Posts

Is the Term “ID Theft Protection” a Lie?

If you work for an IT security company, especially in the marketing department, listen up: the phrase “Identity theft protection” is definitely way overused and sometimes abused as a term for marketing. We know that this term is used to sell products and services, but do all products and services that weave in the term ID theft protection really protect people from ID theft? No. Definitely not.

ID TheftThere is really no difference than labeling a food product as being “natural,” even though it is not “organic.” In the best case, the info is incorrect, and at the worst, it is miss leading and an outright lie.

Any business with any type of security solution claims that it can protect people’s identities. However, firewalls do not protect anyone from getting their identity taken. The same lie is told when a company marketing a thumb drives that’s encrypted, antivirus software, or even alerts for phishing scams. While all these things may help or assist and even facilitate at some level the process of protecting an identity, they are not ID theft protection. They just aren’t.

Only services that truly monitor your identity should call themselves ID theft protection services. They do this by checking up on your credit, and then scanning the internet for any type of sensitive information. These companies also look for things like you Social Security number online, and if there is a problem, they can help you fix it. And there is generally an insurance component that works towards fixing or reimbursing funds lost as a result of stolen identities.

If you currently have ID theft protection, you may get an email that looks similar to this every month:

We have been checking your credit reports from Experian, TransUnion, and Equifax, and we are happy to let you know that we did not notice any new activity. As a user of our services, we will continue to check your credit report every day for your protection. We help to protect you from any financial hassles and losses that could lead to identity theft. You can log into our website and review your status 24/7. Please click here and enter your username and password to get started. As always, our team is ready to help if you notice any suspicious activity.

This is exactly what you should expect when you choose to get ID theft protection. Do not fall for any type of fancy marketing terms. This is what ID theft protection should include:

  • Alerts: This is a warning system that notifies you when your personal info might be at risk
  • Monitoring: Constantly monitoring your privacy, identity, and credit information
  • Recovery: Experts help should your identity be compromised. They should offer 24/7 recovery service to take care of calls, paperwork, and other details.

Make sure that you are doing your research and don’t believe what you read. Instead, take the time to really understand what you are spending your money on.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

6 More Places to Put Your Identity on Lock Down

If you have been thinking about a credit freeze, you probably should know that the process is designed so that a creditor cannot see your credit report unless you specifically allow it. This process blocks any potential creditors from viewing or pulling your file, which makes it much more difficult for an identity thief to apply for new credit using your name or information. For links to freeze your credit at the 3 major bureaus go to How to Freeze My Credit.  However, there have been reports of people complaining of having accounts opened in their name while having credit freezes. So, if you already have a credit freeze at Experian, Trans Union, and Equifax, you also might want to consider freezing at the following companies, too:

Innovis Credit Freeze

Innovis is the 4th credit bureau you need to freeze with. The process is similar to the big three and its free. Go here to freeze your Innovis Credit Freeze.

National Consumer Telecommunications and Utilities Exchange or NCTUE

One place you should contact to freeze your credit through is the National Consumer Telecommunications and Utilities Exchange, or NCTUE. Many mobile phone companies, for instance, get credit inquiries done through this organization, so hackers can still open mobile phone accounts in your name, even if your credit is locked down elsewhere via the 3 major bureaus.

In general, only mobile phone companies use NCTUE, but there are other companies, like water, power, and cable companies that also use it. You can contact NCTUE to freeze your credit by calling them and giving them your Social Security number. You will also have to verify a few other details, but the system is automated, so it’s very easy. If the system can verify your identity, your credit report through this organization will be frozen. You can also get your NCTUE credit report and risk score by calling their 800-number 1-866-349-5355 or try to do it online here NCTUE Freeze but some say this links form doesn’t work well.

ChexSystems

You should also place a security alert with ChexSystems. This is a system that is used by banks to verify the worthiness of customers who are requesting new savings and checking accounts. When you request a freeze through this organization, it is only applied to your ChexSystems consumer report. If you want to freeze your credit at other companies, you must do it directly through them. For ChexSystems, you can do it here: ChexSystems Security Freeze.

