Summer vacations began as an attempt to disconnect and unwind, but in today’s hyper-connected world, most of us are still plugged in; checking email, doing online banking and chatting with friends, all while on vacation.

But being in a vacation state of mind doesn’t always translate to a secure state of mind, and criminals are prepared to take advantage of that.

Recently, the FBI warned consumers about targeted attacks directed at vacationing travelers. These attacks are by committed by criminals who download malicious software onto the traveler’s computer through pop-up windows while the unsuspecting vacationer is establishing an Internet connection in their hotel room.

Attacks like these can happen all too often due to travelers being preoccupied by the details and logistics of the trip and less concerned with securing their information. The last souvenir any vacation-goer wants to come home with is an infected computer or a compromised identity.

Preparing for a trip involves planning and often checklists. Safety and security should be part of that routine, and the preparation needs to begin before you ever leave the house. And remember, just like arriving to the airport on time, it’s up to you to take your information and security into your own hands, to proactively protect yourself at home or away.

Here are some tips for travelers to consider when taking their next trip:

1. Protect Your Home – Your home not only holds your physical valuables, but also the sensitive documents and electronic records that are so appealing to criminals. Don’t leave these sensitive documents or mail out in the open. You may also consider having your mail held at the post office or collected by a trusted friend or family member.

2. Don’t Post Pictures – It’s tempting to share the details and photos of your trip with family and friends in real time through social media channels, but sharing these details on social networking sites like Twitter, Google+, Facebook and Foursquare could give criminals a heads up that your home is vacant, inviting them to pay a visit while you’re away. Try to limit the details you share until you’re back from your adventure.

3. Turn off Geo-Tracking – Don’t give criminals information about your location. This tool is just another way thieves can identify a vacant home, so it should be disabled while traveling to limit the visibility into your whereabouts.

4. Practice Online Safety – If you need to log into the web from a cyber cafe or other establishment, limit your access, avoid entering any passwords to your personal financial accounts, and be sure to log off when you are finished with your session. If you’re browsing the Internet with a wireless connection, do not assume public “hot spots” are secure. Ensure you are using encryption to scramble communications over a network.

5. Guard Your Devices – If you are planning to stay connected while you’re traveling, protect your device from key loggers, hackers, spammers, and botnets by installing anti-virus and anti-spyware software on your laptop computer, tablets, and mobile devices. Also be sure to update the software on a regular basis.

6. Limit the Number of Credit Cards you Carry — Carrying too many sensitive cards is risky. Carry just one and keep a backup in the hotel safe. Keep a copy of the emergency contact numbers for your credit cards and bank accounts handy in case they’re lost or stolen.

7. Back-up Your Documents — Be sure to make photocopy backups of the cards and documents in your wallet or purse, including credit and ATM cards and your driver’s license. In the event that your wallet is stolen, you’ll want to have these records available for your bank so they can easily be cancelled. Alternatively, enroll in a card registry program that has your card information on file.

8. Alert Your Bank. Especially with international travel, it’s a good idea to let your bank know where you are heading. This way, they can alert you of any suspicious activity that doesn’t match your itinerary and help minimize damages by freezing accounts.

9. Limit Information You Provide Over the Phone – Limit the information you provide to hotels, transportation, etc. over the phone, and opt for an in-person exchange when possible. If you’re staying at a hotel or motel and receive a call from the reception desk asking that you confirm a credit card number, tell them you’ll provide the information at the front desk.

10. Monitor Your Activity – If you’re leaving for an extended period of time, consider using a credit and public monitoring service that alerts you to potentially suspicious activity.

Last night a neighbor of mine called for some advice on identity theft. He’d just received a call from a mortgage broker he hadn’t dealt with in more than two years, who told him that he’d just had a break-in at his office, his computer was stolen, and my neighbor’s personal information was on that computer. Along with the personal information of possibly thousands of other victims who had provided their personal information to that broker over the years.

And because the information was about loan and mortgage applications, it included everything a thief would need to commit devastating identity theft against multiple victims. Information like name and spouse’s name, Social Security number, address and date of birth, earnings and employer, previous addresses and more.

What bothered my neighbor most, apart from the obvious risk to his identity, was why the broker had held on to so much sensitive information for so long. And why it was sitting unprotected on a personal computer for so long.

I had to explain to him that this practice was very common. Small businesses, whatever their nature, tend to be unfamiliar with security procedures and data protection basics. Chances are, this broker has been hanging on to highly sensitive client information for years, maybe even decades, either in the hope that he could do business with those individuals again in the future, or simply because he was too lazy to properly dispose of that information after he no longer needed it.

While something as simple (and often free) as encryption would have made that personal information completely safe from thieves, few small businesses have yet embraced this simple idea.

I’ve been saying for years that one of the biggest identity theft threats for consumers are the small businesses they deal with on a daily basis. I don’t want to be harsh on small business owners – I’ve been one for thirty years – but they’re running out of excuses. There are few small business owners today who have not heard about cybercrime and identity theft and who are not aware that they have a responsibility to protect their customer and employee information from these threats.

Yet there are also very few small business owners, in my experience, who are actually doing anything about it. The most common excuse I hear from small business owners is that they’re just too small for a hacker to bother with. This completely misses the point, because hackers usually work by doing large sweeps or trawls for victims, and are quickly able to identify those businesses that have gaping security holes.

And with identity theft often viewed as the new burglary, small business owners have just as much to fear from local petty criminal as they have from global cyber gangs, because information stolen in burglaries often ends up in the same place.

Which probably explains why the most recent study of data breaches, just published by Verizon’s security division, found that out of the 855 data breaches the company’s security team investigated last year, more than 600 of them were at small businesses. That tally’s with a claim made last year by Visa that approximately 95% of its credit card breaches were at its smallest customers.

If any small business owner is still not convinced that hackers are targeting small businesses, the Verizon report also found that more than 80% of these breaches were as a result of the activity of hackers, and nearly 70% involved the use of malware.

To me there’s little doubt that the small business is squarely in the sights of hackers and cyber criminals around the world, and a single security incident at a small business could be its’ death knell. As public awareness grows about the danger of doing business with small businesses, worried consumers may take their business elsewhere.

And the inevitable result, if small business owners fail to take heed and responsibility, is that some form of legislation will be introduced to force small business owners to do the right thing.

If you are interested in reading the 2012 Verizon Data Breach Investigations Report, you candownload a copy here.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Just last week I spoke at an identity theft seminar in the affluent Silicon Valley town of Palo Alto, CA. The event was organized by local County Supervisor Liz Kniss and the District Attorney’s office.

While anyone was welcome to join the free two-hour event, most of those who attended were seniors. And a couple of things jumped out at me that reminded me why we need to keep addressing the issue of identity theft among seniors.

The first thing I noticed was the size of the audience. The crowd looked like it topped 100, and there wasn’t an empty seat in the house. That at least suggested that there is still great concern over identity theft and a need for answers.

The second thing that jumped out at me was the very visual answer to a very simple question. When asked how many in the audience had fallen victim to identity theft or fraud, more than half of the audience raised their hands.

While there are lots of statistics about the number of victims of identity theft every year, I was still surprised to find that about one-half of the people in that audience believed they had been victimized by this crime.

This got me thinking. Were they victimized because they live in a very affluent community, surrounded by other affluent communities? After all, we know that identity thieves are increasingly targeting what they refer to as “whales” – higher net worth individuals who have more access to wealth, better credit, and less time to think about protecting themselves.

Or could the answer be even simpler, that these individuals experienced a higher rate of identity theft simply because they are older. I have a feeling I may be on to something there. Financial abuse and identity theft among the elderly are on the rise, and in many cases the thieves are those the victims trust most – caregivers, relatives, and even their own children or family members.

As a result of my presentation, I thought this might be a good time to revisit some sound advice we’ve given in the past, advice you should take to heart if you have elderly relatives, friends, or neighbors:

• The best thing you can do is to be around and in touch. Scammers are less likely to focus on an elderly victim if they know a family member is close by and vigilant.

• If you know and trust their neighbors, ask them to get more involved and keep an eye open.

• If the individual is in a nursing home or retirement community, do your homework on the community, talk to the operators or managers about security, and encourage the individual to keep as little personal or financial information with them as possible.

• If the individual is in a nursing home, suggest that all mail be forwarded to you.

• Talk to them about the risks, give them a simple checklist of warning signs to watch out for, and encourage them to always call you before they buy something new, sign any legal or loan documents, or are pressured or harassed by any stranger. They should be especially careful about telephone solicitations, which often target the elderly.

• Conduct a regular home audit, making sure that all financial documentation is safely locked away, and that any computers have adequate security in place and working.

• If home help or caregivers are involved, let them know that you’re watching out for that individual and will encourage the prosecution of any crime. If you can, do a criminal background check on any caregivers, home help, or anyone else that might have regular access to the home. If you hire a home-care professional, seek out licensed employmen agencies who will perform such background checks.

• If appropriate, offer to handle all financial transactions and account management for the individual, and have them refer any financial enquiries, proposals, or problems directly to you.

• Work with their bank and credit card providers so that they are also alert to any unusual activities or transactions on their accounts.

• Offer to check their incoming mail for suspicious offers, and to check their monthly bank and credit card statements to ensure there are no fraudulent charges or suspicious payments.

• Regularly check that the individual is receiving any Social Security benefits, pension payments, and health care they’re entitled to, and that these entitlements or payments are not being diverted or misused.

• Offer to remove them from direct mailing lists to reduce the amount of junk mail they receive. Also offer to place them on national “do not call lists” to reduce the risk of unwanted telephone solicitations

• Help them make regular payments for things like utility bills so that checks are not stolen in the mail.

• Consider placing a credit freeze on their credit reports to prevent any unauthorized credit. This freeze can easily be lifted if the individual wants to take out new credit.

• Check for any financial or utility accounts that are no longer used or needed and close them if possible.

• Help them to regularly check their credit reports and if possible set them up with a credit monitoring service with alerts sent directly to you

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In an effort to protect the broader internet from the carelessness of a few, the Federal Communications Commission (FCC), among others, is proposing a much broader adoption of something I’ve been encouraging for years – encouraging ISPs to take a greater role in protecting the Internet from the mistakes or carelessness of their own customers.

The idea is that ISPs would use a variety of tools to detect PCs that are infected with dangerous malware like bots, warn the owners of those computers about the infection, and help them clear it up. If the owner fails to clear up the infection, or becomes a repeat offender, the ultimate sanction could deny them access to the internet until they clear up their act.

It sounds draconian, and the FCC is not yet going that far. But it’s already beginning to happen and may even be a good idea. As one commentator put it, when bad guys manage to infected thousands of personal computers and get them to work together, they have in effect a highly dangerous cyber weapon capable of causing significant damage to other computers and networks.

If you’re not protecting your computer, it can easily be infected by all kinds of malware – malware that’s becoming increasingly sophisticated. When criminals are able to infect enough computers to create a botnet, or network of bot-infected computers, they can then use that network to attack web sites, hide porn, and share stolen identities. Essentially use your personal computer to run their criminal enterprise.

Which is why the Federal Communications Commission is working even harder to encourage more IPSs to get tough on careless users. And some are paying attention. A couple of years ago Comcast announced the launch of Constant Guard, a free protection service for its customers that now includes bot detection – although so far it doesn’t go as far as blocking Internet access for infected users.

But now the FCC wants all IPS to take part in this fight. In a recent speech, FCC Chairman Julius Genachowski commented that “ISPs can play a significant role in the battle against botnets. They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support.”

He added that ISPs can and must do this in a way that does not compromise consumers’ privacy and that if other ISPs employed similar best practices, it could significantly reduce the botnet threat.

And while he didn’t go as far as suggesting more draconian measures if consumer education doesn’t work, many security experts, including myself, believe sanctions against the worst and deliberate offenders are only a matter of time.

The best way we can all avoid moving in such an extreme direction is to take greater responsibility for protecting our own little corner of cyberspace. Guard your computers well – it’s actually quite easy and you have no excuse not to.

The easiest options are to use multiple layers of malware-protecting software and most of this is now free. Keep your computer constantly patched and updated – this is also free and automated so you have to do little. And make sure you update your browser. The latest browsers have lots of great security tools built in that can offer solid defense against most of the threats that want to take over your computer.

I’ve had the honor of being a member of the FCC’s Cyber Security Working Group and I know how dedicated the FCC is to making the Internet safer for everyone. But they can’t do it alone, and they shouldn’t have to. Don’t force your ISP to get tough with you. Protect your own corner of cyberspace and we all win.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

We’ve been monitoring and writing about the issues surrounding social networking safety and security for many years. During that time, we’ve been very concerned that no-one was really getting the Facebook safety and security message. We’re glad we were wrong, because according to a recent survey by the Pew Research Center’s Internet Project & American Life, users of social networking sites (or SNS) are becoming more careful and acting more cautiously.

According to Pew “Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others.” About two-thirds of internet users now use some kind of social networking site, Facebook and Twitter being the most popular.

Of these users:

• 63% of them have deleted people from their “friends” lists, up from 56% in 2009.

• 44% have deleted comments made by others on their profile.

• 37% have removed their names from photos that were tagged to identify them.

• 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active “unfrienders” when compared with older users.

• A majority of social network site users – 58% – restrict access to their profiles and women are significantly more likely to choose private settings.

• More than half of social networking site users (58%) say their main profile is set to private so that only friends can see it.

• 19% set their profile to partially private so that friends of friends can view it.

Unfortunately, some people just don’t get the security message. At least one in every five social networking user says their main profile is set to be completely public. Women who use SNS are more likely than men to set the highest restrictions (67% vs. 48%).

The personal security situation could be even better, and safer, if users didn’t have so many problems figuring out how to master their privacy settings. Half of SNS users say they have some difficulty in managing privacy controls. Those with the most education report the most trouble. In all, 48% of social media users report some level of difficulty in managing the privacy controls on their profile, while 49% say that it is “not difficult at all.”

Regrets? Seems like some social networking users have had a few. According to the study:

• About one in every ten social networking users have posted content they regret.

• Male profile owners are almost twice as likely as female profile owners to profess regret for posting content (15% vs. 8%).

• Young adults are also more prone to say they regret some of their social media postings; 15% of profile owners ages 18-29 say they have posted content they later regret, compared with just 5% of profile owners ages 50 and older.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Our infographic highlights some of the things that you can do to protect yourself from identity fraud. Please share it with your friends and colleagues.

Read more about the 2012 Javelin Strategy & Research Identity Fraud Report.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Hackers, identity thieves, and scam artists follow the crowds. This is why there are more attacks targeted at Windows PCs instead of Macs, and endless scams focused on social networking sites like Facebook and Twitter.

With so many people relying on increasingly powerful smartphones, this may be the new battleground for your information and identity. A new report may provide the first hard evidence. Just last week, Javelin Strategy and Research released their ninth annual Identity Fraud Report which provides the most comprehensive and detailed look at the current state of identity theft.

The news wasn’t good. The study found that in spite of a significant drop in the number of identity theft victims in 2010, that might have just been a temporary blip, because in 2011 the number of identity theft victims in the U.S. spiked back up to more than 11.6 million – possibly the highest on record.

One of the more interesting facts revealed by the report was the heightened vulnerability of smartphone users to identity theft. The survey found seven percent of smartphone owners were victims of identity fraud, which was nearly 30% higher than the general population.

The report attributed this increased exposure to a number of reasons. For example:

• 32 percent of smartphone owners do not update to a new operating system when it becomes available.

• 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost.

• 32 percent save login information on their device.

According to James Van Dyke, president and founder of Javelin Strategy & Research “The study found specific opportunities for improvement. Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes.”

Identity thieves have plenty of opportunities when it comes to attacking smartphones. There are estimated to be more than 200 million Android phones and tablets in use today, with another 700,000 being added every single day.

Every day, users of those devices are downloading some of the nearly 500,000 apps that are available for Android devices. With those apps come lots of data-stealing malware. A company called NQ Mobile says it discovered more than 22,000 instances of mobile malware in 2011, Google saw a 40% increase in potentially malicious apps in its own Android market, and Juniper Networks saw a 150% increase in mobile malware in 2011.

There are some simple steps you can take to protect yourself:

• Keep to a minimum the amount of personal information you keep on your smartphone.

• Password-protect your device.

