In today’s article, Intersections’ Consumer Security Adviser, Neal O’Farrell writes about how cyber criminals and identity thieves target small businesses. Why? Because many small businesses do not have substantial security procedures in place, and they make an attractive target for thieves hoping to steal your personal information.

Last night a neighbor of mine called for some advice on identity theft. He’d just received a call from a mortgage broker he hadn’t dealt with in more than two years, who told him that he’d just had a break-in at his office, his computer was stolen, and my neighbor’s personal information was on that computer. Along with the personal information of possibly thousands of other victims who had provided their personal information to that broker over the years.

And because the information was about loan and mortgage applications, it included everything a thief would need to commit devastating identity theft against multiple victims. Information like name and spouse’s name, Social Security number, address and date of birth, earnings and employer, previous addresses and more.

What bothered my neighbor most, apart from the obvious risk to his identity, was why the broker had held on to so much sensitive information for so long. And why it was sitting unprotected on a personal computer for so long.

I had to explain to him that this practice was very common. Small businesses, whatever their nature, tend to be unfamiliar with security procedures and data protection basics. Chances are, this broker has been hanging on to highly sensitive client information for years, maybe even decades, either in the hope that he could do business with those individuals again in the future, or simply because he was too lazy to properly dispose of that information after he no longer needed it.

While something as simple (and often free) as encryption would have made that personal information completely safe from thieves, few small businesses have yet embraced this simple idea.

I’ve been saying for years that one of the biggest identity theft threats for consumers are the small businesses they deal with on a daily basis. I don’t want to be harsh on small business owners – I’ve been one for thirty years – but they’re running out of excuses. There are few small business owners today who have not heard about cybercrime and identity theft and who are not aware that they have a responsibility to protect their customer and employee information from these threats.

Yet there are also very few small business owners, in my experience, who are actually doing anything about it. The most common excuse I hear from small business owners is that they’re just too small for a hacker to bother with. This completely misses the point, because hackers usually work by doing large sweeps or trawls for victims, and are quickly able to identify those businesses that have gaping security holes.

And with identity theft often viewed as the new burglary, small business owners have just as much to fear from local petty criminal as they have from global cyber gangs, because information stolen in burglaries often ends up in the same place.

Which probably explains why the most recent study of data breaches, just published by Verizon’s security division, found that out of the 855 data breaches the company’s security team investigated last year, more than 600 of them were at small businesses. That tally’s with a claim made last year by Visa that approximately 95% of its credit card breaches were at its smallest customers.

If any small business owner is still not convinced that hackers are targeting small businesses, the Verizon report also found that more than 80% of these breaches were as a result of the activity of hackers, and nearly 70% involved the use of malware.

To me there’s little doubt that the small business is squarely in the sights of hackers and cyber criminals around the world, and a single security incident at a small business could be its’ death knell. As public awareness grows about the danger of doing business with small businesses, worried consumers may take their business elsewhere.

And the inevitable result, if small business owners fail to take heed and responsibility, is that some form of legislation will be introduced to force small business owners to do the right thing.

If you are interested in reading the 2012 Verizon Data Breach Investigations Report, you candownload a copy here.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very important advice on how to help the elderly, the baby boomer population, protect themselves from consumer fraud and identity theft. This is a very helpful article if you have aging parents, or if you yourself of of that AARP age! Read on!

Just last week I spoke at an identity theft seminar in the affluent Silicon Valley town of Palo Alto, CA. The event was organized by local County Supervisor Liz Kniss and the District Attorney’s office.

While anyone was welcome to join the free two-hour event, most of those who attended were seniors. And a couple of things jumped out at me that reminded me why we need to keep addressing the issue of identity theft among seniors.

The first thing I noticed was the size of the audience. The crowd looked like it topped 100, and there wasn’t an empty seat in the house. That at least suggested that there is still great concern over identity theft and a need for answers.

The second thing that jumped out at me was the very visual answer to a very simple question. When asked how many in the audience had fallen victim to identity theft or fraud, more than half of the audience raised their hands.