Opt-Out Prescreen

You can additionally opt out of any pre-approved credit offers by calling 1-888-5-OPT-OUT or you can go online and visit the website Optoutprescreen.com.

myE-Verify Self-Lock via the Department of Homeland Security

The fourth organization you should freeze your credit with is called Self Lockvia the Department of Homeland Security. This freeze helps to protect you from any employment-related fraud. When you lock your Social Security number through this tool, it will stop anyone from using your Social Security number to get a job, which is another scam. If a Social Security number that has been locked is entered into the system, it will result in a mismatch, which will flag the number as fake. It’s easy to lock and unlock your identity through Self Lock, and each time you do it, it remains locked for a year. Once that year is over, you can choose to renew the lock, too. You can learn more online at the Self-Lock Freeze.

Social Security Administration

Finally, if you want to prevent any type of Social Security fraud, you should set up an account at the Social Security Administration. There are a number of Social Security scams designed to siphon your benefits or sensitive information. Your telephone may ring followed by and automated message saying your Social Security number has been “suspended” because of some suspicious activity or be threatened with arrest if you don’t call the telephone number provided in the automated message. Simply by setting up the account you can prevent someone else from setting it up as you and posting as you. Also you can check in with then SSA should you received any calls, emails or mail to determine the communications legitimacy. You can do it online,Social Security Administration Set-up.

Here’s your Freeze to-do checklist.

  1. NCTUE Freeze
  2. ChexSystems Security Freeze.
  3. com.
  4. Self-Lock Freeze.
  5. Social Security Administration Set-up
  6. How to Freeze My Credit.
  7. Innovis Credit Freeze.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

DNA Tech is Catching Bad Guys and its Great and Scary

In 1996, a 12-year-old Washington state girl was raped and murdered. However, it wasn’t until June 2018, that an arrest was made in the case. How did this happen? DNA technology.

The man arrested is Gary Hartman, and he is accused of killing and raping 12-year old Michella Welch. Donald Ramsdell, the Tacoma Police Chief, has said that computer modeling, police techniques, and advances in DNA identification has led his team to arresting Hartman on June 20th.

This case goes all the way back to March 26th, 1986. Welch and her sisters were in Tacoma’s Puget Park. She left her sisters there and went home to make lunch. About three hours later, Michella’s sisters noticed that her bike and lunch were at the park, but she was nowhere to be found. Just before 11pm that night, the body of Michella was found. DNA was recovered, but police were unable to solve the case…until now.

Before the arrest of Gary Hartman was made, police tried a number of methods to solve this case. For instance, in 2006, they were able to create a DNA profile of the person whose DNA was found at the crime scene. However, they were unable to match that DNA with what was in their database. It wasn’t until 12 years after that, in 2018, that detectives from the Tacoma Police department was able to work with genetic genealogists and track the DNA to family members of the, at the time, unknown suspect. The researchers then used that information, along with public records, to create a family tree. There were two members of the family, brothers, who lived in Tacoma in 1986. Both immediately became possible suspects.

On June 4, detectives began monitoring Gary Hartman. Nothing of note happened that day, but the next day, June 5, Hartman went to breakfast with a co-worker. Detectives took the napkin that Hartman used at the restaurant and sent it in for DNA testing. The DNA that was on the napkin was the same DNA found at the rape and murder scene of Michella Welch. He was arrested for the crime on June 20 after a traffic stop.

Michella’s mother is thrilled by the arrest, and Michella’s younger sister, Nicole, who was only 9-years old in 1986, described her sister like a “second mother,” and said that Hartman cut her sister’s “precious life” short.

This is all wonderful. And right out of a sci-fi movie. OK, so you have nothing to hide right? I have nothing to hide either. But I’m never throwing a napkin away again!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

2017 Was the Worst Year for Identity Theft EVER!

Javelin Strategy & Research recently released its Identity Fraud Study, and it revealed that the number of identity theft victims rose by 8% in 2017 when compared to 2016. That’s almost 17 million people, which is a record high. Despite more information and industry efforts to make people aware of these practices, $16.8 billion was stolen due to ID theft in 2016.

The study also showed a shift in how ID theft fraud was being done. Credit card accounts were the most common targets for new account fraud, we also see that there is a big uptick in other accounts being targeted, including PayPal accounts and e-commerce merchant accounts. We can also see that more than 30% of consumers in the US were notified that their information was part of a data breach, which is 12% higher than the year before. Social Security numbers also seem to be a favorite of ID thieves, as are credit card numbers. We also see that due to these breaches, consumers are becoming less trusting when it comes to companies and financial institutions that are storing personal data.