• Be careful and selective about the apps you download.

• Consider using one of the free apps that will help you find, disable, and backup a lost or stolen phone.

• Consider using one of the growing number of free security apps that can protect your smartphone from malware and malicious apps.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

• Sensitive documents will be exchanged, sent, and shared between employers, employees, and tax preparers.
• They know large amounts of money will be moving across accounts, especially online.
• Scams are easy to pull off during this busy time – people are quick to react to mail (or e-mail) from the IRS because they want to get their returns. This gives fraudsters the opportunity to act maliciously.

Tax filing is already a complicated process and security is just another risk filers have to consider, not the least of which is choosing the right tax preparer. The good news is there are several important steps consumers can take to help keep their data safe.

Here are some tips to keep in mind as you safely file your taxes this season:

Top Tips for a Safe & Secure Tax Season:

1. Be suspicious of any calls or emails purporting to be from the IRS, no matter what the issue. For example, some scams claim that someone else has already filed tax returns in your name or with your SSN. The IRS will always write to you first, will rarely call, and will never email you.

2. Never confirm your SSN or bank account details by email or over the phone unless you are the one placing the call.

3. If you plan to use an online tax preparation service, make sure you stick with a reputable one that has adequate security measures in place. And be careful when typing in the URL or web address of an online service in case you misspell the name and end up on a fraudulent site that looks like the real one.

4. If you plan to use online tax preparation software and intend to keep a copy of your return on your computer, you should immediately rename your return with a different file extension. It is also highly recommended you use a USB external drive to save your information instead of storing it directly on your computer.

5. Make sure your computer is free of malware like computer viruses and spyware that can steal a copy of your SSN or bank account password.

6. Choose your tax preparer carefully and don’t be afraid to ask them important security questions, such as how your information is protected at their offices during and after preparation, how long they will keep a copy of your tax return, and whether they conduct background checks on their employees.

7. If you owe money to the IRS, try to pay online through their system. If you have to pay by check, spell out the name “Internal Revenue Service” because it’s harder to forge than the letters IRS.

8. If you make copies of your return on a photocopying machine, be aware that many machines keep a copy of your pages in short term memory! Using photocopiers in public locations is not recommended.

9. Don’t forget to shred any unnecessary documents or copies when tax season is over. Dumpster divers will be on the prowl to get your banking account details and SSNs.

10. Use a credit and public monitoring service. Services like IDENTITY GUARD® TOTAL PROTECTION(SM) provide the most comprehensive identity and credit protection solution; including, three credit scores, credit monitoring, credit report updates, ID monitoring with alerts, SSN and address monitoring, and more.

Join the discussion! Learn about the latest tips to protect your identity during tax season, and join our Twitter Party with Resourceful Mommy on Thursday, March 8th from 8:00 to 9:00 p.m. ET.

Intersections’ is pleased to provide the following recommendations and insight into this year’s report:

The findings in this year’s study indicate that fraudsters are taking advantage of consumers’ increased use of social networks, and hacking into large businesses where many identities are housed in one place. As these criminals continue to evolve in finding new ways to retrieve personal information, it is imperative that consumers remain consistent and committed to protecting their identity.

Protect Your Information. Exposing common information like birthdates and addresses puts consumers at a greater risk as these elements are commonly used by financial institutions for security questions and validation of identity to access accounts. Even such seemingly harmless information could be valuable to experienced identity thieves.

Be Social, But Be Smart. Knowing that social networks are a hotbed for identity fraud activity, consumers should take extra care when deciding who to connect with and what applications to accept. Users that approve friend requests from strangers and use GPS/location based applications are far more susceptible to fraud.

Take Caution with Mobile Computing. The convenience of online and mobile banking is here to stay, but consumers need to take the extra step of ensuring their network connection is secure and their devices have updated security.

Be an Active Party in Detection. Consumers must take the responsibility of protecting their identities into their own hands. By enrolling in a comprehensive identity protection service like IDENTITY GUARD® TOTAL PROTECTION(SM), consumers have the extra security they need to help keep them protected.

Act Quickly. The sooner a victim learns of the fraud, the sooner their road to recovery can begin, so consumers must remain alert and act quickly in the event that they notice suspicious activity, reporting it to their financial institutions and law enforcement.

Read more about the 2012 Javelin Strategy & Research Identity Fraud Report.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

The IRS recently released its annual list of the “Dirty Dozen”, the top twelve most common scams the IRS detects each year. And it is no surprise that identity theft and fraud take the top three places.

According to the IRS, many of these schemes hit a peak during filing season as people prepare their tax returns. “Taxpayers should be careful and avoid falling into a trap with the Dirty Dozen,” said IRS Commissioner Doug Shulman. “Scam artists will tempt people in-person, on-line and by e-mail with misleading promises about lost refunds and free money. Don’t be fooled by these scams.”

The following is the Dirty Dozen list of the tax scams to watch out for in 2012:

1. Identity Theft

2. Phishing

3. Return Preparer Fraud

4. Hiding Offshore Income

5. “Free Money” from the IRS & Tax Scams Involving Social Security

6. False/Inflated Income and Expenses

7. False Form 1099 Refund Claims

8. Frivolous Arguments

9. Falsely Claiming Zero Wages

10. Abuse of Charitable Organizations and Deductions

11. Disguised Corporate Ownership

12. Misuse of Trusts

As you can see from the list, many of those threats are actually scams faced by the IRS and not consumers. And while anything that costs the IRS money costs taxpayers money too, many of these scams will not apply directly to you. But the top three are always something to worry about. And of course we have seen an increase in identity theft and fraud committed by tax preparers.

Dishonest tax preparers can be a very dangerous threat because they can possess so much personal and financial information about you, and perhaps hundreds or even thousands of others. The IRS offers some advice on the things a dishonest tax preparer might not do that should be a red flag:

• They don’t sign the return or place a Preparer Tax identification Number on it.

• They don’t give you a copy of your tax return.

• They promise larger than normal tax refunds.

• They charge a percentage of the refund amount as preparation fee.

• They require you to split the refund to pay the preparation fee.

• They add forms to the return you have never filed before.

• They encourage you to place false information on your return, such as false income, expenses and/or credits.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Ever wondered why there are so many data breaches and why they keep happening. In 2011 there were more than 420 reported data breaches, or an average of more than one every day. And some of these breaches exposed millions of personal and customer records. What’s more worrying is that in at least 80% of these breaches, Social Security numbers were exposed.

A security firm called Trustwave did an investigation of more than 300 data breaches and exposed some interesting statistics and trends that might help to explain why so many businesses keep losing our personal and private information:

• Personal customer records were the target of hackers in nearly 90% of the breaches.

• Surprisingly, the food and beverage industry made up the majority of investigated breaches (44%), followed by retailers at 33%. Normally the biggest targets for data breaches are educational institutions and healthcare but in this report they only accounted for a combined 2% of investigated breaches

• Also surprising was the focus by hackers on franchised businesses, where the local business is owned by individual business owners. More than a third of the breaches happened at franchised businesses.

• When malware was used in the attacks, it was only detected by anti-malware software in just 12% of the attacks – suggesting the thieves are easily able to get past the most fundamental security defenses.

• But perhaps not that surprising is that the most common password being used by these breached organizations was “Password1”

So how are the attackers breaching security so often and so easily? The report exposed another troubling trend – in more than three quarters of the breaches investigated the access point was traced to third parties, like suppliers, partners, and technology developers. This suggests that while an organization you do business with might be doing all it can to protect your personal information, all the hard work can easily be undone when the partners they rely on are not as focused on protecting you as they should be.

And in more than 80% of the breaches investigated, the biggest weakness identified was poor passwords. Weak passwords continue to be exploited by hackers and intruders, and in spite of endless education on the subject, for some reason employees continue to choose passwords that can be guessed or cracked in seconds. If the most common password found in these attacks was Password1 (it’s a default password that employees obviously couldn’t be bothered to change), it suggests that we shouldn’t give up on educating everyone about the need for stronger and smarter passwords.

And what fixes did the report recommend? The very first recommendation of their report was better user and employee education, saying “The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees can often be the first line of defense.”

What else can you do?

• Use this as a reminder to beef up your passwords. Imagine how you’d feel if your weak password was cracked by hackers and used to launch a costly attack on your workplace?

• Be vigilant and careful when paying at a fast-food restaurant. Security can be a big problem here because they have limited security, a high staff turnover, and often few background checks on employees. Consider using a credit card instead of debit card when paying at one of these establishments so you’re not giving hackers access to your bank account.

• Spread the word. If you believe in security, and the role of each of us has to play in protecting our little corner of cyberspace, then share that idea with others. If each one of us were to change just a couple of our bad computing or financial habits, these crimes would be much harder to pull off.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Believe it or not, now is the time that many people start making decisions about their vacation, especially with Easter and spring break not far away. And now is also the time that scammers start to ramp up their attacks to take advantage of this.

That’s probably why consumers around the country are being warned to watch out for a new wave of scams based around vacation rentals. It’s a story we covered about a year ago but is fast becoming a favorite for scammers around the world.

In recent cases, scammers are stealing the email passwords of genuine renters using vacation rental web sites, and posing as the real owner are advertising vacation properties, accepting deposits, and then simply vanishing; leaving the real homeowner, the victims, and the web sites to pick up the pieces.

In the most advanced scams, scammers are creating entire web sites devoted to highlighting a variety of rental properties around the world at attractive prices. The sites come complete with detailed photos and descriptions of the properties, information on local attractions, testimonials from happy renters, and even currency exchange calculators. All designed to convince customers that the site is real.

The scammers use international payment systems to collect multiple deposits for properties that are not theirs to rent. And in many cases the properties are actually real and available to rent – just in case the vacation-seeker decides to try to look at the property using Google Earth. If scammers can take multiple deposits, for thousands of dollars at a time, for the same non-existent rental, you can imagine how lucrative the scam is.

And this is where the scam can get particularly heartless. Imagine that you and your family have booked and paid for your dream vacation. Everyone has taken time off work, you renewed your passports, paid for a pet sitter, and purchased a bunch of expensive plane tickets.

After hours of exhaustive travel you arrive at your dream rental only to find someone else is renting it, or the owner has never heard of you and has never rented the property. And because it’s the height of tourist season there isn’t a single room anywhere nearby to rent instead. It can be emotionally and financially heartbreaking for victims. And if the vacation is purchased directly from the scammers, there’s no recourse, refund, or insurance.

In one recent case, an unlucky homeowner in Florida was plagued by an endless stream of angry vacationers demanding to get into his property – which they believe they had rented – or get their money back. After some victims became so threatening, the homeowner had to post signs on his lawn that the property was never for rent in the first place. And it’s easy to understand why victims might assume that the real homeowner is in on the scam.

And the Chicago Tribune recently ran the story of one such victim, who paid a deposit of $4,500 to rent a vacation home that simply did not exist. And while the victim was careful enough to rent the property through a reputable online broker called HomeAway.com, she was still out of luck. Many of these sites do little if anything to verify the authenticity of their advertisers. And in this case, the crooks had gone to the trouble of hacking into the real owner’s email account and launching the scam that way.

But with some sites hosting property listings by more than half a million property owners and managers, it’s impossible to police such a large pool of properties all around the world.

Unfortunately, there’s very little you can do to avoid such a scam. The obvious protection is to not pay upfront for rental listings you find on Craigslist or in unsolicited emails. But even going through reputable online sites and brokers is no guarantee either.

There are some things you can do to at least reduce the risks:

• Use an established and reputable online broker and see if they have some form of rental guarantee or insurance.

• Pay with a credit card or PayPal if you can but never by wire transfer.

• See if you can get any referrals from friends who might have some favorite vacation properties they can recommend.

• Never respond to an email offering vacation rentals. Most legitimate renters won’t spam you.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

1 in 5 Americans may be victim of online stalking

A new study recently released by the National Cyber Security Alliance (NCSA) and McAfee found that one in five Americans have come in contact with someone online who made them feel uncomfortable through stalking, persistent emails, and other aggressive outreach attempts.

The report was published to coincide with January’s National Stalking Awareness Month and revealed a number of troubling statistics.

For example:

• The National Center for Victims of Crime estimated that stalking affects 3.4 million victims every year

• One in four victims report that the stalker uses a variety of technologies, such as computers, global positioning system (GPS) devices, or hidden cameras, to track the victim’s daily activities.

• Just less than 40% of those victims reported the incident while 61% chose not to.

“The Internet is an amazing tool for sharing and connecting with people. Unfortunately, there are some people who will use it to track, harass or make unwanted contact. Stalking can be dangerous and should be taken seriously,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “We encourage anyone who believes they are being victimized online to report the crime and seek help, if needed, from law enforcement or a victim service provider.”

The authors of the report offered the following tips to help you avoid stalking and deal with stalkers:

1) Clean up your online profiles – Don’t include your address or phone number in an online profile. If you must use a professional networking site such as LinkedIn for work, include your company’s corporate address instead of your actual office to prevent someone from knowing where you work. Think about each piece of information you include on your profile and whether it would be dangerous if it fell into the wrong hands.

2) Lock down your privacy settings – If you are a social networking user, make sure to set all of your privacy settings to “private” or “friends only” to keep people outside of your network from accessing your information. It’s also important to regularly check the settings to make sure there haven’t been any changes that leave your data exposed.

3) Be careful whom you connect with – When using social networking sites, only connect with people who you know in real life. A stranger who tries to “friend” you could become trouble later on. Also, pay attention to the people your friends are connected with to prevent your information from being shared with someone suspicious.

4) Search yourself to see what’s out there about you – You might be surprised at what you find when you search for yourself. Old website profiles, online forum posts, and pictures of you posted by other people could all be unearthed in a quick search. If you find information about yourself that you want removed, contact the website or person hosting the content.

5) Don’t use an email address that is easy to identify – Stay under the radar by selecting online handles that don’t include your name, date of birth, or other details about you that a stalker might easily recognize. Once you have an anonymous address, guard it as you would your credit card or Social Security number.

6) If you have a personal website, don’t post your email address – These days many of us have blogs and personal websites, but it’s a bad idea to post your email address. Instead, use a contact form so that people can reach you without having your personal address.

7) Be careful when posting photos online – You never know where photos can end up when you post them online. Someone could find them in an image search, post them to a website or downloaded them to their computer. And if the photo contains information about where you live or work, you could wind up giving a stalker all the information they need to locate and harass you.

8. Create strong passwords – Make it difficult for someone to guess your passwords by using a mix of letters, numbers and characters and make sure that they don’t spell anything. Passwords that include the name of your pet or some other personal detail could easily be guessed, allowing an attacker to gain access your account. The same goes for security question answers. Choose hard-to-guess answers to prevent someone from using the password retriever function to obtain your password.

9) Avoid using location-based services – “Checking-in” to restaurants and other locations can be fun, but it can also be dangerous if someone is stalking you. If you must use location-based services, choose a unique username or alias that is not associated with any of your other accounts to make it more difficult for people to identify you.

10) Delete old posts or entries – If you have a stalker, they will scour the Internet for any tidbit of news about you so it’s a good idea to delete any old forum posts, Tweets or status messages that include any personal details or information that could allow them to find you both online and off.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

2012 has already been an interesting year for Facebook security, with the emergence of some dangerous new scams and the unmasking of one of Facebook’s most notorious cyber gangs.

In case you never heard of Koobface, it’s a piece of malware that first emerged in 2008 and quickly infected millions of users. Users were tricked into downloading the malware by clicking on infected links on Facebook pages with messages like “Lol, is this you in this video?” These users were then enlisted into a giant international bot network of hijacked computers, at one point numbering close to one million computers, which in turn were used to engage in a variety of criminal activities that including pedaling fake anti-virus software.

The Koobface gang, as they became known, were able to generate millions of dollars in criminal gains, and all the while working out in the open, in plain sight, in the Russian city of St Petersburg. Until January 16th, when the New York Times and other outlets identified the five members of the gang and posted their photos across the world.

Apparently that did the trick, because Facebook just reported that they had finally wiped all traces of Koobface from Facebook, and that the command and control servers used to manage this massive criminal network appear to have gone silent.