While there are lots of statistics about the number of victims of identity theft every year, I was still surprised to find that about one-half of the people in that audience believed they had been victimized by this crime.

This got me thinking. Were they victimized because they live in a very affluent community, surrounded by other affluent communities? After all, we know that identity thieves are increasingly targeting what they refer to as “whales” – higher net worth individuals who have more access to wealth, better credit, and less time to think about protecting themselves.

Or could the answer be even simpler, that these individuals experienced a higher rate of identity theft simply because they are older. I have a feeling I may be on to something there. Financial abuse and identity theft among the elderly are on the rise, and in many cases the thieves are those the victims trust most – caregivers, relatives, and even their own children or family members.

As a result of my presentation, I thought this might be a good time to revisit some sound advice we’ve given in the past, advice you should take to heart if you have elderly relatives, friends, or neighbors:

• The best thing you can do is to be around and in touch. Scammers are less likely to focus on an elderly victim if they know a family member is close by and vigilant.

• If you know and trust their neighbors, ask them to get more involved and keep an eye open.

• If the individual is in a nursing home or retirement community, do your homework on the community, talk to the operators or managers about security, and encourage the individual to keep as little personal or financial information with them as possible.

• If the individual is in a nursing home, suggest that all mail be forwarded to you.

• Talk to them about the risks, give them a simple checklist of warning signs to watch out for, and encourage them to always call you before they buy something new, sign any legal or loan documents, or are pressured or harassed by any stranger. They should be especially careful about telephone solicitations, which often target the elderly.

• Conduct a regular home audit, making sure that all financial documentation is safely locked away, and that any computers have adequate security in place and working.

• If home help or caregivers are involved, let them know that you’re watching out for that individual and will encourage the prosecution of any crime. If you can, do a criminal background check on any caregivers, home help, or anyone else that might have regular access to the home. If you hire a home-care professional, seek out licensed employmen agencies who will perform such background checks.

• If appropriate, offer to handle all financial transactions and account management for the individual, and have them refer any financial enquiries, proposals, or problems directly to you.

• Work with their bank and credit card providers so that they are also alert to any unusual activities or transactions on their accounts.

• Offer to check their incoming mail for suspicious offers, and to check their monthly bank and credit card statements to ensure there are no fraudulent charges or suspicious payments.

• Regularly check that the individual is receiving any Social Security benefits, pension payments, and health care they’re entitled to, and that these entitlements or payments are not being diverted or misused.

• Offer to remove them from direct mailing lists to reduce the amount of junk mail they receive. Also offer to place them on national “do not call lists” to reduce the risk of unwanted telephone solicitations

• Help them make regular payments for things like utility bills so that checks are not stolen in the mail.

• Consider placing a credit freeze on their credit reports to prevent any unauthorized credit. This freeze can easily be lifted if the individual wants to take out new credit.

• Check for any financial or utility accounts that are no longer used or needed and close them if possible.

• Help them to regularly check their credit reports and if possible set them up with a credit monitoring service with alerts sent directly to you

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell writes today about current efforts by the FCC to improve Internet security. But, is it going too far? Read on!

In an effort to protect the broader internet from the carelessness of a few, the Federal Communications Commission (FCC), among others, is proposing a much broader adoption of something I’ve been encouraging for years – encouraging ISPs to take a greater role in protecting the Internet from the mistakes or carelessness of their own customers.

The idea is that ISPs would use a variety of tools to detect PCs that are infected with dangerous malware like bots, warn the owners of those computers about the infection, and help them clear it up. If the owner fails to clear up the infection, or becomes a repeat offender, the ultimate sanction could deny them access to the internet until they clear up their act.

It sounds draconian, and the FCC is not yet going that far. But it’s already beginning to happen and may even be a good idea. As one commentator put it, when bad guys manage to infected thousands of personal computers and get them to work together, they have in effect a highly dangerous cyber weapon capable of causing significant damage to other computers and networks.