The Trends

There were four noteworthy trends that were also found in this study:

  • There was a Record High Rate of Identity Fraud – The study shows that almost 7% of all consumers were victims of ID fraud. This was almost a million people from 2016. This was mostly due to more account takeovers and more instances of fraud.
  • Account Takeover Has Grown – One of the most shocking things found in this study is that account takeover has tripled when compared to 2016 and has reached a four-year high. This is a 120% increase. It was also noted that the average victim had to pay an average of $290 out of pocket to solve these issues, and consumers spent more than 62 million hours trying to work these issues out.
  • Scammers Target Online Shoppers – The study also shows that people who shop online are most at risk of becoming a victim of fraud.
  • Scammers are More Sophisticated – Finally, the study showed that fraudsters are more sophisticated than ever before, and they use more complex methods than ever before.

Finally, the Identity Fraud Study did something new this year, too. It looked at the way news of data breaches has affected consumers. About 63% of people who responded say that they were “very” or “extremely” concerned about becoming a victim of a data breach.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

The Term “Identity Theft Protection” is Often a Lie

If you are working for an IT security company, I have a message for you: the term “identity theft protection” is way overused and even abused as a marketing term. We know that this term is used to sell services and products, but does it really protect a user from being the victim of identity theft? No.

This is no different than labeling a food as “natural,” even though it is not actually “organic.” At best, this is incorrect information. At worst, it’s a total lie.

Every company with security solutions out there claims that they can protect identities. But, a firewall does nothing to protect a person from getting their identity stolen. The same goes with an encrypted thumb drive, antivirus software, or even phishing alerts.

Only true identity theft protection services monitor your identity. They do this by checking your credit report and scanning the internet for any sensitive personal info. It also looks for information such as the Social Security number, and if there is an issue, the service helps you solve the problem.

If you have identity theft protection right now, you might get an email like this each month:

We have been monitoring your credit reports from Equifax, Experian, and Trans Union, and we are pleased to inform you that we did not notice any new activity. As a user of our services, we will continue to check your credit report each day for your protection. We help to protect you from any financial losses and hassles that are associated with identity theft. You can log into our website and review your status at any time. Please click here and enter your username and password to get started. As always, our staff is standing by to assist if you notice any suspicious activity.

This is what you should get when you opt for identity theft protection. Don’t fall for the fancy marketing that security solutions companies throw at you.

At its basic level, this is what identity theft protection looks like:

  • Monitoring: continuous monitoring of your identity, privacy, and credit
  • Alerts: warning system rapidly notifying you when your personal information is at risk
  • Recovery: experts providing comprehensive, 24/7 recovery services taking care of paperwork, calls, and every detail to restore your identity

Do your research and don’t believe everything you see or read. Take the time to understand what you are spending your hard earned money on.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Identity Fraud Victim every two Seconds

Yes, identity fraud is SO common that someone becomes a victim every two seconds. The 2014 Identity Fraud Study, as reported on javelinstrategy.com, turned up some alarming results.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Though the dollar amount stolen had decreased over the year preceding the study, the number of victims had increased. People at highest risk were ages 35 to 44.

Account takeover—when the thief takes over a pre-existing account—made up 28 percent of ID fraud losses in 2013. But the greatest risk factor for becoming a victim of identity fraud is the data breach. In that year, 30 percent of people who were notified of a data breach became an ID fraud victim.

Identity fraud is associated with credit cards, but this type of crime can also involve hijacking someone’s PayPal account, or account on Amazon and eBay.

How to Protect Yourself

Javelin Strategy & Research, who conducted the study, recommends the following:

  • Never use public Wi-Fi (at least use a VPN)
  • Shred old sensitive documents.
  • Change the passwords on all of your accounts often.
  • See which accounts offer two-factor authentication, then set it up. This way you’ll know if an unauthorized person is trying to access your account.
  • Use anti-virus and anti-malware software for all of your devices.
  • Monitor your accounts every week. Use mobile apps to stay on top of them.
  • Use direct deposit for payroll checks.
  • Don’t permit your Social Security Number to be used as an authenticating factor, because it can’t be changed, like a username or password can. Ninety-six percent of major credit card issuers and 80 percent of the top 25 banks will permit access to an account via the SSN. You should inform the institution to notate that you will never provide this number to verify your identity.
  • Arrange for your financial institutions to send you alerts (e-mail, text, phone call) when anomalous activity occurs, such as a purchase made in two countries only a few hours apart, or any purchase over a certain amount. Ask about additional forms of fraud detection as well.
  • If you suspect fraud, immediately report it.