But if everyone knows who these criminal are, and have known for some time, why were they not arrested? In a statement from Russian authorities, the answer is simple – no-one ever bothered to ask them to investigate or arrest them. While that’s probably not the case, and Russian authorities have probably known about and tolerated the gang for years, it reminds us once again why so many of the world’s most notorious hacking gangs work unimpeded from behind the Russian border.

But that might have been the only good news on the security front for Facebook. Just last week we talked about a dangerous new worm called Ramnit, which had apparently been merged with the highly dangerous Zeus banking Trojan and stealing Facebook passwords in the expectation (probably correct) that many Facebook users use the same password on other sites. Like their online banking.

And that was followed by a Facebook ransomware attack, where Facebook users received messages claiming that as a result of some unusual activity their Faceook account had been suspended and they would have to pay a fee of around $30 in order to unlock it.

There are some important lessons to be learned here:

• Probably the only way to defeat all these Facebook threats that keep emerging is for everyone to stop using Facebook. Criminals are only targeting Facebook because it’s easy to pick the pockets of such large crowds.

• It’s like playing whack-a-mole with criminals. As soon as one gang or piece of malware has been neutralized, another takes its place. And often the replacement has learned from its predecessors, adapted itself, and become even more potent.

• It’s still down to users. Facebook is doing all it can (I assume) to counter all these threats. But if you really do love Facebook, you can help – by being more cautious, vigilant, and cynical when it comes to any unusual messages you receive. And of course, a strong and well-protected password would be greatly appreciated too.

You can read details of the compelling Koobface expose here.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

I don’t normally start talking about tax time identity theft this early, but if you want to prevent someone else from grabbing your refund before you do, early filing is essential. That’s the advice I recently gave to one victim who found that every member of his family had their identities compromised, as a small ring of thieves did everything they could – from applying for mortgages to opening new credit cards – as soon as they got their hands on the stolen information.

And at this time of the year, one of the first things a thief will do with a stolen identity is concoct a fake tax return and submit it using the victim’s identity. When the victim files their own return, the scam is exposed, leaving the victim without a refund they might have been relying on to pay important bills. And the IRS can take up to a year or more to investigate the fraud and issue a new refund. If they issue a new one at all.

And it’s not just the living who are victimized. In 2009, the IRS issued more than $12 million in tax refunds to 5,000 dead people, part of a variety of scams using the identities of the dead to defraud the IRS. And that impacts us all. Not only does it deprive us of money that belongs to taxpayers, it consumes a huge amount of time processing these fake returns, investigating the frauds, and trying to recover the funds.

According to a recent story by Bloomberg, the IRS is woefully unprepared to investigate fraudulent returns. Bloomberg cited a government watchdog that claims the IRS does not have the funds to identify potential identity theft and investigate suspicious tax returns. It said that last year the IRS identity theft caseload grew by 20 percent to more than 226,000 and that the number of tax returns the IRS decided needed additional screening for possible fraud exceeded 1 million, a 72 percent increase over 2010.

And this is what thieves are preying on. I’ve written a few times about Operation Rainmaker, a stunningly-successful scam in Florida last year where street level drug dealers turned to IRS-related identity theft and were able to scam the IRS out of more than $130 million in bogus tax refunds.

The scam took advantage of the fact that because of budget and manpower issues, the IRS rarely investigates tax refunds of less than $10,000. So the drug dealers learned how to steal identities and prepare tax returns, and were quickly able to earn millions from the scam. A scam that was not discovered by the IRS but by a local employee who became suspicious of all the text refunds going to the same addresses.

There are some things you can do to protect yourself and your refund:

• File early so you get your refund before the thieves do.

• Choose your tax preparer carefully. There seems to be a worrying uptick in recent years in the number of tax preparers stealing or abusing the identities of their clients.

• Be wary of any emails or even phone calls you receive claiming to be from the IRS. They rarely call and they never email.

• If you plan to mail in your return, take it directly to the post office to reduce the risk of mail thieves intercepting it.

• If you can, have your refund deposited directly to your bank account so that your refund check is not intercepted by thieves.

• If you file online, make sure your computer is free from malware. You should be doing this anyway.

• If you think your Social Security number has been compromised or exposed, call the IRS identity theft hotline and ask them to place a red flag on your Social Security number. You can call the IRS Identity Protection Specialized Unit, toll-free at 1-800-908-4490

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Today, The Daily Shield welcomes back Identity Guard® product manager Lindsey George and she tells us about a tool called ID Vault®, which is included with IDENTITY GUARD® TOTAL PROTECTIONSM. ID Vault stores all of your computer passwords and will sign you on to all of your online accounts. Watch the video below as Lindsey explains how to use this important tool.

Follow Lindsey on Twitter!

Keep informed about the latest threats to your safety. Join our Facebook group.

A few years ago I started warning about a dangerous new type of malware known as a banker or banking Trojan, with names like Clampi and Zeus. Banking Trojans were such a threat because they were very good at what they were designed to do – sneak on to your computer, bypass security, steal your passwords, log in to your bank accounts and empty them. Within a matter of months the FBI estimated that these Trojans had stolen hundreds of millions of dollars from victims across America.

Security researchers recently discovered a very dangerous new form of this Trojan that has financial institutions very worried. The Trojan is called SpyEye and has also been around for a few years – most researchers believe SpyEye is just a reincarnation of the dreaded Zeus Trojan.

In the new version, the Trojan is able to manipulate your transactions history so that if you were to check in on your bank account and look at things like transactions and balances, everything would look OK. That’s because the Trojan is able to erase its tracks and hide any changes it makes in your account – like transferring all your money to another account. This is a very worrying development because in many cases, checking your statements is the only defense you may have against such scams.

Because the attack presents the doctored statements to your browser, it would not be able to hide the attack if you were to access your bank account from another computer or an ATM. And of course the scam would be obvious in a paper statement. But, as experts point, finding out about the attack when your statement arrives thirty days later may be way to late to stop thieves from emptying your account.

In an interview with MSNBC, Amit Klein, one of the security experts who discovered the new threat cautioned “My take is that if your computer is infected with financial malware, it’s game over anyway. My takeaway is you need to prevent getting infected with financial malware in the first place.”

Because SpyEye variants are constantly changing to evade virus detection, it can sometimes take virus companies weeks to push out a virus signature to your computer. If SpyEye manages to infect your computer during that window, you may be out of luck.

In 2005, almost half of new malicious codes were Trojans, according to Panda Security. By the end of 2010, Trojans made up more than 70% of new malware.

There are believed to be thousands of varieties of banking Trojans in circulation, and some can be purchased as complete ready-to-go kits for as little as a few hundred dollars.

Most Trojans will infect computers by using spam with infected email attachments, or by infecting web sites which in turn will infect unprotected computers visiting those sites – known as “drive by” infections.

Here are some things you can do to protect yourself:

• Scan all your personal and business computers, either using your existing anti-virus software or using any of the free scanning services listed on our web site.

• Be very careful in the web sites you visit and consider using one of the many free web site verification tools, like Trusteer, that can help identify infected web sites before you click on them.

• Layer every computer with the best virus and spyware protection available and update it constantly. But be aware that having the latest anti-malware protection in place is no guarantee that you’ll be able to prevent or detect an infection.

• Patch your computer constantly and make sure your computer settings are configured to automatically download and install patches and updates as soon as they become available.

• Avoid opening email attachments or clicking on links in emails unless you’re able to verify the email is legitimate, and be careful about visiting web sites you’re not familiar with.

• Teach all family members or employees to be especially vigilant for phishing schemes and to watch out for unusual or personalized emails with attachments or links that are not familiar.

• Set up account alerts to notify you of any transactions or changes in account balances, and work with your bank to see if there are additional layers of authentication they can use to prevent or alert you to unauthorized transfers.

• Spread your funds between a number of accounts and limit the number of users on each account.

• Change your passwords regularly, make them tough to guess, and protect them well.

• Use keylogger protection to help hide your passwords and protect them from snoops.

• Consider using just one computer for online banking, and make sure that computer is highly secure and ideally not used for email or any other Internet connected activity.

• Be vigilant when visiting your bank login page, especially for any changes to the login procedure or requests for additional information.

• Check your paper statements as soon as you get them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Visit msnbc.com for breaking news, world news, and news about the economy

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

While most of the advice we offer on the Daily Shield focuses on protecting your personal space and finances, it’s easy to forget that some of the greatest security vulnerabilities can be found in a place you may spend much of your life – the workplace.

And with an endless stream of data and security breaches being traced back to bad decisions in the workplace, it could help you and your job if you pay a little more attention to workplace security and privacy.

With that in mind, here are a few simple ideas that can protect you and your co-workers in the year to come:

• Know the rules and follow the policies. Security policies sound like a pain, and in some workplaces they’re so long and complex they read like a text book for a law degree. But policies are there for a reason, and even if they’re poorly written or overly complex, you still need to pay attention to them. If properly implemented, they protect data, protect your workplace, and even protect your job.

• Be careful what you bring to work. One of the biggest threats in 2012 is BYOD – Bring Your Own Device. In spite of policies against them, many employees still bring their own smartphones, laptops, and tablets to work. Thumb drives are a particular source of security problems. If you use those devices to store work information or access corporate networks or systems, you risk exposing your workplace to all kinds of threats. If your employer doesn’t know what kinds of devices you’re using, and what kind of security precautions you’re taking, they’re almost defenseless against the risks your devices might pose.

• Keep your personal information hidden or out of the office. A study as far back as 2005 by the University of Michigan found that close to 70% of all identity thefts in the United States might originate in the workplace. Even if the report is only half right, that’s reason enough for you to guard any personal information you bring to the workplace. So hide any personal financial documentation, wallet, purse, personal devices and anything else a co-worker might grab an opportunity to snoop on.

• Be careful with social media. Many workplaces still don’t have clear rules about the use of social media in the workplace, but that doesn’t mean you should ignore the risks. And apart from getting into trouble for checking your Facebook page too often at work, some of the biggest risks when using social networks at work include saying things that could get you or your employer into trouble, giving away corporate secrets or insider knowledge, or clicking on a malicious link that introduces malware into your workplace.

To avoid these dangers (1) stay off Facebook at work as much as possible, (2) if you do use Facebook or Twitter, mind what you say – about yourself, your workplace, your colleagues, and your job, (3) be very careful what you click on.

• Protect your passwords. If your workplace has guidelines or policies on the proper use of passwords, follow them. The rules are there because they work. If your workplace doesn’t have any clear rules, then use common sense. Use long and complex passwords, change passwords often, don’t share them with others, and be wary of calls or emails claiming to be from a colleague and requesting your password.

• Challenge strangers. One of the most common attacks on the workplace is the walk-in, where a complete stranger will simply walk into the business, perhaps posing as a customer, repair technician, or even a janitor, and steal information. If you come across a stranger in your office, don’t simply ignore them. Offer to help them, ask them who are and what they’re looking for, and if they seem suspicious, notify security or your colleagues.

• Think privacy. The root of good security is a respect for privacy. As a consumer you value your privacy and expect it to be respected and protected. So why not expect that for others. If you come across the personal information of others, give it the respect it deserves. Good security flows from a respect and passion for privacy, and if it’s second nature, security breaches are less likely to happen.

• Be an advocate. If you truly believe in security and privacy, and believe that it makes a difference, then speak up. Become a privacy advocate in your workplace. Encourage co-workers to take security and privacy seriously, and if there are no security guidelines or policies in place already, offer to work with your employer to create share, and apply them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Another year over and a new one is just about to begin, but hand it to hackers to spoil all the fun. As we look back on the year that was, and try to predict what lies for us in the year ahead, it might be a good time to think and talk about all the things we’d like to change so that the bad guys don’t win more than they have to.

With that in mind, I’ve put together a wish list of just some of the things that I’d like to see happen – things that would protect consumers and make life easier for victims.

1. Consumers could take the threats more seriously and get more involved in their own protection. We know from experience that the majority of security incidents could be avoided if consumers were more vigilant, more involved, and more willing to change the bad habits that often get them in trouble.

2. Stop using zero liability as a safety net. Consumers make the mistake of assuming that zero liability means zero loss or zero responsibility. As any victim will tell you, zero liability leaves a lot to be desired and often leaves the victim on the hook for costs they never anticipated.

3. Banks should play a greater role in educating and alerting their customers. Banks are in the best position to educate and information their customers about security risks, and alert them to the latest threats. But most financial institutions would prefer to say as little as possible about security in case it makes their customers worry.

4. The IRS, Social Security Administration and other government agencies should be more sympathetic to the plight of victims and change their practices. I hear so many horror stories of identity theft victims whose Social Security number is being repeatedly misused and abused by crooks, and in many cases it’s because the Social Security Administration has few resources to help in such cases.

5. Law enforcement should be more aggressive, especially when it comes to taking victim reports and sharing intelligence. One of the many worrying trends in identity theft is the evolution of super thieves – low level crooks who are never arrested or get into any law enforcement database, and so go unchallenged and undetected for years. Which gives them plenty of time to practice and get much better. By the time law enforcement spots them, they’re too good to be caught.

6. Data breach laws should focus on the needs of the consumer and not the breached company. Too many of the proposed laws focus on the needs of business rather than the impact on consumers.

7. Consumers should watch their credit reports more carefully – I still come across consumers in their 50’s who have never checked their credit reports and don’t know how.

8. Accelerate the move to chip-and-pin cards. This should help slow down the surge in skimming attacks that take advantage of the vulnerabilities of traditional magnetic stripe cards.

9. More consumers using credit cards instead of debit cards. As recent skimming attacks have shown, a debit or ATM card provides direct access to the victim’s bank account. And while stolen funds may be replaced, it might not happen fast enough for the victim to pay urgent bills. Credit cards shift the loss and responsibility on to the financial institution.

10. Faster move to authentication systems to replace passwords. I wrote in a recent blog that IBM believes the password will be a thing of the past within the next five years. And that’s not fast enough for me. There are better ways for users to identify and authenticate themselves, and the sooner they become more practical and effective, the better for security.

11. More security awareness training for employees. Because so many security incidents and breaches are as a result of preventable mistakes by employees, the only remedy is better employee security awareness training. In spite of the fact that it’s one of the cheapest security tools available, most employees receive little if any security training. Which means we’re likely to see more data breaches that result from busy employees making predictable but preventable mistakes.

12. And finally, I’d love to see the creation of a national database of compromised Social Security numbers. Because Social Security numbers can rarely be changed, once an SSN is stolen the victim faces a lifetime of fraud and worry. A national database of compromised Social Security Numbers could significantly cut down on the number of times a stolen Social Security Number is abused.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Christmas is a time for tradition, and in the security world one of those traditions is predicting what’s in store for us next year from hackers, scammers and all the other things that go bump on the net.

Perhaps the best way to summarize next year’s threats is more of the same, and here are just a few of my predictions:

• More friends and family fraud, as continued economic hard times force otherwise honest individuals to exploit family credit to pay bills.

• An increase in existing account fraud as financial institutions get better at preventing new account fraud and force thieves to focus on low hanging fruit.

• An increase in child identity theft as thieves become more aware of how hard it is to stop it, and a similar increase in elder financial exploitation as social services for the elderly are cut back.

• An increase in skimming, especially in supermarkets, as thieves rush to take advantage of this vulnerability before chip-and-pin is more widely adopted and makes skimming more difficult.

• A shift from street-level drug dealing to identity theft. This is a worrying trend because it could fuel the growth in identity theft for another decade. The recent Operation Rainmaker in Florida, where local drug dealers joined forces to learn about identity theft and defraud the IRS out of more than $130 million using stolen identities, is a perfect example of this trend.

• A growth in super thieves – low level thieves, like those involved in mail theft or check washing – who are never arrested or investigated, stay off law enforcement’s radar, and only become better, more sophisticated, and able to steal larger amounts without being caught. They take advantage of the fact that law enforcement has largely given up on identity theft.

• An increase in attacks against small businesses because of the wealth of identity information they possess with little protection.

• An increase in tax-related identity theft, as crooks realize how lax IRS security controls are and how easy it is to get a refund using a stolen or “deceased” identity.

• An increase in identity theft malware especially banking Trojans, keyloggers, and Android malware.

• An increase in legislation to protect consumers, and especially data breach legislation.

• Lots of opportunities for hackers to poison search results and take advantage of some big events next year, especially the 2012 Olympic Games starting in July in London, and of course the Presidential election. Both events will provide hackers and scammers with endless opportunities to trick unwary users into falling for some scam or another.

