. They also have a Yelp and a Yellow Pages listing which furthers their “legitimate” presence. What also makes this site so effective, beyond the quality web development, is the fact that the URL has HTTPS meaning the “S” designates it is a “secure site” but that doesn’t mean it’s safe.

The site also has a “Live chat” feature that allows visitors to immediately connect with a live operator. And if you do, and feel free to try it, they will respond directly to you. And what is likely to occur is they will set up a wire transfer either via email or via chat. All communications with the scammers are done via a Google voice phone number. I’ve talked to them, engaged in email communications and text. Based on their thick heavy accents and they’re utter brazen attitudes, it’s likely they are from West Africa or Nigeria etc.

Their “Contact us” page provides both a phone number and an email address. And as soon as you contact them they will respond. They will convince you that they have your product in stock, and they will work with you to set up a wire transfer or a peer to peer payment. And once you do, that’s it it’s over Johnny, you lose that money.

When I engaged them to purchase a part, I became immediately suspicious when they were unable to answer a single question that I had asked. Firearms are a certain specialty, and there is a specific language that one needs to speak in order to understand the world of guns. These scammers have no idea what they’re talking about. And if you’re a new gun enthusiast and don’t understand the language of firearms you are likely to get scammed. And that is their edge. Newbies are their mark.

So for laughs, I engaged them via text. I asked if I could buy a “Bazooka” which if you didn’t already know, a Bazooka is a common name for a man-portable recoilless anti-tank rocket launcher weapon, widely deployed by the United States Army. It’s a grenade launcher.

And I told them that my intent was “I am declaring jihad against the infidels.”  Which for any normal company would set off red flags. But not these guys. They’re all about the jihad! And they asked for the FFL which is the Federal Firearms License. And I provided  “Youra Sheethed” Get it? You’re a Shithead. He He.

And I gave them the physical address of the ATF and Boston. And they responded with their PayPal identification number. Feel free to send them some money. Or report them to Paypal. Whatever you wanna do.

Once I started to see this was a scam, I quickly researched the name of the company and found numerous online forums that enforced my belief that it was fraud. Here are those links below:

https://www.bbb.org/us/pa/danville/profile/gun-shop/empire-gun-shop-0241-236059607/complaints

https://www.scam-detector.com/validator/empiregunshop-com-review/

https://www.glocktalk.com/threads/empire-gun-shop-anyone.1883574/

https://www.ar15.com/forums/hometown/Is-Empire-Gun-Shop-in-Danville-legitimate-/14-652483/

https://www.yelp.com/biz/empire-gun-shop-danville

https://www.yellowpages.com/danville-pa/mip/empire-gun-shop-6086596

Here are some of the ways that you can determine if a site is real or fake:

You Aren’t Sure How You Got to the Site

 Have you found yourself on a site and you don’t know how you got there? Did you click on an email link? This is one of the most effective methods that a scammer uses to get a victim to go to a fake site. This is also the case with links on social media sites. Whatever you do, do not click these links. Instead, if you know you want to go to a site, either use a bookmark or type it directly into your browser.

Do You See Spelling or Grammar issues?

 Another sign that a site might be fake is a lot of grammar and/or spelling issues. Many of these fake sites are created by non-native English speakers, and they often make mistakes with spelling and grammar. Some also use translation software, which is notorious for making mistakes like using “there” instead of “their.”

Is the Site Endorsed?

If you see that a site is endorsed, you might believe that it’s totally safe, but just because you see an icon that looks like an endorsement, it doesn’t mean it’s real. A person creating a fake website can add information saying, for instance, that it is endorsed by a news outlet, but that doesn’t mean it actually was. The same can be said for authenticating badges. You should be able to click on these badges and be directed to a site explaining what it means. If you can’t click it, it’s probably a fake.

Look at the Address

Another sign that a site is a scam is if the website address is incorrect. For example, let’s say you want to do some online shopping, and you get an email coupon from Kohl’s. You click on the link, but instead of going to Kohls.com, it takes you to K0hls.com. This is a fake site. You also want to pay attention to the beginning of the address, too. You should only be doing shopping or entering information at a site beginning with HTTPS, not HTTP.