If you receive notification of a data breach, you’re at higher risk for fraud; crack down on monitoring your accounts.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Why Hotels Check your ID

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

I know someone who tried to make a hotel reservation over the phone. She goes by the name “Kelcie,” but her birth name is Frances. She hates her birth name. When making the reservation she used the name Kelcie, which is what’s on her credit card and checks, but her driver’s license says Frances.

8DShe was told that when she arrived, she’d need to present a photo ID. She asked if there’d be any problem since her driver’s license said Frances and the reservation said Kelcie. She was told most definitely. “Why should they care if the name on my photo ID doesn’t match the name in the reservation or my credit card? As long as I can pay for the room, right? You’d think I was applying for a government job!”

Why do some hotels require the photo ID or even information about your car, even if you have wads of money ready to pay for your stay?

In some areas, the law requires hotels to do this. But this answer only sets back the question further: Why does the law require this? The law also requires hotels and other lodging facilities to be able to turn over this information to the police when requested. A warrant is not necessary.

If we’re talking a little “ma and pa” motel, it’s actually more understandable that they’d require guests to show a photo ID, especially in a seedy part of town. If the room is trashed, the owner knows whom to go after.

But the large name-brand hotel is a bit different. Requiring a photo ID when someone uses a credit card or check is understandable. But some hotels also require it if the guest has cold cash.

The true answer would have to come from the lawmakers, even though we can think of some hypothetical scenarios in which a person could claim to be someone else and then get that person’s room—but the imposter would have to know ahead of time that the real guest had reserved the room. It’s not likely that the lawmakers have this scenario in mind for their reasons for requiring hotels to require photo IDs.

One plausible explanation is to protect people from fraudulent credit card use. More reasons include weeding out of imposters to make everything a bit safer by reducing nefarious activities such as drug use, meth labs, prostitution, or using the hotel room as a staging area for various crimes.

Hotels will want to do anything to cover their butts just in case a crime occurs. And I suppose the lawmakers have the hotel industry’s back.

If you are concerned about privacy of your personal information, you should be. But recognize that “personal identifying information” or PII is “public” and not private. So giving it to a hotel clerk shouldn’t be considered a “private” transaction. Know the risks.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

What is Catphishing?

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

What is catphishing? It certainly isn’t Garfield lazily sitting in a canoe holding a fishing rod. Catphishing is when a fraudster fabricates an identity and tricks someone via cyber communication into a phony emotional or romantic relationship—usually for financial gain to the scammer—because eventually he’ll hit the victim up for money.

1FBut another reason for catphishing is to lure someone into having a “relationship” with the scammer—to either ultimately publically humiliate them with this information if they’re well-known, or, to prove to a significant other that they’re capable of cheating. Not all catphishers are fraudulent. Sometimes, a person will catphish to catch a criminal.

One doesn’t get reeled in overnight, but the warning signs of the early stages of catphishing are clear: A too good to be true situation. The other party is very attractive (don’t bet for a second it’s really their photo). Another tell-tale sign that should make the alarm bells go off: This person comes out of thin air.

He…or she…will be reluctant to use the phone. Skype is out of the question: “I can’t figure out how to use it,” or, “It’s not compatible with my browser.” To maintain an air of legitimacy, the scammer will finally agree to meet you in person, making the plans sound like they’re running smoothly, but then at the last minute, must cancel the plans due to some crisis.

Some examples of real-life catphishing:

  • The DEA created the identity of a woman arrested on drug charges to nab drug dealers on Facebook.
  • Someone used the identity of a woman they personally knew, Ellie Flynn, to create phony accounts on Facebook, Twitter and Instagram. This fleabag even used “Ellie Flynn” and her photo on dating sites.

So the issue isn’t just the idea of you being tricked into a relationship by the catphisher, but the possibility that YOUR photo, name and other data can be used by the catphisher to commit this crime against someone else or to use it for dating sites. Are you pretty good-looking? Makes you wonder about the possibilities…catphishers DO peruse Facebook for those who are physically blessed.

It’s really difficult to discover that your image/name is being used by a catphisher. For example, suppose your name is Ashlee Patrick and you’re gorgeous. And someone named Ann Casey has decided to use your Facebook profile photo for a dating site she wants to register with, or maybe she wants to create a Facebook account.

How will you ever learn of this…unless, by freako chance, someone who knows you just happens to be on Ann Casey’s (if that’s even her real name) Facebook page or is communicating to her via the dating site?

At any rate, if you’re lucky enough to discover someone has stolen your picture for fraudulent purposes, you can report their phony account.