• More hactivisim, but much of it by copycat hackers rather than by the original Anonymous or Lulz crew.

• More infrastructure attacks, targeted at everything from power stations to water treatment plants. Most of the attacks will be probes to test the resilience of these systems to attack.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

A smartphone is not really a phone, and that’s a fact you should keep in mind over the coming holidays. A smartphone really is an ultra-powerful, ultra compact computer with a phone thrown in for convenience. And it’s that computing power that has millions of users running their lives around that tiny, pocket-sized device. And why thieves around the world want those devices too. Maybe yours.

With power comes storage, for lots of personal and work information, and so to lose a smartphone could be the first step towards losing your identity. Which might explain why we’re seeing such a spike in the theft of smartphones, in public places and crowds and in broad daylight.

According to a recent study by the New York Police Department, of the 16,000 or so robberies reported in New York in the first ten months of this year, half involved mobile devices and most of those were phones. The iPhone is one of the most popular, accounting for more than 70% of phones stolen on buses and subways, and often snatched out of the hands of the user. And computers, MP3 players, and tablets were taken in nearly half the reported burglaries in the city.

There are a number of explanations for this trend. Personal tech gadgets have a good resale value and will fetch more money when fenced. And many thieves will steal a smartphone or iPad simply because they want one.

The smartphone and the iPad are the new wallets and purses, yet imagine if you sat on a busy subway with your wallet held close to your ear for everyone to see, while at the same time your mind is already home and sitting down to dinner? That’s just too much of a temptation for opportunist thieves.

But more thieves are turning to gadget theft as a way to steal the owner’s identity. Your phone alone could be a treasure-trove of information that thieves can use to piece together your identity, including:

• Personal and family information, including names and addresses, contained in email and texts.

• Personal, family, and work phone numbers

• Work information including computer logins and passwords.

• Financial information and financial apps.

• Location information that can tell the thief where you go and where you hang out.

• Downloaded books and music that clues the thief into your musical tastes.

• Photos of you, your friends and family that can help the thief identify you or impersonate you.

And while there are moves towards a national standard that will instantly disable a phone or device so it can’t be used with any carrier, thus turning into little more than a sleek brick, thieves are easily able to replace a SIM card in a phone and being using it immediately.

In a recent blog on CIO magazine, security writer Tom Kaneshige spoke about how as he sat on a train in San Francisco he got the eerie feeling that two passengers, aged only around 10 or 11, were paying just a little too much attention to him and his phone as they worked their way down the carriage in his direction. He trusted his instincts and put the phone in his pocket, and turns out he made the right decision. Minutes later the two kids snatched a phone from the ear of a passenger and dashed away into the rush-hour crowd.

As he said in his blog “Smartphone owners bury their noses into phone screens and plug their ears with earbuds, making themselves easy targets. Lost in our own virtual smartphone worlds, we’re just not aware of our surroundings anymore. Can you ask for a better victim profile?”

He added “As the holiday shopping rush ramps up, smartphone owners will be whipping out their phones more than ever. Smartphones in crowded places are becoming a common sight, as holiday shoppers tap the power of apps to keep track of Christmas gifts, get directions, compare prices, check into bars and restaurants.”

If you don’t want to gift your favorite phone to a complete stranger over the holidays, here are a few tips to keep in mind:

• Less is more. If you don’t really need to use your device in a public place, or you’re just bored, put it in your pocket and find some other way to distract yourself.

• Eyes up. If you’re using a phone or tablet on a train, a bus, subway, or park bench, keep an eye on the people around you so you’re not surprised by a quick grab-and-dash.

• Be especially vigilant if you’re on your phone on a busy street. It’s no uncommon for thieves to run past a target, snatch the phone from their ear and disappear back into the same crowd.

• Keep as little personal information as possible on your phone. Here’s a revolutionary idea – use the phone as a phone, and not a portable data locker. If your phone is stolen, your life doesn’t go along with it.

• Consider using one of the growing number of free apps, like Lookout, that will backup and restore your phone’s contents, disable your phone, and even help locate it if it’s stolen.

Keep informed about the latest threats to your safety. Join our Facebook group.

• Children are 51 times more likely to have their identity stolen than adults
• The average debt of child identity theft victims is over $12,000
• 70% of thieves use child ID for credit card/loan fraud, while 23% use it for mortgage/utility fraud.

Check out our infographic – how much is a child’s identity worth.

Protecting your children is more important than ever. Learn more about child identity theft protection.

Experts Provide Tips on Avoiding Credit Card Skimmers: MyFoxDC.com

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

As a result of numerous complaints from a number of privacy advocates and organizations, the FTC finally launched its own investigation into Facebook’s privacy claims and failings. According to the FTC’s own statement, which announced the settlement on November 29th 2011, Facebook allegedly made many promises that it did not keep:

• In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

• Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

• Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

• Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

• Facebook promised users that it would not share their personal information with advertisers. It did.

• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

• Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Speaking about the issue on his Facebook page the very same day, Facebook founder Mark Zuckerberg insisted that “Overall, I think we have a good history of providing transparency and control over who can see your information. That said, I’m the first to admit that we’ve made a bunch of mistakes.”

At the same time he announced the appointment of two privacy officers – reminds me of Sony’s announcement that after more than half a century in business it finally decided it would be a good idea to hire a head of security, only after hackers stole nearly 100 million user accounts. Better late than never, I suppose.

The settlement requires that Facebook can no longer conduct business as usual when it comes to privacy, cannot make any further deceptive privacy claims, and must get users’ approval before it changes the way it shares their data.

Specifically, under the proposed settlement, Facebook is:

• barred from making misrepresentations about the privacy or security of consumers’ personal information;

• required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

• required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

• required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

• required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

It doesn’t look like Facebook has to pay any fines or suffered any other punishments. It’s simply on privacy probation for at least the next 20 years.

Read the full statement from the FTC.

To keep up to date on Facebook privacy issues, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

As the busiest season for identity thieves approaches, one of the greatest vulnerabilities for all consumers will be their incoming mail. Mail is a magnet for identity thieves because it usually contains all the ingredients to commit anything from simple fraud to full-out identity theft. And all that priceless information is usually left right at the side of the road for any thief to simply pluck from your mail box.

When an identity thief looks down a street, he or she sees no one watching or protecting the stacks of personal information lining both sides of the streets. Hardly surprising that mail theft is one of the most lucrative forms of identity theft and the most popular for low level or novice identity thieves.

And these thieves know that the Holidays always bring with them a treasure-trove of personal information, and especially financial statements. Mail theft has become so lucrative it’s almost an organized crime with professional mail gangs actively roaming neighborhoods looking for unattended mail that they can grab, run, and sell to other thieves. And we’re already beginning to see a seasonal spike in this kind of crime. Just recently, police in the Northern California city of Chico discovered that mail thieves had ransacked more than twenty seven mail boxes in one spree. And stories like that are now cropping up all around the country.

But it wasn’t on some dark street in an isolated neighborhood under the cover of night. The brazen attack was actually at a Post Office, in plain sight where thieves crashed through a plate glass window, emptied all the mail boxes and sorted out the valuable from the valueless right there on the post office floor.

And some thieves will stop at nothing to get their hands on your mail. One thief was recently charged with hiring two women to attack a postal employee so they could steal the master key he used to open mail boxes. In a vicious assault the thieves actually tazed the postal worker.

So what can you do to protect yourself?

• Collect your mail every day as soon as it arrives.

• Never leave mail out in your mail box to be collected. That’s quite literally a red flag for thieves.

• Consider switching to online banking and bill paying. Most experts believes that online banking is much safer than traditional banking, and by going paperless with your bills and statements you can dramatically reduce the amount of information thieves can steal from you.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In yet another sign of the heartlessness of many identity thieves, there is a worrying growth in identity theft scams that target the sick, the terminally ill, and even the dead.

A recent case highlights just how unscrupulous many thieves can be. A couple of estate planners were recently accused of swindling more than $20 million out of a variety of insurance companies by stealing the identities of elderly and terminally ill victims. The individuals were alleged to have forged signatures and other documents that allowed them to purchase a type of death benefit in the victim’s name. When the victim passed way, the thieves were able to collect on the benefits.

The thieves were so confident they could make money from the scam; they found their victims by placing ads in local Catholic newspapers offering a $2,000 charitable gift to terminally ill patients. Once they had made the introductions and gained their trust, the thieves stole the identities of their victims and began defrauding insurers.

Not only do thieves prey on the elderly and the sick, they also prey on the dead. And stealing from the dead can be very lucrative. I wrote recently about Operation Rainmaker, where street-level drug dealers in Florida managed to swindle the IRS out of more than $130 million by filing false tax returns using the identities of dead people they found on web sites like Ancestry.com

What many people don’t know is that as soon as you die, your Social Security number becomes publicly available. It’s called the Death Master File and is a database maintained by the Social Security Administration (SSA) that includes details on most deceased Americans. And for some strange reason that includes their Social Security numbers. According to a recent statement by the SSA, a court ruling in 1980 requires them to publish these numbers, even though they admit they know it leads to identity theft.

The Death Master File is used by a variety of organizations, including financial institutions to detect fraud and even genealogists to conduct research. But there’s growing concern that it can also be abused by identity thieves. And for obvious reasons – it contains more than 87 million personal records that include names, addresses, dates of birth, and Social Security numbers.

The Huffington Post recently ran a story about the tragic death of a four-year-old girl who lost a valiant battle with brain cancer. While her family was still grieving her loss, they discovered that thieves had stolen their deceased child’s identity using information from the Death Master File. Someone had simply fraudulently claimed their dead daughter as a dependent and no red flags had been raised.

And while there are calls to make this massive database of personal information off-limits to the public, few experts see any real changes any time soon. This is another of the many reasons why identity theft is such an unusual crime, and one of the few that can follow you beyond the grave.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

According to a recent article in CUInfosecurity.com, risk is the top concern as consumers consider moving their accounts from larger banks to credit unions or community banks. The article points out that at least 650,000 Americans have switched to credit unions since Sept. 29, 54 percent of credit unions have reported increases in share growth, and one of the largest credit unions said its new members and checking-account openings are up 70 percent for the months of September and October.

And credit unions aren’t alone. The same article pointed to a recent poll by the Independent Community Bankers of America which found that 60 percent of community banks had picked up new customers as a result of frustrations associated with larger banks.

If you are thinking of switching from a larger financial institution, or from a bank to a credit union, security should always be a concern. Once you’ve done a side-by-side comparison on key features like account fees and features, loan and credit card interest rates, ATMs locations and fees, and customer service, it’s time to think about security.

There is a concern that many smaller financial institutions are still struggling financially, and may not have enough of a security budget to match that of a larger institution. And if they’re lucky enough to be swamped by new customers, will their security budget and preparedness be able to keep pace?

Those are the most common security questions. Can a credit union really protect me – not just my money but all my personal information too? How good and quick are they at detecting a security breach and notifying me? How quickly can they resolve a security issue or fraud? And will my money be any safer there than at a large bank?

Credit unions have long argued that history shows they suffer from fewer attacks than larger banks. Experts on the other hand have argued that’s only because of their small size. It’s like the Windows vs. Apple argument – Apple users claim Apple products have suffered from fewer attacks because they have better security built in, whereas experts argue it’s just about economics. Hackers and malware writers simply ignored Apple for years because it had so few users compared to Microsoft. Writing code to target Apple products just wasn’t economically viable – just not worth the time.

But as the popularity of Apple products has surged, thanks to iPhone and iPad, we suddenly started to see “Mac Malware” emerge and the malware authors just followed the crowds.

That’s what I expect if there’s a major shift from larger banks to smaller and more local banks and credit unions. The hackers will follow the crowds and I’m just not sure that smaller financial institutions are prepared for the risk exposure. Many are still struggling financially and have not been able to make the enormous and endless security investments the bigger banks have been making.

My recommendation? Before you make the big jump, talk to the financial institution you’re thinking about jumping to. Create a list of the security features you may already enjoy, like two (or more) factor authentication, phishing and keylogging protection, account alerts etc. Then compare that to the security features being offered by your new home. At least with a smaller financial institution you’re more likely to be able to meet a real person and get some real answers.

And make the move slowly, by opening up an account with credit union or bank but keeping your original bank account open for a while. At least until you’ve had time to test your new surroundings.

I think credit unions and community banks should also raise the security discussion themselves. Larger banks are notorious about staying tight lipped when it comes to security, worried that the more they talk about things like identity theft, the more their customers will worry. Whereas the opposite is probably true – talk more and customers worry less, because they know the bank is taking it seriously. Talk less and customers have a right to worry more, if the only people who don’t seem to be worried about security are the ones who should be worried most.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

A recent report from security firm Panda Labs found that in the last three months alone it has detected more than five million new types of malware. That works out to an average of one new type of Trojan, virus, and other malicious program discovered every 1.5 seconds.

Because of the way most anti-virus programs work, once a virus is discovered the anti-virus companies have to rush to write a piece of code or signature that must then be downloaded as quickly as possible by billions of users around the world in order to keep that particular piece of malware out.

That means that many of these viruses can easily make their way on to unprotected computers before the programmers have time to push out the updates. And with many anti-virus companies struggling to grow their profits, it could mean that as malware grows in volume and sophistication, anti-virus companies may have to spend less on updating their software.

And if you don’t believe in such perfect storms, take a close look at the identity theft wars. As identity theft continues to grow, and become more sophisticated, cash strapped police departments no longer have the resources to investigate these crimes. Which only encourages and emboldens more thieves.

The Panda Labs report seems to support this notion. The most powerful and dangerous type of malware, and the type most favored by organized crime for its ability to steal passwords and break into bank accounts, is the Trojan. And according to Panda three out of every 4 new types of malware discovered in the last three months was a Trojan.

Which probably explains why Trojans were responsible for the majority (63%) of infections in the last three months. Trojans are very efficient bank robbers, and the payoff can be enormous. Two cybercrooks from the Ukraine were just sent to prison in the United Kingdom after they were convicted of using exactly this type of malware to steal more than $4 million from bank accounts in just six months.

On a related note, the Panda Labs report also found that the countries with the worst infection rates were China, Taiwan, and Russia. In China, for example, it’s believed that more than half of all PCs are infected by malware.

And traditional attacks like phishing are not going away. Within days of a warning by the American Bankers Association of an unexplained spike in phishing attacks, security researchers had identified a new type of phishing attack that looks like it comes from a well-known bank and offering recipients $35 to complete an online survey.

According to security firm Sophos, the email asked for so much highly confidential information it should be a warning sign. According to Sophos, the email questionnaire asked for:

• Social Security Number
• Card number
• Card expiration
• CVV
• ATM PIN
• First, Middle and Last name
• Email (ironically they mailed you the form)
• Address
• Mother’s maiden name
• Place of birth
• Birthday

And an increasingly common way to spread phishing emails and infect users with this kind of malware is trusty old spam. The irony is that much of the spam in circulation today comes from the computers of innocent users. Spammers use botnets to infect unprotected computers and use them to relay spam to other users. And unfortunately, it appears that the United States still holds the top spot when it comes to relaying spam.

The bottom line? The easiest way to lose a battle is to just walk off the battlefield. As many companies and industries struggle just to survive, they’re cutting back on security. According to this year’s annual Global Information Security Survey, conducted by PricewaterhouseCoopers, nearly 10,000 executives around the world were asked about their plans to make security a priority. Sadly just 11% said that they planned to make data protection a top priority.

Cyber-crooks are taking full advantage. Not only are they developing even more sophisticated malware, they’re deliberately overloading businesses and consumers with so many attacks, something has to give.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

One of my greatest identity theft fears has been the involvement of other criminals in identity theft. By that I mean criminals who have traditionally focused on other crimes, like burglary, switching to identity theft because they realize that identity theft is a much better business opportunity and career path for them.

We do know that burglary and identity theft are already connected, because most burglars realize that a stolen Social Security number or birth certificate is worth far more than a stolen TV or jewelry. Not only is personal information worth more, it can be sold over and over again, and there’s far less risk of being caught. And of course drugs like meth have long been associated with identity theft, in part because in the early days of identity theft the chemicals used to wash stolen checks were also a key ingredient in the synthesizing of meth.