How to Make a Purchase

Almost every website out there takes credit cards. This is a good thing, because a credit card gives you protection. If a site doesn’t take cards, and it only wants a check or wire transfer, you should be suspicious. Empire Gun Shop doesn’t take credit cards.

Are the Prices Too Good to Be True?

Are the prices on a site too good to be true? If the prices are much lower than other prices, this could be a sign of a scam. For example, if you want to buy a new designer purse, and every other site has them for $400, but this one has it for $100, this is a red flag.

Read Reviews

Finally, you can determine if a site is real or not by looking at reviews. You can do this by searching on Google, or you can look at the Better Business Bureau listing. There is also a scam tracker on the BBB website, too. And as I did above, seek out the name of the company and its domain on various forums that specialize in that product or service. Keep in mind, however, that some of these reviews might still be fake, so spend a little time on this and don’t always give these landing pages or splash pages too much credibility.

And hey, feel free to mess with those scumbags at Empire Gun Shop and make their life hell.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Scammers are Targeting Your Venmo and P2P Accounts

Do you use Venmo or other P2P accounts? If so, you definitely could be a target of scammers. Across the county, people are losing their cash, and it often happens so quickly that they don’t even know what’s happening.

You might think that you couldn’t be a victim, but scammers are often smarter and trickier, and they won’t hesitate to take advantage of you.

Here’s how they are doing it:

A stranger approaches you to use your phone. They have a sob story to make this scam more credible. You hand your phone over, they make it look like they are dialing, but instead, they are doing something else: swiping and searching your phone for “Venmo” and easily getting into your Venmo account and transferring money to themselves. People are losing thousands of dollars simply for being kind to a stranger.

Tips to Keep Yourself Safe

When using a P2P payment system, you should know that they all require access to your financial info. So, when you use them, make sure that your account settings are set in a way to ensure all of the security measures that you can set. In order to keep yourself safe from scams like this, there are some tips that can keep you safe.

  • Two step authentication. Access the menu, turn it on. This might include using PIN, a biometric log in, like a fingerprint.
  • Get the money out of your account. In most P2P apps, when you get a payment, the money is generally added to the balance held in the app. It doesn’t appear in your bank account until you transfer it or use it in another way. If you want to transfer money to your bank account, you should definitely make sure that the deposit went through. Just keep in mind that it could take a couple of days to transfer.
  • Pay only those you know well. Scammers know a lot of tricks, and they will find methods to trick you into paying them in ways you would never expect. So, if you are sending money from one of these apps or sites, make sure that you know the person you are sending money to. If you are using the app or site to get money from someone else, transfer the payment into your bank account and make sure it transfers before you send any goods.
  • Disconnect from Social Media: Finally, keep in mind that there are apps or sites might share your transaction information on social media. Check your social media settings because some of these settings might be set to share this info. Just make sure you are comfortable with what is going out on social media.

Beware of Hot and Cold Reading Scams

Many so-called psychics are frauds. But so are some auto mechanics, lenders and roofers. There’s fraud in just about all lines of work.

1SWhat we do know is this: There’s not enough evidence to refute paranormal phenomena. Nor enough to prove it beyond a doubt.

And we also know this: There exist scams involving hot and cold readings.

I could give a scam reading to a flamboyant, colorfully-dressed woman (whom I’ve known for only a minute) with big hair, lots of costume jewelry and a supersonic laugh.

I could tell her she’s attracted to quiet, analytical, detail-oriented, very serious men whose eyes well up during sappy movies. She’ll pay me $100 for my “reading” and think I’m a psychic. What she doesn’t know is that I know that people with “sanguine” temperaments are attracted to the “melancholy” temperament.

I didn’t “read” her based on psychic abilities. I “read” her based on a book about temperaments I read years ago. Some people get really good at cold readings and make money off of this.

Hot Readings

You have an appointment with a woman. You find her Facebook page (because you got enough preliminary information to achieve this). You learn all about her. You look her up on LinkedIn too.

Come appointment (reading) time, you start telling her things about herself, flooring her. Scammers can cunningly extract information via other routes as well, but the bottom line is that the crook gets information ahead of time and pretends it’s only just coming up during the reading.