Best ways to protect yourself?

  1. Stop uploading pictures of yourself is one option. This way you have more control of what’s out there.
  2. Use Google Reverse Image Search. https://www.google.com/imghp?gws_rd=ssl simply upload a photo and Google will seek it out.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Synthetic Identity Theft hard to detect

A criminal can do a lot with “only” your Social Security number, says a report from darkreading.com. Okay, so he doesn’t have the name that goes with the number. Big deal—he’ll just make one up to go with it! This is called synthetic identity theft.

10DAnd this crime has proven worthwhile for the crooks. Nowadays, there’s an increased risk for this crime, says a report by ID Analytics. This is because thieves exploit new SSN randomization practices, says Dr. Stephen Coggeshall, author of the report, and chief analytics and science officer for ID Analytics.

In 2011, the SS Administration began issuing the numbers randomly rather than by pattern to help protect against ID theft. This change has backfired because it trips up anti-fraud technology that’s supposed to spot when a number, that was issued a few years ago, is linked to a phony identity.

The implementation of chip-and-pin cards will fuel the risk and growth of synthetic ID theft. Chip-and-pin point-of-sale transactions will inspire ID theft specialists to figure out new fraud tactics. And they will. They always will. They’re not dumb.

The ID Analytics report says that this crime goes undetected for long stretches because there’s no specific consumer victim. Like, who’s Alekksandreya Puytwashrinjeku? Or, who’s John Smith? Alekksandreya will open up small accounts just to get some credit going under “her” name. The next step is to apply for a big loan—that will never be paid.

The long-term nature of undetection allows the criminal to generate increasingly larger credit limits when compared to the typical ID theft case, says Coggeshall.

As you can see, there’s no actual consumer victim, but instead, the victims are the banks, along with the companies that offer the products that are illegally obtained by the fraudsters. The U.S. government is also a victim. The report explains that over a time period of three years, nearly 1.4 percent of tax returns seemed to be synthetic, costing the government $20 million.

You don’t hear much, if at all, about synthetic ID theft, but the report also points out that a credit card issuer did an analysis and discovered that over a three year period, about two percent of the total application volume consisted of this type of crime.

Still, an identity that incorporates identity theft protection is less likely to be victimized and more secure. And synthetic identity theft can sometimes be detected by a protection service.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Things You Can Do To Protect Your Identity

One of my favorite commercials is a guy working out with his personal trainer. The trainer asks him if he’s been eating his vegetables every day. When he replies, “When I can,” the trainer bops him on the head. He could have had a V8!

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Just like the man thought that eating his daily vegetables would be hard, sometimes protecting your identity seems like a chore. But it doesn’t have to be that way. Here are 7 “duh” steps you can take to protect your identity this holiday season and all year round.

  1. Inspect credit card statements. Make a habit of regularly looking through your credit card statements for strange looking activity. If you notice just one unauthorized charge, assume that someone out there will strike again, and again and again—unless you take immediate action and contact your credit card company.
  2. Shred documents with personal information. Thieves will rummage through your garbage and recycling searching for intact documents that show Social Security numbers, credit cards and bank account information, etc. The next best thing to a cross-cut shredder is scissors. Shear up anything that could be revealing, including credit card purchase receipts.
  3. Review your credit reports. At least once a year, review your credit reports from the three major bureaus. This way you’ll be able to spot any suspicious actions, such as a thief opening a credit card account in your name.
  4. Credit freeze. If you’ve been a victim of identity theft, you might want to consider putting a freeze on your credit.While this will prevent you from getting loans or credit cards until you unfreeze it, this will also block criminals from opening accounts in your name and smearing your credit.
  5. Limit accessibility. In addition to using a shredder or scissors, consider getting a safe where you can store sensitive documents and limit the number of credit cards you carry with you. Have a list of important phone numbers (e.g., bank, credit card companies) already made up, in the event that you need to contact them immediately upon realizing you have lost or someone has stolen your identity or your physical credit cards, wallet, etc. 
  6. Password protection. If your device is lost or stolen, will someone be able to simply pick it up and access all your data? They won’t if it is password protected. Don’t use your cat’s name as your password; rather create a complicated password with upper and lower-case letters and numbers.
  7. Use comprehensive security software. It is essential that all your digital devices have updated security software, like McAfee LiveSafe™ service that can safeguard your data and protect against identity theft.

For more tips on protecting your identity, check out the Intel Security Facebook page or follow them on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.