But what if more organized criminals, like street gangs or drug dealers, realized that there was more money to be made in identity theft than selling drugs on street corners? What if they switched business and moved en masse into identity theft? It could spark another massive escalation that would be very hard to stop.

Well, it seems that my worst fears are being realized. A few weeks ago I wrote about Operation Rainmaker, an identity theft scheme busted by law enforcement in Florida. The thieves may have netted as much as $130 million by using stolen identities to file fraudulent tax returns. The most disturbing part, apart from the fact that the thieves managed to pull off such a massive heist so easily, was that the thieves were street level drug dealers who took courses in how to use the internet to commit identity theft.

They realized that if they just learned some basic skills they could make much more money, with much less risk, if they focused on identity theft over drug dealing. Drug dealing is hard work and brings a lot of risk, from arrest to death. And the dealers almost always have to rely on other people – the distributors to provide them with the drugs, the sellers on the streets to move the “product,” and of course customers willing to buy from them instead of their competitors.

But with identity theft these dealers don’t need anyone else. They can commit the crime themselves from the comfort of their own home, there’s a lot less risk, and they don’t need partners or suppliers. Unless of course you count the stolen identities they exploit.

If more drug dealers come to the same conclusion, if could be good news for the fight against drug use but terrible news for identity theft. And signs are other criminals are catching on. According to an analysis just released by the FBI, “gangs are also engaging in white collar crime such as counterfeiting, identity theft, and mortgage fraud, primarily due to the high profitability and much lower visibility and risk of detection and punishment than drug and weapons trafficking.”

And according to the National Gang Intelligence Center (NGIC) many gang members are now using the Internet for identity theft, computer hacking, and phishing schemes. Earlier this year, law enforcement officials arrested dozens of members of the Armenian Power gang on a variety of charges that included including a $2 million credit card scam and a large-scale check fraud scheme.

The FBI estimates that there are around 33,000 known gangs in the United States, with nearly 1.5 million active members. If these gangs start moving seriously into identity theft and other frauds, there’s no telling how bad identity theft will become. And especially with law enforcement already stretched to the limit.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

If, like me, you’re one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.

Researchers at universities in New York, France, and Germany plan to publish a paper called “I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.

The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.

Here’s just an example of some of those risks:

• When person A calls person B using VoIP, person A is able to determine person B’s IP address, and perhaps even their location and the name of their ISP.

• Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know – there’s no ringing or pop-up window.

• An attacker can make some of these attacks even when they’re not on the other user’s contact list and even when they’ve been blocked from that user’s list.

• By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.

• Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.

In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user’s daily activities even if the user had not turned on Skype for 72 hours.

According to their press release “In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. ‘If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.’”

The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.

Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites – because it’s where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.

And apparently it’s not just Skype that’s vulnerable but many other VOIP services. The authors of the report claim that “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

We have written about the growing problem of child identity theft. So today, we have taken an important step in the fight against child identity theft with the launch of our child identity theft protection service kID Sure(sm). In our video today, Intersections’ product manager Lindsey gives us an overview of the kidSure service and how it works.

Learn more about kIDSure.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

It’s October again and you know what that means. No, not just Halloween, although some of the stuff out there is beginning to get scary. It’s also National Cyber Security Awareness Month and a great time for you to review your security, take a close look at your personal habits, and make some of those changes you might have been putting off.

October should be “take another look” month because it’s a great reminder for you to take another look at some of the stuff you might be taking for granted.

Take another look at Facebook

• Have you changed your password recently? If not, do it now.

• Have you removed any personal information that might help a thief learn more about your background, like where you grew up, went to school, date of birth etc.?

• Have you hidden your mobile phone number on your Facebook page? Your bank may use that number to send you alerts and you don’t want thieves intercepting those alerts.

• Have you revisited your privacy settings lately? Because Facebook changes so much, you should check your settings regularly to make sure they’re still doing what you expect them to. Network World has a great slideshow entitled “Facebook Privacy: 11 settings to revisit now.”

Take another look at your computer and device security

• When was the last time you updated your anti-virus software, and is it set to automatically update?

• Have you checked that your anti-virus program is actually in place and turned on? Make sure that it wasn’t disabled accidently by another user or family member, or even by malware.

• Are you protecting valuable information on your computer or laptop with encryption? It’s a great defense against theft and hackers.

• Have you removed any apps from your phone and tablet that you don’t really need?

• Have you installed security software in your smartphone or tablet? Don’t forget that these devices can be just as vulnerable as your computers.

Take another look at your credit reports

• When was the last time you checked your credit reports? If it’s been more than three months, it might be time to check them again. Check your reports free at www.annualcreditreport.com.

• Are you using IDENTITY GUARD®? IDENTITY GUARD® provides one of the most comprehensive collections of security tools to protect your identity from all kinds of attacks and it works best if you take advantage of all its great features.

Take another look at your browser

• Have you updated it lately or set it to automatically update?

• Have you looked at the security of add-ons and extensions to your browser, and uninstalled extensions you don’t need?

• Have you thought about switching or upgrading to Internet Explorer 9 or IE 9? It has a host of new security features that can provide almost as much protection as desktop security software.

Take another look at your kids

• Are they on Facebook? If they are, have you talked to them about dangers and precautions?

• Have you created your own Facebook page so you can friend your kids and keep an eye on them?

• Have you set rules for what they can’t say and send on their phones and computers?

• Have you moved family computers to a family area – meaning no computers where you can’t see them?

Take another look at your passwords

• Have you changed the most important ones lately, like bank accounts, email, and Facebook?

• Have you moved from passwords to passphrases, to make it easier to create and remember complex passwords?

• Have you started using a password manager to keep all those passwords in a safe place?

• Have you talked to your kids or employees about changing and protecting their passwords?

Take another look at your bank accounts:

• Do you have a password management system, like ID Vault® or an anti-keylogger such as PRIVACYPROTECT®, on your computer to protect your bank logins and passwords from thieves?

• Have you opted for e-statements instead of paper statements, to protect your statements from being intercepted in the mail?

• Have you set up account alerts so that your bank or credit union can immediately notify you of any payments, transfers, or withdrawals?

• Have you changed your bank account password recently?

• Have you checked your statements for any unusual transactions?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Could corporate spies be stalking you?

It’s been more than thirty years ago since I followed a surge in corporate spying in Ireland, where corporate thieves were being paid small fortunes to steal data from businesses, tap telephones, and even break into offices.

Fast forward thirty years and while the game remains the same, the players and tools have changed. And there’s clear evidence over the last few years that criminals, corporations, and governments around the world are targeting employees who may be careless with what they say or how they guard corporate secrets.

In a recent story in the Washington Post, business travelers heading to China were warned not to bring with them anything that might give competitors a competitive advantage. The Post warned that China, Russia, Israel and even France were hotbeds for corporate espionage, in many cases sanctioned by their own governments in an effort to give home-grown companies a competitive or technical advantage.

According to the Post “Travelers there often tote disposable cell phones and loaner laptops stripped of sensitive data. Some U.S. officials take no electronic gear. And a few corporate executives detour to Australia rather than risk talking business in a bugged Chinese hotel room.”

Corporate and personal data are the new world currency and the thieves will stop at nothing to get their hands on whatever data you’re carrying. As far as thieves are concerned, everyone has as story worth telling and data worth stealing. If they can’t use it themselves, they can still make money selling it to someone else.

And there have even been reports of governments placing bounties on the laptops of senior executives of a long list of companies, paying handsomely for any who steals and turns over these laptops.

The risks are two-fold: that in an effort to steal company data from you while you’re travelling, the thieves end up with your personal information and identity; and you become the unwitting backdoor through which corporate spies steal invaluable data that could do serious damage to the company you work for.

American identities are considered especially valuable on the black market because, in spite of the recession and credit crunch, it’s still relatively easy to access credit lines quickly if you have the basic identity information of the victim.

Here are ten ways you can protect your personal and employer information from the sticky fingers of cyber spies.

1. Travel “data light.” Take as little sensitive information with you, both corporate and personal. It means less for you to guard and worry about, and less harm if you fall victim.

2. Encrypt everything. Encryption is the best and easiest way to protect data that has been lost, stolen, or accessed by malware. Without the proper key the data is useless to the thief.

3. Watch your laptop like a hawk and turn your back on it down for a moment.

4. Think twice about using free Wi-Fi networks when travelling, and especially at conference venues and your hotel room.

5. Avoid bringing thumb drives with you or transferring information from your laptop to thumb drive when travelling.

6. Treat your smart phone like it’s a laptop and take as many precautions as possible. Store as little information as possible on it, use the password locking feature, and don’t leave it lying around.

7. Make sure you make regular online backups of everything that’s on your laptop and phone. If they’re lost or stolen, at least you’ll still have an accessible copy.

8. Practice safe computing. A common way to steal data and breach security is to target busy employees with emails, text messages, and Facebook messages that hide dangerous Trojans and other malware. Always be vigilant when clicking on any link or opening any attachment, but give everything double scrutiny and skepticism when you’re travelling.

9. Don’t leave files or data storage devices in your hotel room. Carry everything with you, even if it’s a little inconvenient.

10. Consider using a laptop or smartphone tracking system. It can help locate a lost or stolen device.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The title of this article could just as easily have been “How to make half a million bucks a month from the comfort of your computer.” I was reading recently about how a twenty-something hacker from Russia managed to steal more than $3.2 million in just six months simply by pushing out malware designed to sneak on to unprotected computers, steal banking passwords, and empty bank accounts. His efforts paid off to the tune of around $17,000 a day, give or take.

The hacker goes by the nickname Soldier, and according to research by security firm Trend Micro, he managed to infect more than 25,000 computers in the three months leading up to June of this year using a malware toolkit that is freely available on the internet.

His success, at infecting so many computers and making so much money in such a short timeframe, should be a warning to every consumer to be ever vigilant when it comes to online banking. Soldier is one only of probably thousands of hackers using the same or similar crime kits to plunder online bank accounts.

So if you want to avoid being Soldier’s next victim, here are some simple tips to beef up your defenses.

1. Lock down your computer. Every computer should be protected by multiple layers of security, including anti-virus and other malware protection, encryption to protect your data, browser security to steer you away from malicious web sites etc.

2. Beef up your passwords. Weak passwords are your worst enemy – make them strong, random, and original. No sense in creating one strong password and then using it for every web site you know.

3. Sign up for alerts. Most financial institutions provide email or text alerts when certain things happen with your account – a transfer is attempted, an ATM withdrawal is made, or a check more than a certain amount is presented. Sign up for these alerts because they can be your earliest warning that something’s not right.

4. Be very careful with the apps you use. Apps are great, especially if they’re free. But apps are the wild west of security, with little control over who makes and sells them, and how securely the code is written. So use as few apps as you need and only from trusted sources.

5. Think twice about mobile banking. While banking from your smart phone sounds like a great idea, it’s still in its infancy and new security holes are being discovered daily. If you’re not completely confident about the security of your smartphone, stick to doing your online banking from a computer you do trust. Or at least trust a little more.

6. Don’t access your bank account over a public Wi-Fi network. It’s very easy to snoop on any computers using Wi-Fi networks in places like coffee shops and hotels. So much better to wait until you get home before checking your balances or paying bills.

7. Limit access to your computer. The fewer people who have access to your computer, the less risk you have of compromise. So it might be smart to ban family members from using the computer you use to bank online. That way, you won’t be at risk from their mistakes or bad habits.

8. Consider using a separate computer just for online banking. That’s the advice of the security expert who discovered the first banking Trojan a couple of years ago. If you use a separate computer just for online banking, you reduce the risk of malware sneaking on to your computer through drive-by downloads, infected attachments etc.

9. Use a keylogger prevention system, like PRIVACYPROTECT® which comes free with your IDENTITY GUARD® TOTAL PROTECTION(SM) membership, to protect your passwords from being snooped upon. Keyloggers are able to sniff and steal logins and passwords by monitoring what you type on your keyboard, but products like ID Vault allow you to bypass the keyboard and enter your login credentials using a virtual keyboard instead.

10. Take Facebook security very seriously. It’s not only an easy way for thieves to deliver the kind of malware that can steal your bank account login and password, it’s also a great way for thieves to find the answers to the most common “secret” questions – like the city you were born, your first pet, favorite teacher, and mother’s maiden name.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Is the cybercrime business really bigger than the drug trade?

That’s the claim (sort of) of an eye-opening report recently published by Symantec. According to the Norton Cybercrime Report 2011, the global cost of cybercrime was nearly $388 billion last year. That number is made up of $144 billion in direct financial losses by victims, and another $274 billion in losses due to lost time and other indirect costs as a result of the attacks.

Norton then compared that to a number of United Nations World Drug Reports over the last few years that pegged the black market for marijuana, cocaine and heroin combined at $288 billion, coming to the conclusion that the global cost of cybercrime exceeded the drug market.

Hard to argue with, except that many media outlets have been reporting that Norton’s study claims that cybercriminals make more money than drug distributors. Which is obviously not the case, at least not yet – the report claims that victims lost $388 billion in direct and indirect losses but not that the crooks actually made that money.

But I’m sure it’s only a matter of time before the profits from cybercrime, and especially identity theft, exceed those from the drug trade. Just recently I spoke at a security conference for law enforcement where we discussed a recent case in Florida called Operation Rainmaker, an identity theft and tax fraud scheme that netted street level drug dealers more than $130 million simply by switching from dealing drugs on street corners to committing identity theft with laptops.

Here are some of the other findings of the report:

• More than two thirds of online adults (69 percent) have been a victim of cybercrime in their lifetime.

• Every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.

• 10 percent of adults online have experienced cybercrime on their mobile phone.

• Increased social networking and a lack of protection are the main culprits behind the growing number of cybercrime victims.

• Men between 18 and 31 years old who access the Internet from their mobile phone are most likely to be victims.

• Globally, the most common – and most preventable – type of cybercrime is computer viruses and malware, with 54 percent of respondents saying they have experienced it in their lifetime.

• Viruses are followed by online scams (11 percent) and phishing messages (10 percent). Earlier this year the Symantec Internet Security Threat Report, Volume 16, found more than 286 million unique variations of malicious software (“malware”) compared to the 240 million reported in 2009.

• Forty-one percent of adults indicated they don’t have an up-to-date security software suite to protect their personal information online.

• Less than half review credit card statements regularly for fraud (47 percent), and 61 percent don’t use complex passwords or change them regularly.

Read the full report for more findings from the Norton Cybercrime Report globally and by country.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

It was addictive. Just like the dope they once sold on the streets, if not more, according to the story in the Seminole Heights newspaper. “The scheme is extremely simple but extremely lucrative,” said the U.S. Secret Service Special Agent in Charge.

They were talking about Operation Rainmaker, an identity theft scheme that was so easy and so lucrative it persuaded drug dealers to abandon their age-old trade and turn instead to identity theft instead. The operation got its name from law enforcement simply because of the vast amounts of money thieves were able to rain down on themselves – about $130 million in fact.

Authorities were only tipped off to the scheme when tax payers began to file complaints that when they went to file their own taxes, they found someone else had filed using their name. And that was the core of the scam.

Here’s what they discovered. The thieves were using public sites like Ancestry.com to assemble the identities of the living and the dead, and were also buying complete identities on the black market – something that’s surprisingly easy for anyone to do.

Once the thieves had assembled enough information about an individual, they used off-the-shelf tax return software like Turbo Tax to file fraudulent tax returns. And that was probably the easiest part of the entire scam. The IRS is unable to thoroughly review or cross-reference every single tax return they receive, or spot any red flags like a sudden change of a taxpayer’s address. And if the amount of the return is under $10,000, it rarely gets scrutinized.

So naturally the thieves kept their returns under the $10,000 threshold and then sat back and watched the IRS rain money down on them. That money came in credit cards or checks issued by the Treasury and sent to a variety of homes, some of them vacant, or deposited electronically into bogus accounts.

Once they had their hands on the funds, the thieves would go on spending sprees. The scheme was so lucrative and widespread, authorities in the area said they noticed a significant reduction in street-level drug dealing. According to the story, informants told police that local drug dealers quickly realized that identity theft was a much more lucrative and safe line of business.

As soon as authorities got wind of the scheme, they assembled a task force that included police and Sheriff’s departments, the United States Secret Service, the United States Postal Inspection Service, State Attorney’s Office, and the United States Attorney’s Office.