Cold Readings

The information is gleaned right on the spot—via skilled observational powers. Typically the cold-reader begins broadly, such as, “You’re very sad these days,” watching the customer’s body language and facial reactions, and then making deductions based on those.

The reading is very carefully worded to cover the possibility that the deductions are wrong. The scammer might say, “A person very dear to you is no longer around,” instead of the specific, “A person very dear to you has recently died.”  All possible reasons for the “loss” are covered with the ambiguous statement.

Cold readings to a large group are a joke, because the scammer will announce something that, by the law of averages, will apply to several people in the group. He then narrows it down from there.

There may be many honest, true psychics out there (some police departments use them for missing-persons cases believing if there wasn’t some fire to this smoke).

But beware of the scammers. Don’t pay someone to tell you something about your life that’s already on Facebook or evident in your clothing and mannerisms.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Student Financial Aid Fraud is a big Problem

Educational institutions are giving out student loans and grants, and the recipients aren’t even attending school. Instead they’re spending the money any which way, while the schools have no idea they’re being ripped off.

9DWith a database, the Education Department flags applicants who’ve applied for federal Pell grants—applicants with an “unusual enrollment history,” such as having received financial aid for at least three schools in only 12 months.

The Department forwards these suspect names to educational institutions; the schools then request that applicants provide documents including prior transcripts. What the school then gets from the applicant determines if a loan or grant is denied.

This flagging procedure has caught 126,000 applicants who sought aid for the 2013-2014 school year.

It’s so easy to scam schools because most federal aid does not require a credit check, and how the money is spent is not tightly restricted.

A school receives the money from the government and spends some on tuition. The remainder is sent as a check to the recipients to spend on books and even living expenses while (supposedly) the recipient attends classes.

Community colleges are especially vulnerable due to their open enrollment and low tuition. The lower the tuition, the more money that’s left over to be sent to the con artist.

The proliferation of this scam can be attributed to the Internet because online applications can result in receiving aid—without the applicant ever being within a mile of the campus.

Application Red Flags

The American Association of Community Colleges (AACC) names the following alerts that financial aid offices can check applications for.

  • Large financial aid refunds or disbursements
  • Attendance at several other colleges
  • A large student loan balance but no degree

Unfortunately, these red flags won’t flutter much if the applicant is a first-time scammer.

Data Red Flags (according to the AACC)

  • Several registrations coming from similar locations out of state
  • Several uses of the same PO box, physical address or IP address
  • Multiple uses of the same computer and/or bank account
  • The emergency contact is the same person for multiple registrants.
  • Certain courses getting a fast increase in number of enrollees
  • Frequent communication from similar individuals or locations

Every applicant should be identity-proofed, which is easier said than done. Verification is one element of identity proofing.

To combat this fraud, Finaid.org notes:

  1. Families must sign a waiver allowing the financial aid office to obtain tax returns straight from the IRS. Some people have submitted fraudulent tax return copies during verification. Getting them directly from the IRS prevents falsification. Another route is to require families to provide copies of their 1099 and W-2 forms, especially when income figures seem suspect.
  2. Request copies of the applicant’s four most recent bank statements; inspect them for unusual transfers and unreported income.
  3. Conduct 100 percent verification.
  4. For parents claiming to be enrolled in college, require a proof of registration plus copy of the paid tuition bill. Confirm registration with the school. And if a parent with a PhD or master’s degree is returning to school for an associate’s degree, be highly suspect.
  5. In cases of divorce or separation, ask for the divorce decree or proof of legal separation, plus street address for each parent.
  6. Compare to each other two consecutive income tax returns to detect any movement of assets to hide them.

There’s more that can be done for identity proofing: biometric software. Biometric Signature ID (BSI) has designed a “Missing Link” patented software-only biometric.

This is the most potent form of ID verification on today’s market, and additional hardware is not required. It measures:

  • Unique way someone moves the mouse, finger or stylus upon logging in
  • Length, direction angle, speed, stroke height, of the

The password is created with BioSig-ID™. Measurement of the above can positively identify the user, regardless of what device they log into. This technology makes it impossible for a fraudster to impersonate the user.