If you’re not protecting your computer, it can easily be infected by all kinds of malware – malware that’s becoming increasingly sophisticated. When criminals are able to infect enough computers to create a botnet, or network of bot-infected computers, they can then use that network to attack web sites, hide porn, and share stolen identities. Essentially use your personal computer to run their criminal enterprise.

Which is why the Federal Communications Commission is working even harder to encourage more IPSs to get tough on careless users. And some are paying attention. A couple of years ago Comcast announced the launch of Constant Guard, a free protection service for its customers that now includes bot detection – although so far it doesn’t go as far as blocking Internet access for infected users.

But now the FCC wants all IPS to take part in this fight. In a recent speech, FCC Chairman Julius Genachowski commented that “ISPs can play a significant role in the battle against botnets. They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support.”

He added that ISPs can and must do this in a way that does not compromise consumers’ privacy and that if other ISPs employed similar best practices, it could significantly reduce the botnet threat.

And while he didn’t go as far as suggesting more draconian measures if consumer education doesn’t work, many security experts, including myself, believe sanctions against the worst and deliberate offenders are only a matter of time.

The best way we can all avoid moving in such an extreme direction is to take greater responsibility for protecting our own little corner of cyberspace. Guard your computers well – it’s actually quite easy and you have no excuse not to.

The easiest options are to use multiple layers of malware-protecting software and most of this is now free. Keep your computer constantly patched and updated – this is also free and automated so you have to do little. And make sure you update your browser. The latest browsers have lots of great security tools built in that can offer solid defense against most of the threats that want to take over your computer.

I’ve had the honor of being a member of the FCC’s Cyber Security Working Group and I know how dedicated the FCC is to making the Internet safer for everyone. But they can’t do it alone, and they shouldn’t have to. Don’t force your ISP to get tough with you. Protect your own corner of cyberspace and we all win.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell shares the results of a recent study on social network safety and security. Bottom line? People are becoming less “social” on social networks. Read on!

We’ve been monitoring and writing about the issues surrounding social networking safety and security for many years. During that time, we’ve been very concerned that no-one was really getting the Facebook safety and security message. We’re glad we were wrong, because according to a recent survey by the Pew Research Center’s Internet Project & American Life, users of social networking sites (or SNS) are becoming more careful and acting more cautiously.

According to Pew “Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others.” About two-thirds of internet users now use some kind of social networking site, Facebook and Twitter being the most popular.

Of these users:

• 63% of them have deleted people from their “friends” lists, up from 56% in 2009.

• 44% have deleted comments made by others on their profile.

• 37% have removed their names from photos that were tagged to identify them.

• 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active “unfrienders” when compared with older users.

• A majority of social network site users – 58% – restrict access to their profiles and women are significantly more likely to choose private settings.

• More than half of social networking site users (58%) say their main profile is set to private so that only friends can see it.

• 19% set their profile to partially private so that friends of friends can view it.

Unfortunately, some people just don’t get the security message. At least one in every five social networking user says their main profile is set to be completely public. Women who use SNS are more likely than men to set the highest restrictions (67% vs. 48%).

The personal security situation could be even better, and safer, if users didn’t have so many problems figuring out how to master their privacy settings. Half of SNS users say they have some difficulty in managing privacy controls. Those with the most education report the most trouble. In all, 48% of social media users report some level of difficulty in managing the privacy controls on their profile, while 49% say that it is “not difficult at all.”

Regrets? Seems like some social networking users have had a few. According to the study:

• About one in every ten social networking users have posted content they regret.

• Male profile owners are almost twice as likely as female profile owners to profess regret for posting content (15% vs. 8%).

• Young adults are also more prone to say they regret some of their social media postings; 15% of profile owners ages 18-29 say they have posted content they later regret, compared with just 5% of profile owners ages 50 and older.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

We recently reported on the findings of the 2012 Identity Fraud Report released by Javelin Strategy and Research. The report states that the number of identity fraud incidents increased by 13 percent in 2011, totaling 11.6 million adult victims. The report also found that certain social media behaviors and increasing number of data breach incidents contributed to the overall amount of identity fraud instances in the United States over the past year.