But in spite of all the evidence they had gathered, authorities had trouble in filing charges of tax fraud because the IRS refused to share the records they had – apparently the IRS protects the personal information of thieves who are caught committing tax fraud.

Nearly fifty people have been arrested so far, and here’s exactly how law enforcement laid out the multiple steps in this bizarre criminal enterprise:

• Create Fake Identity

• Suspects search the web to find identities of deceased or living victims.

• Defendants buy large volume of identities from suspects who are stealing names and social security numbers from businesses, medical facilities or prisons.

• File Fraudulent Tax Return Online

• Suspects use multiple electronic filing programs including, Turbo Tax, Tax Hawk and Tax Slayer. Turbo Tax is the most commonly used.

• Suspects refer to this tax scam as “doing drops.”

• Request Refund on Green Dot Card, Treasury Check or Direct Deposit

• Suspects have refunds sent to vacant homes, another suspect’s home or an innocent bystander’s home and then intercept the mail.

• Defendants open fraudulent bank accounts to receive direct deposits.

• Cashing in the Refund

• Suspects withdraw money from ATM’s.

• Buy large ticket items or money orders at legitimate businesses.

• Suspects launder the money through illegal businesses.

And apart from how easy it was to pull of the scam – if they’d stuck to victimizing dead people they might never have been caught – the most worrying part of the story is how drug dealers and other criminals are turning away from traditional crimes and to identity theft. And with so few investigations, arrests and prosecutions for identity theft, what have these crooks to worry about?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

One thing we know about hackers and identity thieves is that they always follow the crowds and the data, and as more people use laptops and tablets to run the personal and professional lives these devices are a major target.

And with so many Android tablets now on the market, Android-powered tablets could be exposed to the very same risks as Android-powered smart phones. A recent report by McAfee found a huge spike in Android malware, and Android devices were the top mobile target for scammers.

Laptop theft and loss are far more common than you might think. Research firm IDC reports that around 90% of U.S. firms have reported losing laptops. And the makers of the LoJack laptop recovery service claim that a laptop goes missing about every 50 seconds.

And the loss of a laptop or tablet can be devastating for your employer and your workplace. According to Data Loss DB, a research project aimed at documenting known and reported data loss incidents and data breaches world-wide, more than 30% of data breaches were the result of a lost or stolen laptop, mobile phone, or other portable media device.

So here are some simple reminders of the steps you can take to protect your device from theft and its consequences.

1. Encrypt it! This should be the fundamental rule for every laptop, and many experts argue that all laptops should be encrypted by default. Encryption locks either the entire hard drive or specific folders with an unbreakable code. So if the laptop is lost, the data is safe.

2. Use strong passwords. The next best layer of security after encryption is the password, and while a determined thief might be able to get past your password, it’s still a powerful defense. So make sure that your laptop is set to request a password every time you want start or use it, and make sure it’s a very strong password.

3. Don’t use a laptop case – it’s a bright red flag to thieves that you’re carrying a laptop. Most laptops and tablets are small enough to carry in a briefcase or backpack.

4. Be careful using Wi-Fi – because they’re supposed to be accessible to the public, Wi-Fi networks are also easily accessible to hackers and eavesdroppers. So if you have to use a Wi-Fi network in a public place like a coffee shop or hotel, don’t use it to access anything sensitive like your bank account.

5. Don’t use your laptop to store or move sensitive information. If you lose it, you only have to worry about the value of the device itself and not the harm the thief can do with it.

6. Treat it like a desktop computer. Make sure you always have layers of up-to-date security, including firewall, virus protection, browser security, keylogger protection, and all the other security software that you would expect on a desktop.

7. Don’t forget tablet security. I’m amazed to see how many people are not aware that there are anti-virus programs available for Android tablets. They’re still pretty rudimentary, in part because tablets don’t have the processing power for conventional anti-virus software. But there are a growing number of tablet security solutions available.

8. Use a tracking and recovery service – services like YouGetItBack.com and Computrace will help you track and recover your laptop, tablet, or smartphone, and often for just a couple of bucks a month.

9. Spare the apps – don’t download endless apps just because they’re cool or free. Only download apps you really need and make sure they’re from trusted sources.

10. Most important of all, be careful where you leave them. Laptops and tablets have become such a familiar accessory, often times they get left behind – at hotels and bars, in taxis, at airports. According to an article in PC World, LaGuardia Airport in New York reports that more than 70,000 laptops and PDAs have been left behind by passengers. Just because they’re portable doesn’t mean they’re forgettable.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

There is a growing collection of guides, web sites, and even Facebook pages devoted to the evolving topics of Facebook security, safety and privacy. And for good reason. In spite of all Facebook’s efforts to keep their users safe, Facebook is still a haven for all kinds of scammers and scams just waiting for careless or busy users to slip up.

The latest arrival is a concise 14-page guide from Facebook and authored by a team of writers with a mixed background of internet safety, online security, and teaching. It’s called “Own Your Space: A Guide to Facebook Security 13 Top Tips for Staying Secure on Facebook” and you can download the complete guide from the link below. If you’re not familiar with the basics of Facebook security, I strongly recommend that you download and use a copy. And especially if you have kids who are already on Facebook or plan to be soon.

Here’s what the authors of the guide offer as their top tips for staying safe – print them out, keep them close, and consult them often:

• Only “Friend” people you know.

• Create a good password and use it only for Facebook.

• Don’t share your password.

• Change your password on a regular basis.

• Share your personal information only with people and companies that need it.

• Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.

• Use a one-time password when using someone else’s computer.

• Log out of Facebook after using someone else’s computer.

• Use secure browsing whenever possible.

• Only download Apps from sites you trust.

• Keep your anti-virus software updated.

• Keep your browser and other applications up to date.

• Don’t paste script (code) in your browser address bar.

• Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.

• Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.

• Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

And remember, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

A couple of weeks ago I was reading a blog in a well-known computer magazine where a retired police officer was discussing what in his experience were the top ways thieves can steal your identity. I was surprised to see at the top of the list things like skimming, dumpster diving, and Nigerian 419 scams.

Those are certainly ways you can lose your identity, but they’re far from the most common. And the Nigerian 419 scam isn’t identity theft at all, but simply a con job that preys on the gullible and the vulnerable.

I personally handle dozens of identity theft cases every month, and study hundreds of others. That experience has allowed me to see certain patterns about the types of identity theft we’re seeing, and those most likely to trap victims.

Stolen documents
Documents are the lifeblood of identity theft, and the more documentation thieves can get on their victims, the easier it is to commit the crime.

If you have any of these documents in your home (never, ever, leave these documents in your car), and hide them well:

• Social Security cards
• Birth certificates
• Bank and credit card statements
• Pay stubs
• Any correspondence with the IRS or Social Security Administration
• Tax returns

I’ve seen a growing trend in the use of mobile id theft labs, where thieves have everything in their cars or homes to immediately turn this type of stolen personal information into forged documents, fake checks, and brand new credit cards. In one recent case, an officer told me that when he arrested a mail thief he found more than 60 blank credit cards just waiting to be turned into brand new cards using the stolen information the thief would collect that day.

Mail theft
This continues to be one of the easiest ways to start the process of identity theft. And it’s fuelled in part by the uniquely American tradition of delivering mail to a publicly accessible curb sided mailbox. That’s putting temptation right under the noses of thieves, and it’s such an easy opportunity few can resist. Mail thieves are looking for anything they can use or sell to other thieves, even just your name or address.

Mail theft has become such a lucrative business, a thief was recently charged with hiring two people to assault a mail carrier with a Taser so that they could steal the master key used to open those common area mail boxes.

Data breaches
While it’s not always easy to trace identity theft to data breaches, as consumers we can assume that many identity thefts are as a result of this growing crime.

The numbers don’t lie. Over the last five years there have been an average of one new data beach every single day and as a result more than 500 million personal records have been exposed.

That has given thieves around the world a gold mine mixture of personal profiles, shopping and buying habits, personal family information, passwords, Social Security numbers, credit card numbers, home addresses, personal communications and email, corporate and employee information, health records and so much more.

It’s probably safe to assume that at least some of your personal information is in there somewhere, and thieves have so much of it in their possession it may take them some time to get around to you and yours. But only a matter of time.

Family, friends, and neighbors
The most tragic and upsetting type of crime is one committed by those you’d like to trust, and especially family, friends, neighbors, and co-workers. But I see a constant uptick in this type of crime and often with devastating consequences.

In one case a victim found that an identity thief had been using her identity for a decade, accumulating a long criminal history, multiple convictions, and endless frauds and unpaid bills. The victim was unable to get a driver’s license because the thief had so many driving convictions, and without a driver’s license the victim could no longer cash checks. Her Social Security payments were being diverted, and her disability payments stopped because the thief had been working using her Social Security number.

Turns out the thief was an old family friend, and as a gesture of kindness the victim’s mother had given the thief her daughter’s Social Security number in a good-faith effort to help the illegal immigrant obtain a job.

There are now so many ways that your identity can be stolen, it may be safe to assume that your information is already in circulation or in the hands of thieves. So your focus should be on monitoring your name and your credit around the clock so that you’ll get early warning when those thieves finally make it to you.

That doesn’t mean that you should stop protecting your information in the first place. Security is about creating multiple layers of protection around you, and those layers include prevention, monitoring and response. The more you know how to do these, the easier they become.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.

But it’s been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.

For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.

Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That’s a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.

The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning – manipulating search engine results to drive users to malicious or infected web sites – and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.

There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.

On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.

“Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people—both friends and not—have access to your information,” according to Sophos.

The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.

And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.

Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.

The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple’s success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don’t be surprised if you don’t spot the scam until it’s too late.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Seems like hackers and scammers are not forgetting about Twitter when it comes to spreading malware, junk and scams. For a while there it seemed like Facebook had become the favorite child but a recent uptick in Twitter scams proves that as long as it’s a popular way to share and communicate, Twitter will always be a target.

In the most recent scam, Twitter scammers are circulating spam offering free iTunes gift cards. And they appear to have even gone to the trouble of actually creating accounts for non-existent users so they can make the scam look as real and convincing as possible. Clicking on the link in the message doesn’t get you to your free gift card, but instead of a variety of web sites, some of them dating sites, that request your personal financial information.

That scam came on the heels of another attack where the scammers used compromised Twitter accounts to spam thousands of users with messages about a get rich quick scam. Clicking on the link in that message took users to web sites designed to look like local newspaper, where fake participants gave glowing testimonials about how much money could be made from these work-at-home schemes.

And only a week ago, thousands of Twitter users received tweets from friends promoting the miracle “beach body diet.” Turns out it was just another Acai berry promo but again it appeared as though many Twitter users had their account passwords compromised.

As usual, these attacks have common threads, and one of the most common in a compromised password. These scams work best when the messages appear to come from friends. And that’s usually achieved by hacking the “friend’s” Twitter account by taking advantage of a weak password.

Lessons learned?

• If you haven’t already done so, beef up your Twitter and Facebook passwords. Ideally they should be 8-12 characters, and a random mix of letters, numbers and even symbols.

• Protect your password at all times and don’t share it with others, even for fun.

• Don’t use the same password for multiple web sites. That’s a common practice and makes it much too easy to exploit mistakes.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Tampa Bay Online recently ran a story on what could be a growing problem of identity confusion, a case where a victim is treated like a criminal because the real criminal happens to have the same name, date of birth, and even Social Security number. While there are not too many documented cases, it could be a growing problem simply because of the number of errors contained in public databases that result in inaccurate information.

In this case, a resident of Florida named Fabian Lopez has spent years trying to convince anyone who would listen that he’s not the same person as Fabian Lopez with the same date of birth, but a resident of New Jersey.

According to court records, New Jersey Fabian has an extensive criminal history, including a 1998 charge of lewdness, charges of criminal sexual contact and burglary, failure to comply with conditions of bail, and failure to appear in court.

And it’s that record that seems to have hijacked the life of the victim, including a very public arrest by law enforcement. “This is worse than identity theft,” Lopez said in an interview with Tampa Bay Online. “It’s not that they stole my identity – they’re giving me an identity that’s not mine.” And because of the confusion, the victim in Florida has been unable to obtain a driver’s license. This is especially tough because the victim drives a cab for a living.

In cases like this there’s very little that can be done for the victim. This is not a case of identity theft, so the victim can’t benefit from all the laws and services that are in place to protect victims. If there are errors in a database that incorrectly match a date of birth, Social Security number, or address, these can be fixed, but it’s rarely easy.

But there’s little recourse if the records are accurate. The victim is left with a lifetime of groundhog days, constantly going through the same routine to explain they’re not who people think they are. Even if they’re trying to explain it from a jail cell.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

SC Magazine recently issued a warning about a new approach to phishing that could result in more people falling for a scam that is now more than a decade old. Instead of trying to lure people into clicking on an infected link by pretending to be a bank looking to verify a password, the email pretends to be from a system administrator or other insider and warns the user that their mailbox is full.

Here’s the text of the message:

“Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate – > Click Here: [] Note: Do not send email or Password to any one via email. System Administrator.”

It’s a simple but clever tactic. Clever in that uses a phishing lure that is not often used, so users won’t necessarily have their guard up. And who hasn’t received some kind of email from their IT department warning about an email or other technical issue? The “Click here” part could be anything from the download of some malware, to redirection to a fake page where the thief grabs your email and password.

This is a clear sign that scammers recognize how much better users are at recognizing the traditional, badly-written bank password phishing emails that have now been circulating for years. Time may not be far off when those phishing emails are a rarity, and instead we all have to be much more vigilant for phishing emails that are much harder to spot.

And people are still falling for these scams. A very active phisher who was caught last year just received a 12-year sentence. The resident of Long Beach in California had created a network of fake financial web sites that he lured users to using phishing emails.

He then sold the stolen information, including logins and passwords, to criminals in Romania. These individuals used the stolen identities to set up instant lines of credit, and in less than eight weeks stole an estimated $193,000. More troubling was the fact that nearly 38,000 victims fell for the scam.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

At a recent identity theft training event with law enforcement, one officer commented that he had never seen a crime where so many otherwise honest and trusted people were turning to crime, and for all kinds of reasons. It was a reminder of some of the fundamental and maybe unchangeable reasons why identity theft is such a pervasive theft and such a challenge to law enforcement to combat.

• Identity theft is so easy, anybody can commit it. You don’t need any special skills, and anything you can’t figure out for yourself, you can easily find the answers to on the internet.

• The chances of getting caught and prosecuted are very, very slim. A fact that has probably emboldened many would-be thieves.

• Many thieves still don’t see identity theft as a “real” crime, that their victims don’t really suffer, and that the financial industry seems to be more than happy to absorb the costs without going after the thieves.

And in what could be a troubling trend, most of the cases I’ve come across recently have involved insiders and others close to the victim. And you never have to go far so see just how many different people are turning to identity theft to pay their bills, hide their credit history, or simply live beyond their means.

In one recent case, an employee at a liquor store in Egg Harbor New Jersey was indicted for stealing the identities of nearly a dozen customers at the liquor store where he worked. When customers paid for goods at the store, the employee allegedly made copies of their credit cards by quickly swiping them using a small hand-held skimmer that he kept under the counter.

Over a period of about a month, the employee would then copy the stolen information to another card, make multiple purchases, and then convert the goods to cash by selling them on eBay. And in a similar case in Greeley Colorado, a waiter admitted to copying the credit card of a patron and immediately using it to pay for his groceries, gas, and other expenses.

And in many of these cases the thief can be uncomfortably close to home. In a recent Florida case, a man was arrested for running up more than $5,000 in medical expenses at a number of clinics. The thief admitted to using his friend’s identity in order to get access to prescription drugs.

And even more troubling, a Milwaukee police officer was recently fired when it was alleged that he purchased a Mercedes-Benz S550 using the Social Security number of a seven-year-old. When investigators looked more deeply into the case, they found the police officer had discovered a business in California openly selling credit restoration packages that promised to help fix a customer’s credit for $2,500.

This sounds like the same scam we talked about in previous blogs where online companies sell personal credit profiles to consumers trying to rebuild their credit by hiding their past. In most cases they’re buying someone else’s identity, using it to gain access to credit, and dumping the awful results on the victim when the crime is discovered.