With these unique patterns, BSI software can distinguish the user from everyone else. If the person who registered for the account is NOT the same person who is attempting access, they are stopped – avoiding any potential cheating or financial aid fraud.

Robert Siciliano, personal security and identity theft expert and BioSig-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Oversharing on Social Media Common Amongst 50+

Thanks to social media, societal norms have undergone a seismic shift in the past five years. What was once considered private or even taboo is not only fair game, it’s expected. But this can have serious consequences from the ending of friendships to exposure to physical harm.

I’ve talked about the concept of TMI or too much information and how social networking and mobile devices have made sharing so much easier and faster than ever before. But we all need to seriously think about some hard consequences of sharing too much personal information. Thinks about it…is that friend really a friend if you haven’t seen them in 25 years?

McAfee’s Fifty Plus Booms Online study found despite the fact that social networks have a reputation among the younger generation as a hub for drama among friends, this is also the case among other demographics—even in the 50-and-over age group. According to respondents, 16% of those who are active on social networks have had a negative experience, with almost 20% of those resulting in ending a friendship.

Further, the study finds that even though 88% consider themselves tech-savvy, they are still engaging in dangerous online behavior, such as sharing personal information with people they have never met in person. Even though 75% of them believe that social networks can expose them to risks such as fraud and identity theft, 52% have shared their email address, 27% their mobile phone number and 26% their home address. All things that open them up to possible exploitation and even physical harm.

They are also using their mobile devices to share information. Nearly one in four (24%) mobile users have used their device to send personal or intimate text messages, emails or photos to someone and yet over 30% do not have basic password protection on their mobile devices and almost half do not have any security software on their mobile devices.

financial-fraud

And because these boomers (and all of us) are spending more time online─with 97% of them going online daily and spending an average of 5 hours a day online─ we all must be aware of the concerns that exist with the increased use of mobile devices for everyday tasks and social networking and what information we may be sharing.

Here’s some tips to help us stay protected:

  • Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so be careful what you share online or via your mobile device.
  • Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.
  • Put a PIN on it—Make sure you have your smartphone and tablet set to auto-lock after a certain time of unused and make sure it requires a PIN or passcode to unlock it. This is especially helpful to protect any information you do not want seen should your device be lost or stolen.
  • Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.
  • Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.
  • Turn off the GPS (Global Positioning Service) function on your smartphone camera—If you are going to be sharing your images online, you don’t want people to know the exact location of where you are.
  • Use comprehensive security on all your device Enjoy a safe online experience no matter what you do or where you are. McAfee LiveSafe™ service protects all your PCs, Macs, smartphones and tablets and can help you secure your data and keep your identity private with its many different features, including a secure data vault, password manager, and protection from phishing scams and malware.

So…really, please, come on now, can we all just tone it down a notch? And one more thing: Please protect your devices—I mean ALL your devices.

Follow @McAfeeConsumer for live online safety updates and tips and use hashtag #BabyBoomers to join the discussion on Twitter or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

EMV Will Help Retailers Prevent Credit Card Fraud

EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals.

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Implementation should occur in 2015, Visa announced plans to expand their Technology Innovation Program to the U.S., which will encourage retailers to support cards with microchips by “[eliminating] the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals.” This will go into effect October 1, 2012 for merchants whose point-of-sale terminals accept both contact and contactless chips.

PCMag reported MasterCard followed Visa’s lead stating that it too intends to move U.S. consumers onto so-called chip-and-PIN technology. MasterCard, like Visa, also said that it is preparing for a world where consumers will pay in stores, online, and via mobile devices.

Another method of credit card fraud prevention is device reputation technology. It works to prevent all types of fraud and abuse on the Internet, including account takeovers, which occurs when your existing bank or credit card accounts are infiltrated and money is siphoned out. Iovation the leader in device reputation helps prevent new account fraud, which refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Banks Sues Client Over Wire Fraud

Banks usually have relatively secure systems to maintain and protect online banking activities. They’ve spent billions to ensure that criminal hackers don’t liquidate all of our accounts. But criminals spend all their time seeking vulnerabilities and often find some way to make a fraudulent withdrawal.