Our infographic highlights some of the things that you can do to protect yourself from identity fraud. Please share it with your friends and colleagues.

Read more about the 2012 Javelin Strategy & Research Identity Fraud Report.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In our post today, Intersections’ Consumer Security Adviser, Neal O’Farrell shares his insights on the recent identity theft report released by Javelin Strategy & Research.

Hackers, identity thieves, and scam artists follow the crowds. This is why there are more attacks targeted at Windows PCs instead of Macs, and endless scams focused on social networking sites like Facebook and Twitter.

With so many people relying on increasingly powerful smartphones, this may be the new battleground for your information and identity. A new report may provide the first hard evidence. Just last week, Javelin Strategy and Research released their ninth annual Identity Fraud Report which provides the most comprehensive and detailed look at the current state of identity theft.

The news wasn’t good. The study found that in spite of a significant drop in the number of identity theft victims in 2010, that might have just been a temporary blip, because in 2011 the number of identity theft victims in the U.S. spiked back up to more than 11.6 million – possibly the highest on record.

One of the more interesting facts revealed by the report was the heightened vulnerability of smartphone users to identity theft. The survey found seven percent of smartphone owners were victims of identity fraud, which was nearly 30% higher than the general population.

The report attributed this increased exposure to a number of reasons. For example:

• 32 percent of smartphone owners do not update to a new operating system when it becomes available.

• 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost.

• 32 percent save login information on their device.

According to James Van Dyke, president and founder of Javelin Strategy & Research “The study found specific opportunities for improvement. Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes.”

Identity thieves have plenty of opportunities when it comes to attacking smartphones. There are estimated to be more than 200 million Android phones and tablets in use today, with another 700,000 being added every single day.

Every day, users of those devices are downloading some of the nearly 500,000 apps that are available for Android devices. With those apps come lots of data-stealing malware. A company called NQ Mobile says it discovered more than 22,000 instances of mobile malware in 2011, Google saw a 40% increase in potentially malicious apps in its own Android market, and Juniper Networks saw a 150% increase in mobile malware in 2011.

There are some simple steps you can take to protect yourself:

• Keep to a minimum the amount of personal information you keep on your smartphone.

• Password-protect your device.

• Be careful and selective about the apps you download.

• Consider using one of the free apps that will help you find, disable, and backup a lost or stolen phone.

• Consider using one of the growing number of free security apps that can protect your smartphone from malware and malicious apps.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Taxes are inevitable. As the saying goes, taxes are literally one of the two guarantees we can always count on in life. Unfortunately, what we can also count on are ill-willed identity thieves eagerly awaiting the opportunity to take advantage of all the sensitive data passed around during tax season. Identity thieves love tax season for a variety of reasons – here are just a few:

• Sensitive documents will be exchanged, sent, and shared between employers, employees, and tax preparers.
• They know large amounts of money will be moving across accounts, especially online.
• Scams are easy to pull off during this busy time – people are quick to react to mail (or e-mail) from the IRS because they want to get their returns. This gives fraudsters the opportunity to act maliciously.

Tax filing is already a complicated process and security is just another risk filers have to consider, not the least of which is choosing the right tax preparer. The good news is there are several important steps consumers can take to help keep their data safe.

Here are some tips to keep in mind as you safely file your taxes this season:

Top Tips for a Safe & Secure Tax Season:

1. Be suspicious of any calls or emails purporting to be from the IRS, no matter what the issue. For example, some scams claim that someone else has already filed tax returns in your name or with your SSN. The IRS will always write to you first, will rarely call, and will never email you.

2. Never confirm your SSN or bank account details by email or over the phone unless you are the one placing the call.

3. If you plan to use an online tax preparation service, make sure you stick with a reputable one that has adequate security measures in place. And be careful when typing in the URL or web address of an online service in case you misspell the name and end up on a fraudulent site that looks like the real one.

4. If you plan to use online tax preparation software and intend to keep a copy of your return on your computer, you should immediately rename your return with a different file extension. It is also highly recommended you use a USB external drive to save your information instead of storing it directly on your computer.