As soon as this particular officer had his new Social Security number, he immediately used it to purchase a Mercedes for a total cost of nearly $80,000.

You don’t have to travel far to become a victim of identity theft. And you don’t have to look far for the next potential thief. Your only recourse is constant vigilance. Shield’s Up!

If you found this article informative, you may also like this article on the topic of child identity theft.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

I often hear from law enforcement that if identity theft victims are reimbursed by their banks or credit cards providers, and don’t lose any money, then they’re not really victims and shouldn’t expect much sympathy. And I also hear from victims that they wish they had lost some money, because if that was their only loss it could put an end to the nightmare that seems to go on forever.

The reality of identity theft is that the cases that involve things other than money are often the toughest on the victim. And that’s especially true when it comes to a stolen or forged driver’s license.

One case I’m currently working on involves an elderly victim in San Diego California who has been fighting to get her driver’s license back for three years. It turns out that a thief had been using the victim’s identity for more than a decade, and in addition to numerous new credit accounts opened, the thief had also racked up DUIs and other traffic offenses using the victim’s license.

According to the victim, the DMV was completely unsympathetic to her plight and her claims that she was the victim. The DMV repeatedly advised the victim that her record could not be cleared or her license re-issued until the identity theft case went through a police investigation and the courts.

Problem is, few police departments or courts are pursuing identity theft cases, and especially the smaller ones. And the victim’s local Sherriff’s department in California had already said they would not take on the case.

So that has left the victim in limbo, unable to drive a car or even cash checks. To add to the victim’s frustration, the thief has been caught and is in jail in Nebraska for numerous identity theft and fraud charges. Law enforcement and the DMV in Nebraska have been very helpful and sympathetic, and have provided letters confirming they have the thief and the victim does not appear to be responsible for the record on her driver’s license.

The California DMV still didn’t budge. And that’s when I got involved. My first step was to go to the California DMV web site to see if there was any information or service that could help in this kind of victim situation. Although this is a very common crime, and compromised driver’s licenses come up in nearly half of all id theft cases I investigate, I could find nothing on the DMV site that would help.

I finally found a number for DMV investigations, and that gave me some hope that at least I might be able to talk to the right people. The first investigator I spoke to was gruff and rude, and didn’t seem to want to help or even talk to me. Instead she gave me a couple of hotline numbers to call. As soon as a hung up the phone I called the numbers she gave me, and they were all out of service. Another dead end.

Undeterred, I decided to call another investigator office, this one closer to the victim’s home. To my surprise, this investigator was even ruder. She refused to answer my questions, constantly cut me off, tried to hang up, and told me she wouldn’t speak to me because I wasn’t a victim.

She asked if the victim has ever contacted the DMV before and I said she had, a year ago, but couldn’t remember who she spoke to or what number she called. Too bad, said the investigator. The victim would need to go back to the first DMV office she contacted and start the process all over again.

Not getting anywhere, I tried another tactic. What if I was just looking for “general” advice on what any victim should do in a case like this? The investigator curtly responded that it wasn’t her job to give out advice. Probably an understatement to say I was a bit steamed by now, so when the investigator tried to give me the same dud numbers her colleague had given me earlier, I demanded she find me a real number to call.

She put me on hold and eventually came back with a number for yet another investigator. I called right away and guess who picked up? Yet another incredibly gruff, rude, irritable and irritated investigator who was no more sympathetic and had no interest in speaking to me.

But he did give me the same advice. He suggested that the victim ask law enforcement in California to investigate the case and let the courts deal with it. Where have I heard that before? So when I mentioned causally that we all know that because of budget challenges law enforcement rarely investigates identity theft, just as in this case, the investigator assured me that I was completely wrong in that assertion and that law enforcement “always investigates identity theft.”

That’s where the discussion ended, but it was the clearest reminder of just how much out of touch the California DMV is with the crime of identity theft and the plight of victims. We’re now going to look at ways we can change this, and maybe encourage the DMV to look into its own investigator training. Even if they don’t learn anything more about identity theft, they might learn about the concepts of courtesy and customer service.

But there was some good news. We were finally able to get the victim in touch with a DMV office that would accept the documentation proving she was a victim, and promised to issue a new license in the coming weeks. Time will tell. But there’s little doubt that the DMV victimized this victim all over again, and for no other reason than indifference.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

1. More accurate understanding of your credit history. Credit bureaus don’t always report the same information. Having all three credit reports will allow you to compare information more accurately.

2. Ability to catch errors. Without ordering all three credit reports, it’s impossible to catch all reporting errors. If you find inaccuracies, make sure to contact the reporting agency directly and file a dispute form.

3. A larger range of credit scores. Since the credit bureaus don’t calculate your score the same, you’ll want to be aware of how they can vary. Reviewing all three credit scores will allow you to better understand how prospective lenders view your creditworthiness.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

140,000 victims of child identity theft each year. That was the sobering and troubling conclusion of a recent analysis by data analysis firm ID Analytics, who reviewed the records of more than 172,000 children whose identities were being protected by a service offered by the firm between April 2010 and March 2011.

The report supports other studies that have found the same troubling trend, as well as a growing awareness in the cybercrime community of the value of child identities and the ease with which they can be compromised.

And some children are obviously more vulnerable than others. In another recent blog, I talked about a story in the Sacramento Bee newspaper in Northern California which reported that of the 60,000 foster children who leave the California foster care system every year, as many as one in every five discovers they have been a victim of identity theft.

Many of these vulnerable kids, who may have already endured years of abuse and disappointment, go out into their adult lives weighed down by debt that belongs to someone else. And in most cases the thieves turn out to be either their natural families, their foster families, and in some cases the professionals being paid to protect them

According to ID Analytics, while the risk for identity theft is still higher for adults, child identity theft can be much more devastating because it can go on for years without being detected or challenged.

The study also found:

• Credit card and wireless activity were the most common problems. 60% of child fraud was connected to credit card abuse, which most of the rest was related to wireless providers – we assume thieves are using stolen child identities to pay for wireless service. This service is then used in many cases to conceal other criminal activities.

• Minors and their caregivers should always take security or fraud alerts seriously, because minors who received an alert were seven times more likely to experience fraud than an adult.

“Child identity fraud poses complex challenges to consumers, businesses and regulators. Unfortunately, minors’ identities are particularly appealing to fraudsters because their personal data is untainted, legitimate and less likely to be monitored for misuse,” said Tom Oscherwitz, chief privacy officer at ID Analytics. “This new study finds that child identity fraud is more than a hypothetical risk. Well over 140,000 U.S. kids are victims of the crime today. Our children need better protection. A comprehensive solution to child identity fraud requires a layered approach reflecting advances in technology and business processes, legislative guidance and consumer education.”

And while child identity theft is now being taken very seriously, we should still only expect it to rise. More than a year ago I wrote about the problems of the legal sale of child identities online, offering packages of what were called Personal Credit profiles ostensibly to conduct evaluations of child credit worthiness.

While there is no law against the sale of this information, it seems that most of the purchasers were using the information to either steal identities or repair badly damaged credit histories by stealing the clean credit records of kids.

There’s a reason why kids and the elderly are so often targeted by thieves. They are simply the most vulnerable, and targeted by the most heartless. We need to increase our focus on the protection of these vulnerable groups, and with a real sense of urgency.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

As notorious hacker collective Lulz Security claims to be sailing off into the sunset, pursued and taunted by other hacker groups like the A-Team and Web Ninjas, many are wondering who will fire the next salvo in the hacker wars and who will be the next casualty.

And while many were surprised at how quickly Lulz appeared and disappeared, hacker collectives and hacktivists have been living, working, and hacking amongst us for nearly two decades. It’s now nearly ten years since I gave a hacker from notorious hacker collective Cult of the Dead Cow a plane ticket to attend the DEFCON hacker conference in Las Vegas and report back on his thoughts about the differences in thinking and culture between hackers and security professionals – at least those hired to protect.

Cult of the Dead Cow, also known as cDc, is credited with coining the word hacktivism. I was writing at the time for a publication called SearchSecurity.com and working on a story that compared the security skills of hackers to those of the security professional being paid to protect us.

cDc may have been the birthplace of the hacker collective, and that birthplace was a slaughterhouse in Texas in the mid-1980s. cDc eventually launched the careers of many of the world’s most famous and competent hackers, who interestingly enough eventually became some of the most respected and respectable security industry executives.

cDc had a simple goal and slogan at the time – Global Domination Through Media Saturation – and its activities ranged from hacking the Church of Scientology to distributing their own music. OK, they did a lot worse than that but we have only so much space.

Like many hacker collectives, cDc either spawned or embraced a number of other hacking groups, and some of its members went on to create other, equally notorious hacking groups.

For example, cDc hacker Mudge later launched L0pht, another high profile hacking collective active in the 1990s. Unlike many of today’s hackers, L0pht members were pretty much out in the open and even had their own Boston headquarters they hung out in. They famously testified before Congress that if they really wanted to they could take down the entire internet in less than 30 minutes.

And where are they now? Surprisingly legitimate and well respected. L0pht eventually merged with a security consultancy @stake which was later purchased by security firm Symantec. L0pht hacker “Weld Pond” is now Chief Technology Officer of respected security company. “Kingpin,” whose real name is Joe Grand, now lives in San Francisco and hosted the Prototype This program on the Discovery Channel.

And whatever happened to Mudge? His real name is Peiter Zatko, who later went on to serve as an adviser to President Bill Clinton on cyber security and now works for the U.S. Department of Defense Advanced Research Projects Agency (DARPA).

I’ve always maintained that most security professionals can easily be outsmarted by good or even average hackers. It’s not about competence, it’s more about culture. Hackers by their nature are usually more inquisitive and creative, less worried about failing, and of course don’t have corporate security rules or federal guidelines holding them back.

Will we ever see members of Lulz or Anonymous give up their rebellious ways and use their obvious security skills to protect the greater good? Will we ever see one of these hackers emerge as the head of security for a major corporation, the kind of security head these hacktivists say they despise?

Probably.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Here’s a quick guide on what to do if you suspect fraud on your credit report.

• First, put a fraud alert on your account at all three credit bureaus to make it difficult for criminals to access your credit

• Next, file a claim with the Federal Trade Commission (FTC). They are charged with tracking identity fraud cases, and have many resources that can help you clean up the financial mess that criminals make.

• Then, file a police report with your local authorities. Most financial institutions won’t resolve unauthorized credit claims without this type of documentation.

• Finally, check out credit monitoring services, such as Identity Guard that can promptly alert you to certain changes in your credit file.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

You can help protect yourself from these scams by always visiting a website directly, such as manually keying the website address into your browser. And if you receive a suspicious email, make sure to forward it to the related business, and ask if they sent the message. Since legitimate businesses never ask for your Social Security number or other sensitive information over email, if you receive one that does, it’s likely a scam.

Also, consider using a credit monitoring service such as Identity Guard. Credit monitoring is a useful tool that can help you protect your credit, and review your credit reports and scores.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

According to a recent study conducted by ID Analytics, around 45 million people in the United States knowingly manipulate facts concerning their identity. That means that around 16% of the U.S. population deliberately tinkers with their identity in order to obtain credit, get new cell phone service, get an auto loan and many other things.

I guess probably the same percentage of the population exaggerate or fluff their resumes in order to improve their chances of getting that all-important job. Except that manipulating your identity and credit profile may get you into a lot more trouble, in most cases is illegal, and can create havoc for the victims who may be the true owners of the hijacked identity.

The ID Analytics study looked beyond simple errors and typos in credit applications, and instead focused on deliberate manipulations of things like Social Security numbers, names, and addresses.

Here’s a little of what they found when they poked around their database that includes more than 1.4 billion identity events – things like purchases and credit applications – and 300 million individuals in the United States (scary that they have so much information in the first place):

• 8 million people are using two or more Social Security numbers.

• 16 million people were found to be using multiple dates of birth.

• 10 million people manipulated their identities by co-mingling some of their spouse’s information into their own identity.

The firm was even able to identify a selection of the worst offenders and biggest manipulators, like the person in Philadelphia who appears to have 165 Social Security numbers, 44 different dates of birth (lots of birthday presents there), and 3 different names. Or the resident of Cleveland Ohio who has 106 Social Security numbers, 12 dates of birth, and six different names.

According to Stephen Coggeshall, chief technology officer for ID Analytics “While there is extensive research on the crime of identity fraud and its victims, there is far less on the actual perpetrators of the crime. Now for the first time, there is a comprehensive view of who identity manipulators are, where they are living and specifically how they are manipulating their personal information.”

So why do so many people manipulate their identities in this way? There are many reasons and theories:

• To get the type of credit that their real identity would be denied, perhaps because previous poor credit scores or history.

• People new to the credit or job market trying to jump start their credit history.

• Criminal hiding from the law.

• Sex offenders trying to stay off the radar.

• Illegal immigrants or unauthorized workers moving from job to job or state to state.

• Criminals engaged in systematic fraud.

• Attempts to access or pay for healthcare that might otherwise be denied.

• Attempts to hide finances or purchases from a spouse or former spouse.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

We hope you have enjoyed today’s podcast presentation. Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Continue to believe that it can’t happen to you

Apathy is the biggest enemy, whether it’s towards your health, wealth, or security. If you don’t take security seriously, refuse to accept that you could fall victim to identity theft, and fail to take responsibility for your own security, you stand a much greater chance of being victimized.

Assume zero liability means you have nothing to lose

Zero liability has given many consumers a very false sense of security, and the belief that if identity theft costs them nothing, they have nothing to worry about. But zero liability does not mean zero risk, zero responsibility, or zero loss. Zero liability won’t cover your costs, the emotional harm, time off work, or damage to your credit.

And just because your bank or credit card company says you won’t be on the hook for credit fraud losses, that doesn’t mean you won’t fall victim and face losses. Zero liability can be discretionary, and in many cases financial institutions can take weeks and often months before they return any lost funds or wipe away any debts. And when it comes to compromised bank accounts, small business owners don’t enjoy zero liability at all.

Don’t monitor your credit, or watch it constantly

If you’re not watching you credit reports like a hawk, you’re unlikely to spot the tell-tale signs that someone is trying to steal your identity. It could start with a number of applications for new credit, which can be accepted or declined. A determined thief will keep trying, and if you are not watchful, a simple fraud attempt could easily turn into a more serious identity theft.

Surf where and how you like

So many identity thefts are now being triggered by malware that lies in wait on infected web sites. With so many legitimate web sites are now believed to be infected with malware, you need to be ultra cautious where you surf, what you click on, and what you download. If you don’t, you increase the chance that very nasty malware will work its way on to your computer, steal your information, and hijack your identity.

Talk too much, especially on Facebook

Another sure-fire way to lose your identity is blabbing too much. Facebook has become a haven for identity thieves looking for all that personal information that they need to steal your identity and that you might be giving away free. Things like family background and history (your mother’s maiden name), where you were born, where you went to school, where you work and worked, and your date of birth – all of immense value to thieves. Here’s a great article to help keep you safe – Ten Privacy Settings Every Facebook User Should Know.

Get careless with your password

A number of recent high profile attacks have exposed a number of things we’ve known all along – that most users still use very weak and easy to crack passwords, and they use the same passwords for multiple web sites. So if a hacker gets your password in an attack on one site, they could do a lot more damage.

Trust too much, especially when it comes to email

Phishing continues to be a major threat, and getting more sophisticated every day. If you’re not aware of what phishing is, can’t recognize the tell-tale signs of a phishing attempt, and don’t know how to respond (or not respond), you stand a much greater chance of being hooked by “phishy” bait. If you aren’t sure, the Anti-Phishing Working Group has compiled a list of recommendations to help you avoid this type of scam.

Don’t properly protect your credit cards and accounts

Just like with your credit reports, if you’re not watching your bank account and credit card statements constantly and carefully, you won’t spot any signs that your account is being tapped or dripped, or those small test transactions thieves will often use to test your vigilance before launching a major assault.

Don’t manage your personal information properly

A very easy way to fall victim to identity theft is to not protect your paperwork and possessions. That includes hiding personal documentation in the home (especially financial statements, tax returns, and anything with your Social Security number on it), protecting personal documents at work or when travelling, and not protecting your mail.