Over the past decade as we have all (mostly) banked and bought stuff online, criminals have formed organized web mobs to sniff out transactions and take over existing accounts and in some cases open up new accounts.

American Banker reports an example of what can still go wrong: “the $2 billion-asset bank is suing Wallace & Pittman, a Crosstown law firm, to recover funds the firm relayed electronically to Russia after an email that purported to be from an industry group lured someone at the firm to surrender their user name and network password, the Charlotte Observer reported.”

The fraudsters used the access to install software on at least one of the firm’s computers that allowed them to hijack its account.

“Masquerading as Wallace & Pittman, the thieves instructed Park Sterling to transfer roughly $336,600 through JPMorgan Chase to a recipient in Moscow. The law firm asked Park Sterling to stop the transfer after receiving confirmation of it, but the request allegedly came too late.”

To defend against all of these hacks the Federal Financial Institutions Examination Council (FFIEC) recommends to financial institutions what’s called a “layered approach” of anti-fraud tools and techniques to combat this type of crime. Meaning it’s not simply a matter of applying a firewall and having anti-virus to protect the network, but going much deeper in protecting many interaction points within the banking site (not just login) and using a variety of proven fraud prevention solutions.

That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.

Consumers still need to apply antivirus, antispyware and a firewall and must never respond to emails requesting usernames and passwords and avoid clicking links in emails.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Portland Company Keeps Ringing the Bell Of Success

iovation, protects businesses from Internet fraud by identifying good online customers with its device reputation technology, recently announced that its ReputationManager 360 solution won gold in the security services category for Network Products Guide’s 8th Annual 2013 Best Products and Services Award. The award honors and recognizes the achievements and positive contributions of organizations and IT professionals worldwide.

Additionally, iovation announced that its Chief Financial Officer, Doug Shafer, has been named CFO of the year by the Portland Business Journal. Shafer was recognized for iovation’s company performance as well as community involvement over the past year. The award is given each year to professionals in Oregon and Southwest Washington who have excelled in their roles as financial executives.

This is the second time in four years that iovation has been awarded a gold by Network Products Guide and this year the company joins other best products and services winners like Cisco Systems, Inc., Yahoo, Inc., Samsung, and NETGEAR.

With its ReputationManager 360 solution, iovation tracks the online behavior of more than 1.3 billion devices from around the world; everything from desktops to laptops, mobile phones to tablets, and gaming consoles to smart TVs by utilizing iovation’s device reputation intelligence.

Device reputation spots online evildoers by examining the computer, smartphone, or tablet they are using to connect to any website. If a device is recognized as having previously committed some type of unwanted behavior, the website has the opportunity to reject the transaction, preventing damage before it occurs.

In the physical world, as the saying goes, “You are only as good as your word.” And when somebody says one thing and does another, we no longer trust them.

Online, people say and do things they never would in the real world. Internet anonymity fuels bad behavior. Websites’ comments sections are filled with vitriol that you’d never hear real people utter. Scammers create accounts in order to con people and businesses into forking over money. And identity thieves use your personal information to fill out online applications for credit.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Florida Retirees Frequent Identity Theft Targets

A lot of Floridians are retirees who spend their days around the pool or at the beach. The warmer weather attacks both golden agers and unfortunately identity thieves. Criminals know that retirees have money in the bank, retirement accounts and credit cards with high limits.

TechNewsDaily reports, “On a per capita basis, 361 Floridians out of every 100,000 were the victims of identity fraud in 2012, according to the Federal Trade Commission’s latest figures. Georgia ranked second, with 194 reports per 100,000, and California ranked No. 3 at 123 per 100,000—a third the rate of victims in Florida.”

Two types of identity theft often affect retirees: new account fraud and account takeover.

New account fraud refers to financial identity theft in which the victim’s personal identifying information, often a Social Security number and good credit standing, is used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Account takeover is discovered when victims notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim’s established spending habits. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks.

Protecting yourself from new account fraud requires more effort than account takeover. You can attempt to protect your own identity by getting yourself a credit freeze or setting up your own fraud alerts. There are pros and cons to each.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place—saving your nest egg for your golden years.