5. Make sure your computer is free of malware like computer viruses and spyware that can steal a copy of your SSN or bank account password.

6. Choose your tax preparer carefully and don’t be afraid to ask them important security questions, such as how your information is protected at their offices during and after preparation, how long they will keep a copy of your tax return, and whether they conduct background checks on their employees.

7. If you owe money to the IRS, try to pay online through their system. If you have to pay by check, spell out the name “Internal Revenue Service” because it’s harder to forge than the letters IRS.

8. If you make copies of your return on a photocopying machine, be aware that many machines keep a copy of your pages in short term memory! Using photocopiers in public locations is not recommended.

9. Don’t forget to shred any unnecessary documents or copies when tax season is over. Dumpster divers will be on the prowl to get your banking account details and SSNs.

10. Use a credit and public monitoring service. Services like IDENTITY GUARD® TOTAL PROTECTION(SM) provide the most comprehensive identity and credit protection solution; including, three credit scores, credit monitoring, credit report updates, ID monitoring with alerts, SSN and address monitoring, and more.

Join the discussion! Learn about the latest tips to protect your identity during tax season, and join our Twitter Party with Resourceful Mommy on Thursday, March 8th from 8:00 to 9:00 p.m. ET.

According to the recently released 2012 Javelin Strategy & Research Identity Fraud Report, the number of identity fraud incidents increased by 13 percent in 2011, totaling 11.6 million adult victims. The report also found that certain social media behaviors and increasing number of data breach incidents contributed to the overall amount of identity fraud instances in the United States over the past year.

Intersections’ is pleased to provide the following recommendations and insight into this year’s report:

The findings in this year’s study indicate that fraudsters are taking advantage of consumers’ increased use of social networks, and hacking into large businesses where many identities are housed in one place. As these criminals continue to evolve in finding new ways to retrieve personal information, it is imperative that consumers remain consistent and committed to protecting their identity.

Protect Your Information. Exposing common information like birthdates and addresses puts consumers at a greater risk as these elements are commonly used by financial institutions for security questions and validation of identity to access accounts. Even such seemingly harmless information could be valuable to experienced identity thieves.

Be Social, But Be Smart. Knowing that social networks are a hotbed for identity fraud activity, consumers should take extra care when deciding who to connect with and what applications to accept. Users that approve friend requests from strangers and use GPS/location based applications are far more susceptible to fraud.

Take Caution with Mobile Computing. The convenience of online and mobile banking is here to stay, but consumers need to take the extra step of ensuring their network connection is secure and their devices have updated security.

Be an Active Party in Detection. Consumers must take the responsibility of protecting their identities into their own hands. By enrolling in a comprehensive identity protection service like IDENTITY GUARD® TOTAL PROTECTION(SM), consumers have the extra security they need to help keep them protected.

Act Quickly. The sooner a victim learns of the fraud, the sooner their road to recovery can begin, so consumers must remain alert and act quickly in the event that they notice suspicious activity, reporting it to their financial institutions and law enforcement.

Read more about the 2012 Javelin Strategy & Research Identity Fraud Report.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

The IRS recently released its annual list of the “Dirty Dozen”, the top twelve most common scams the IRS detects each year. And it is no surprise that identity theft and fraud take the top three places.

According to the IRS, many of these schemes hit a peak during filing season as people prepare their tax returns. “Taxpayers should be careful and avoid falling into a trap with the Dirty Dozen,” said IRS Commissioner Doug Shulman. “Scam artists will tempt people in-person, on-line and by e-mail with misleading promises about lost refunds and free money. Don’t be fooled by these scams.”