Don’t Think Security First

The key to staying off the radar and out of the traps of thieves is to think security first. That means constant vigilance – don’t worry, it eventually becomes second nature – so that you think about security before you click on an attachment and not afterwards, think about security before you create or use a password, think about checking your credit reports before you find out there’s something wrong, and so on.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

I’ve talked a lot about data breaches in the last few weeks, so maybe it’s time to move on and discuss something else. Or maybe not.

Because in just the last week we’ve seen a massive scaling up of these data breaches, and especially deliberate breaches by skilled hackers. Victims of these breaches range for the CIA and U.S. Senate, to more than half a dozen gaming web sites and companies, and while there’s little you can do to prevent these breaches there are some things you can do to avoid being ensnared in one. Or at least minimize the damage if you are.

1. Sign up for as little as possible. That’s one of the best ways to avoid being victimized by someone else’s mistake. The less information people have about you, and the fewer sites and businesses share it, the less they have to lose – about you.

2. Opt out as much as possible. Check your inbox. If you’re still getting a bunch of regular emails for things you signed up for in the past but don’t really use any more, then opt out or unsubscribe. It may not remove your information completely from that organization’s database, but it could certainly help.

3. Use a low risk and low balance credit card to make payments, and especially reoccurring payments. That way, if your credit card is compromised the damage won’t be too severe and you won’t have much work to do to fix it. Above all, NEVER use a debit card for online purchases.

4. If you’re offered free monitoring, take it and use it. Credit and identity monitoring are a great way to get early warning about the possible misuse of your information after a breach, so use it to its fullest.

5. If you’re not offered monitoring, demand it. After all, you probably deserve it. I sometimes feel badly for organizations that suffer a data breach and end up having to spend millions of dollars as a result. But it’s not your fault that they lost your data and put you at risk.

6. If you still don’t get free credit monitoring, either check your credit reports yourself, or better still, have Identity Guard watch your reports on your behalf.

7. Shields up. Every breach should be a reminder to you of the importance of vigilance. Use these moments (and it looks like there’ll be plenty of them) to watch out for any unusual activities on your credit reports, accounts, email, and even snail mail.

8. Change your passwords and use the moment to change your password habits. It makes sense that if your password is compromised in a data breach you would immediately change it, right? Lots of people do, but to just a slight variation of the password that was just compromised. Some people just like familiar passwords that they have a sentimental attachment to, but a breach is a great time to shake free of the personal connection and create a bulldog of a password that will defend you fearlessly.

9. Don’t use the same password for everything – because a number of recent data breaches found that many users use the same password for multiple web sites. A single password for multiple sites just makes it easier for hackers to create more havoc in your life.

10. Don’t stop thinking about tomorrow. It’s not just a great song, it’s a great rule. There will always be more breaches, and chances are a few dozen (or even a few thousand) are taking place right as I pen this blog. Make sure you have at least something of a plan in place so that as soon as a data breach hits the headlines, you’ll know your very next move.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Facebook is once again on the hot seat over privacy, and this time it’s all over something called facial recognition that the company announced last year but just very quietly introduced in the past few days. In fact, if you’re a regular Facebook user you probably won’t see anything about the new change on your Facebook page, any mention that it even exists, and worst of all, no mention that you’re now opted in to this troubling new feature without your permission.

Here’s how it works. As your friends add more photos to their albums, Facebook’s new technology will try to determine if any of the faces in the photos look anything like you. If they do, Facebook will urge your friends to tag the photo with your name. It’s not your decision, but the decision of the person uploading the photo.

You don’t get to approve any of the tags before they happen, but instead have to go to the trouble of un-tagging any photos you don’t want tagged. This is something that is not explained at all by Facebook.

Facebook probably thought that if they introduced this very controversial feature very quietly, they would avoid any serious media scrutiny and consumer complaints. But as Facebook should have learned by now, nothing goes unnoticed any more.

And now security experts and legislators around the world are once again criticizing Facebook’s sneaky insult to user privacy. According to Graham Cluley of security firm Sophos “Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.”

PC World was even stronger in its criticism “Facebook is officially getting super-creepy,” adding that “the new facial recognition technology, which was announced in December but only introduced to a small test group, is basically Facebook’s way of creating a huge, photo-searchable database of its users. And yes, it’s terrifying.”

And according to PC World, Facebook’s members upload over 200 million photos every single day, adding to the estimated 90 billion photos that already reside on Facebook. Many of the privacy concerns revolve around how easy it could be for inappropriate photos of you to end up being viewed and judged by complete strangers around the world, without your knowledge or permission – photos that may not actually be of you.

“At the end of the day, Facebook’s facial recognition technology is downright creepy,” said Sarah Jacobsson Purewal of PCWorld. But what’s even creepier is how hard Facebook makes it for the average user to disable facial recognition. It even took me quite a while to figure it out, and it’s very obvious that Facebook is doing everything possible to make sure as many users as possible find it hard to opt out and just give up.

Here’s how to opt out of facial recognition – bear in mind, you’re wasting your time looking for any link or reference to facial recognition on Facebook because they absolutely refuse to even use the term.

• Click on the Account link at the top right of your Facebook page and go to Privacy Settings (I really hope this is a place you’re very familiar with!)

• Towards the bottom of the page you’ll see a lonely little link “Customize Settings.” Click on that link and scroll down to “Suggest photos of me to friends.”

• Next to “Suggest photos of me to friends,” click on “Edit Settings>”

• You’ll probably see that this feature has been “Enabled” by default, meaning that if you do nothing, facial recognition will always be turned on.

• Change Enabled to Disabled, and you’re done. At least until the next time Facebook tries another sneaky privacy end-run.

Editors Note: Since writing this article, the Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission, asking the FTC to bar Facebook from using the facial recognition technology.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Every three months or so, security firm McAfee shares with the world all the trends uncovered and identified by its research labs.

The quarterly results rarely offer any good news, and unfortunately the first three months of 2011 are off to a very troubling start. Unless you’re a cybercriminal.

We went through McAfee’s most recent quarterly threat review and identified a dozen worrying trends you might want to be aware of:

1. There appeared to be a significant reduction in spam although research shows that many others are waiting in the wings to take its place. McAfee worries that the reduction is just as a result of a pause by global cyber gangs as they retool and upgrade their attacks.

2. Historically, Android has been ranked as the third most targeted mobile platform, but in the last three months it has jumped to the number 2 spot overall for mobile malware.

3. Mobile malware will continue to evolve in sophistication and functionality and at a much faster rate than the development of PC-based malware. Criminals are now using everything they’ve learned in developing PC-based malware and quickly adapting those lessons to anything mobile.

4. Hacktivism may be on the rise again, as exhibited by a number of high profile hacks like the Sony PlayStation Network, the Wikileaks saga, and the uprisings around the Arab world.

5. Malware just posted its busiest quarter in history. McAfee Labs identified more than six million unique types of malware in the last twelve weeks, the busiest quarter on record, and adding up to about 75 million different types of malware expected by the end of this year.

6. Fake anti-virus software seems to be on the rise again and password-stealing Trojans are demonstrating a consistent level of activity.

7. Search-term manipulation continues, with criminals talking advantage of vulnerabilities in search rankings to lead users to malicious sites. McAfee found that 49% of the daily search terms in the top 100 results lead to some kind of malicious web site.

8. McAfee identified a new password-stealing Trojan every day of the quarter.

9. Banking stealing Trojans are now commonly being delivered by phishing emails, from UPS and FedEx, the IRS and NACHA.

10. McAfee identified an average of 8,600 new infected web sites every single day during the first three months of the year.

11. Over the last three months, McAfee uncovered an average of 2,500 new phishing sites every day. The most common brands used in phishing emails included Wells Fargo and Paypal.

12. The malicious exploit of Adobe products (more than 36,000 this quarter) topped the number of malicious exploits of Microsoft Office products by a wide margin.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Visit msnbc.com for breaking news, world news, and news about the economy

More tips to protect your identity when traveling for business or pleasure this summer.

And here are the latest summer safety tips from Intersections Inc.

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

A recently published report from the Government Accountability Office (GAO) entitled TAXES AND IDENTITY THEFT – Status of IRS Initiatives to Help Victimized Taxpayers, found that last year alone the IRS uncovered nearly quarter of a million cases of tax –related identity theft and nearly half a million since 2008.

While some of these cases involve exploiting the social security numbers of the deceased, the majority of the cases use live SSNs of real tax payers who are expecting a refund. The popularity of tax related identity theft can clearly be seen by the growth in cases uncovered by the IRS. For example, the IRS identified 51,702 incidents in 2008,169,087 incidents in 2009, and 248,357 incidents in 2010.

While the rapid growth in cases uncovered could simply be as a result of greater scrutiny and diligence by the IRS, it’s still not good news. And the IRS admits that the first time they identify a case of identity theft it may be too late, because it usually happens when the legitimate taxpayer files their tax return, finds out a return has already been made and a refund paid, and then alerts the IRS.

And while the IRS does take identity theft seriously, it admits in the report that its ability to address identity theft issues is constrained by a number of factors including:

• privacy laws that limit the IRS’s ability to share identity theft information with other agencies;

• the timing of fraud detection—more than a year may have passed since the original fraud occurred;

• the resources necessary to pursue the large volume of potential criminal refund and employment fraud cases; and

• the burden that stricter screening would likely cause taxpayers and employers since more legitimate returns would fail such screening.

The IRS is increasing its vigilance though. For example, it has introduced a screening process that “red flags” returns for additional scrutiny if some things don’t make sense – things like an unusually high refund compared to previous years, or a change of home address. As of May 12, 2011, 216,000 returns filed in 2011 failed the screens and were assigned for closer inspection. Of these inspected, 145,537 of the returns, or 74% were fraudulent.

The IRS is also trying to address the growing problem of using the social security numbers of the deceased to file tax returns, by locking the Social Security number of the deceased to prevent them from being use to commit tax fraud.

But it’s still an uphill battle and will be for years. The report found that in 2009 there were 10 million address changes, 46 million changes in employer, and millions of deaths and births. The GAO observed that “Checking all returns that reflect these changes for possible refund fraud could overwhelm IRS’s capacity to issue refunds to legitimate taxpayers in a timely manner.”

Last year when I was helping a victim of identity theft to recover a $5,000 refund that was paid to a thief instead, agents with the IRS identity theft hotline freely admitted that they were under staffed, under trained, and under funded, and as a result there was very little they could do to spot cases of identity theft until it’s too late.

In many cases I’ve dealt with, the victim is relying on their refund to pay an important bill, in some cases urgent medical bills. According to the report, the median amount of suspected identity theft–related refunds identified in the 2009 filing season was around $3,400.

When a refund is diverted to an identity thief, the victim can wait a year or longer for the IRS to go through its investigation process and issue a check to the real tax payer. Just in time for the next tax season.

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

At the annual IEEE Symposium on Security and Privacy recently held in Oakland, California, a group of fifteen researchers from four different universities announced the results of a three month study into the commerce of spam, and made a startling revelation.

The group essentially set up a test system where they invited as much spam to their computers as possible, and over a three month period they received more than a billion spam messages from across the world.

Using this massive amount of evidence, they then set about tracing the origin of the spam, the various components required to launch spamming campaigns, and most importantly, the financial processes behind it.

The researchers made around 120 separate purchases in response to spam advertisements for drugs and herbal remedies. When they analyzed the payment process for these transactions, arguably the most important part, they found that more than 95% of the credit card transactions involved in the purchases they made were tied to just three financial institutions.

They made a lot of great points in their research and their report was eye-opening. But the bottom line is that the weak link in this massive criminal underground empire is when the criminal has to come out into the open and use some kind of legitimate credit card processing service or firm in order to process legitimate payments.

This is the choke point, the researchers concluded. If we could find a way to quickly identify the financial institutions that are facilitating these crooks and their transactions, and deny them the right to accept and process credit cards, the lifeblood of the criminal enterprise would be cut off.

The researchers did offer some other interesting suggestions:

• Directly engage the merchant banks and pressure them to stop doing business with the spammers and the crime groups behind them.

• Persuade the U.S. issuing banks – the banks that provide credit cards to U.S. consumers – to refuse to settle certain transactions that indicate a probability that the purchase is for illegal goods or made in response to spam. According to the authors of the study “the underlying enterprise would be dramatically demonetized.”

• Create and share a “financial blacklist” of financial institutions that assist these spammers.

It’s not going to be an easy task though. The researchers pointed out that it’s a much slower process to persuade facilitating banking institutions to stop helping spammers than it is for spammers to find new financial enablers. And many spammers pick countries where spamming and selling fake or counterfeit pharmaceuticals is either not against the law or at least not considered a serious matter.

Of course the easiest way to significantly reduce the amount of spam in circulation is to find that small percentage of dumb users who respond and purchase, and convince them of the error of their ways. An article in the New York Times observed that in order for spammers to sell $100 of Viagra, real or fake, they need to send out 12.5 million spam emails. There is a point at which spam no longer becomes financially viable, and that could be best achieved by better educating the recipients.

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

In an effort to stem the seemingly endless flow of data breaches exposing personal information to thieves and other risks, the White House is floating a cyber security plan that includes a new Federal standard for how a breached organization or business should respond. And while almost every state in the nation already has some sort of data breach law, this is the first time that a single, federal law has been proposed.

Here are some of the highlights:

• Under the proposed legislation, a breach would be defined as a “compromise of the security, confidentiality or integrity of, or the loss of, computerized data” that results in “unauthorized acquisition of sensitive personally identifiable information or access to that information that is for an unauthorized purpose.”

• Any organization, for profit or not-for-profit, is covered by the legislation if it collects or stores personal information on more than 10,000 individuals over a 12-month period.

• Any breach discovered must reported to the Federal Trade Commission within 60 days of discovery, but breached organizations can be granted an extra 30 days.

• Healthcare organizations would not be covered because they are already covered by pretty comprehensive data breach legislation.

• Some organizations could be completely off the hook in the event of a data breach. For example if the organization conducted a risk assessment that concluded there would be no harm done to the individuals whose information had been exposed or stolen; or if the information had been protected in such a way, like encryption, that it would be of no use to the thieves.

• Civil penalties would be capped at a very low $1 million.

• Data covered by the legislation includes the obvious, like names, addresses, account numbers, passwords and Social Security numbers, but doesn’t seem to include email addresses.

Now while this legislation so far is just a proposal and could be altered, it does seem to be a very weak response to a major security problem.

For example:

• Capping civil penalties at $1 million seems too generous to the offending organizations and does not really punish the most egregious of breaches.

• While the legislation requires that a breached organization must notify the credit bureaus, there’s no mention of whether they must identify to the bureaus which consumers have been affected and what the bureaus should do. So I assume the bureaus will do nothing.

• Because there’s no mention of email addresses as sensitive data, it could mean that some of the biggest data breaches, like the recent Epsilon breach that exposed tens of millions of email addresses, would not be covered by the legislation.

• Up to 90 days to first notify the public seems too long. I understand the need for breached entities to learn as much as possible about the breach but they could easily make a “qualified” early announcement. The legislation should incorporate that.

• There’s no free credit monitoring provision, which means that’s entirely at the discretion of the breached entity. There’s also no education provision and no long term support provisions. We know that many thieves will hang on to data for months after the event, waiting for the fuss and attention to pass. That leaves victims on their own when the thieves finally try to launch their “liquidity event” and cash in the stolen data.

• And I can see all kinds of problems, delays, and even deceit over the ways organizations determine whether the exposed or stolen data can harm victims. Shouldn’t victims have a say in that determination?

In summary, I think the White House is obviously seeking to create a clearer and more defined way for breached entities to respond, but so far they seem to be letting these organizations off way too easy. We’ll see if they change the mind, or maybe read this blog post.

Note: Read what other security experts say about the proposed Federal data breach policy in this article on BankInfoSecurity.com.

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

The fix for this is very simple: change your password. This will invalidate any third-party access to your profile, and it’s the Facebook equivalent of changing the locks on your house. The Daily Shield also recommends that you consider removing applications from your profile that you are no longer using. Don’t get us wrong. We love Farmville as much as the next person, but why give third party developers and advertisers access to your profile if you don’t have to.

The Daily Shield has previously published an article on how to limit the information Facebook shares with third parties. We think today’s disclosure is a good opportunity to revisit your Facebook security and privacy settings.

Want to learn more about identity theft and fraud protection?