The following is the Dirty Dozen list of the tax scams to watch out for in 2012:

1. Identity Theft

2. Phishing

3. Return Preparer Fraud

4. Hiding Offshore Income

5. “Free Money” from the IRS & Tax Scams Involving Social Security

6. False/Inflated Income and Expenses

7. False Form 1099 Refund Claims

8. Frivolous Arguments

9. Falsely Claiming Zero Wages

10. Abuse of Charitable Organizations and Deductions

11. Disguised Corporate Ownership

12. Misuse of Trusts

As you can see from the list, many of those threats are actually scams faced by the IRS and not consumers. And while anything that costs the IRS money costs taxpayers money too, many of these scams will not apply directly to you. But the top three are always something to worry about. And of course we have seen an increase in identity theft and fraud committed by tax preparers.

Dishonest tax preparers can be a very dangerous threat because they can possess so much personal and financial information about you, and perhaps hundreds or even thousands of others. The IRS offers some advice on the things a dishonest tax preparer might not do that should be a red flag:

• They don’t sign the return or place a Preparer Tax identification Number on it.

• They don’t give you a copy of your tax return.

• They promise larger than normal tax refunds.

• They charge a percentage of the refund amount as preparation fee.

• They require you to split the refund to pay the preparation fee.

• They add forms to the return you have never filed before.

• They encourage you to place false information on your return, such as false income, expenses and/or credits.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

It seems that not a day goes by when there is not a story about a major data breach in the news. And the reason for that is that in 2011, there were more than 400 major data breaches – more than 1 every day! In today’s article, Intersections’ Consumer Security Adviser, Neal O’Farrell breaks down the data breach and provides some helpful tips on what you can do to protect yourself should your records be compromised.

Ever wondered why there are so many data breaches and why they keep happening. In 2011 there were more than 420 reported data breaches, or an average of more than one every day. And some of these breaches exposed millions of personal and customer records. What’s more worrying is that in at least 80% of these breaches, Social Security numbers were exposed.

A security firm called Trustwave did an investigation of more than 300 data breaches and exposed some interesting statistics and trends that might help to explain why so many businesses keep losing our personal and private information:

• Personal customer records were the target of hackers in nearly 90% of the breaches.

• Surprisingly, the food and beverage industry made up the majority of investigated breaches (44%), followed by retailers at 33%. Normally the biggest targets for data breaches are educational institutions and healthcare but in this report they only accounted for a combined 2% of investigated breaches

• Also surprising was the focus by hackers on franchised businesses, where the local business is owned by individual business owners. More than a third of the breaches happened at franchised businesses.

• When malware was used in the attacks, it was only detected by anti-malware software in just 12% of the attacks – suggesting the thieves are easily able to get past the most fundamental security defenses.

• But perhaps not that surprising is that the most common password being used by these breached organizations was “Password1”

So how are the attackers breaching security so often and so easily? The report exposed another troubling trend – in more than three quarters of the breaches investigated the access point was traced to third parties, like suppliers, partners, and technology developers. This suggests that while an organization you do business with might be doing all it can to protect your personal information, all the hard work can easily be undone when the partners they rely on are not as focused on protecting you as they should be.

And in more than 80% of the breaches investigated, the biggest weakness identified was poor passwords. Weak passwords continue to be exploited by hackers and intruders, and in spite of endless education on the subject, for some reason employees continue to choose passwords that can be guessed or cracked in seconds. If the most common password found in these attacks was Password1 (it’s a default password that employees obviously couldn’t be bothered to change), it suggests that we shouldn’t give up on educating everyone about the need for stronger and smarter passwords.

And what fixes did the report recommend? The very first recommendation of their report was better user and employee education, saying “The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees can often be the first line of defense.”

What else can you do?

• Use this as a reminder to beef up your passwords. Imagine how you’d feel if your weak password was cracked by hackers and used to launch a costly attack on your workplace?

• Be vigilant and careful when paying at a fast-food restaurant. Security can be a big problem here because they have limited security, a high staff turnover, and often few background checks on employees. Consider using a credit card instead of debit card when paying at one of these establishments so you’re not giving hackers access to your bank account.

• Spread the word. If you believe in security, and the role of each of us has to play in protecting our little corner of cyberspace, then share that idea with others. If each one of us were to change just a couple of our bad computing or financial habits, these crimes would be much harder to pull off.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.