In today’s post, Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very important advice on how to help the elderly, the baby boomer population, protect themselves from consumer fraud and identity theft. This is a very helpful article if you have aging parents, or if you yourself of of that AARP age! Read on!

Just last week I spoke at an identity theft seminar in the affluent Silicon Valley town of Palo Alto, CA. The event was organized by local County Supervisor Liz Kniss and the District Attorney’s office.

While anyone was welcome to join the free two-hour event, most of those who attended were seniors. And a couple of things jumped out at me that reminded me why we need to keep addressing the issue of identity theft among seniors.

The first thing I noticed was the size of the audience. The crowd looked like it topped 100, and there wasn’t an empty seat in the house. That at least suggested that there is still great concern over identity theft and a need for answers.

The second thing that jumped out at me was the very visual answer to a very simple question. When asked how many in the audience had fallen victim to identity theft or fraud, more than half of the audience raised their hands.

While there are lots of statistics about the number of victims of identity theft every year, I was still surprised to find that about one-half of the people in that audience believed they had been victimized by this crime.

This got me thinking. Were they victimized because they live in a very affluent community, surrounded by other affluent communities? After all, we know that identity thieves are increasingly targeting what they refer to as “whales” – higher net worth individuals who have more access to wealth, better credit, and less time to think about protecting themselves.

Or could the answer be even simpler, that these individuals experienced a higher rate of identity theft simply because they are older. I have a feeling I may be on to something there. Financial abuse and identity theft among the elderly are on the rise, and in many cases the thieves are those the victims trust most – caregivers, relatives, and even their own children or family members.

As a result of my presentation, I thought this might be a good time to revisit some sound advice we’ve given in the past, advice you should take to heart if you have elderly relatives, friends, or neighbors:

• The best thing you can do is to be around and in touch. Scammers are less likely to focus on an elderly victim if they know a family member is close by and vigilant.

• If you know and trust their neighbors, ask them to get more involved and keep an eye open.

• If the individual is in a nursing home or retirement community, do your homework on the community, talk to the operators or managers about security, and encourage the individual to keep as little personal or financial information with them as possible.

• If the individual is in a nursing home, suggest that all mail be forwarded to you.

• Talk to them about the risks, give them a simple checklist of warning signs to watch out for, and encourage them to always call you before they buy something new, sign any legal or loan documents, or are pressured or harassed by any stranger. They should be especially careful about telephone solicitations, which often target the elderly.

• Conduct a regular home audit, making sure that all financial documentation is safely locked away, and that any computers have adequate security in place and working.

• If home help or caregivers are involved, let them know that you’re watching out for that individual and will encourage the prosecution of any crime. If you can, do a criminal background check on any caregivers, home help, or anyone else that might have regular access to the home. If you hire a home-care professional, seek out licensed employmen agencies who will perform such background checks.

• If appropriate, offer to handle all financial transactions and account management for the individual, and have them refer any financial enquiries, proposals, or problems directly to you.

• Work with their bank and credit card providers so that they are also alert to any unusual activities or transactions on their accounts.

• Offer to check their incoming mail for suspicious offers, and to check their monthly bank and credit card statements to ensure there are no fraudulent charges or suspicious payments.

• Regularly check that the individual is receiving any Social Security benefits, pension payments, and health care they’re entitled to, and that these entitlements or payments are not being diverted or misused.

• Offer to remove them from direct mailing lists to reduce the amount of junk mail they receive. Also offer to place them on national “do not call lists” to reduce the risk of unwanted telephone solicitations

• Help them make regular payments for things like utility bills so that checks are not stolen in the mail.

• Consider placing a credit freeze on their credit reports to prevent any unauthorized credit. This freeze can easily be lifted if the individual wants to take out new credit.

• Check for any financial or utility accounts that are no longer used or needed and close them if possible.

• Help them to regularly check their credit reports and if possible set them up with a credit monitoring service with alerts sent directly to you

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

We recently reported on the findings of the 2012 Identity Fraud Report released by Javelin Strategy and Research. The report states that the number of identity fraud incidents increased by 13 percent in 2011, totaling 11.6 million adult victims. The report also found that certain social media behaviors and increasing number of data breach incidents contributed to the overall amount of identity fraud instances in the United States over the past year.

Our infographic highlights some of the things that you can do to protect yourself from identity fraud. Please share it with your friends and colleagues.

Read more about the 2012 Javelin Strategy & Research Identity Fraud Report.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Although it is still the middle of winter, there are many media reports stating an increase in vacation rental scams. Intersections’ Consumer Security Adviser Neal O’Farrell shares some insights on this disturbing trend and offers up some tips on how you can protect yourself.

Believe it or not, now is the time that many people start making decisions about their vacation, especially with Easter and spring break not far away. And now is also the time that scammers start to ramp up their attacks to take advantage of this.

That’s probably why consumers around the country are being warned to watch out for a new wave of scams based around vacation rentals. It’s a story we covered about a year ago but is fast becoming a favorite for scammers around the world.

In recent cases, scammers are stealing the email passwords of genuine renters using vacation rental web sites, and posing as the real owner are advertising vacation properties, accepting deposits, and then simply vanishing; leaving the real homeowner, the victims, and the web sites to pick up the pieces.

In the most advanced scams, scammers are creating entire web sites devoted to highlighting a variety of rental properties around the world at attractive prices. The sites come complete with detailed photos and descriptions of the properties, information on local attractions, testimonials from happy renters, and even currency exchange calculators. All designed to convince customers that the site is real.

The scammers use international payment systems to collect multiple deposits for properties that are not theirs to rent. And in many cases the properties are actually real and available to rent – just in case the vacation-seeker decides to try to look at the property using Google Earth. If scammers can take multiple deposits, for thousands of dollars at a time, for the same non-existent rental, you can imagine how lucrative the scam is.

And this is where the scam can get particularly heartless. Imagine that you and your family have booked and paid for your dream vacation. Everyone has taken time off work, you renewed your passports, paid for a pet sitter, and purchased a bunch of expensive plane tickets.

After hours of exhaustive travel you arrive at your dream rental only to find someone else is renting it, or the owner has never heard of you and has never rented the property. And because it’s the height of tourist season there isn’t a single room anywhere nearby to rent instead. It can be emotionally and financially heartbreaking for victims. And if the vacation is purchased directly from the scammers, there’s no recourse, refund, or insurance.

In one recent case, an unlucky homeowner in Florida was plagued by an endless stream of angry vacationers demanding to get into his property – which they believe they had rented – or get their money back. After some victims became so threatening, the homeowner had to post signs on his lawn that the property was never for rent in the first place. And it’s easy to understand why victims might assume that the real homeowner is in on the scam.

And the Chicago Tribune recently ran the story of one such victim, who paid a deposit of $4,500 to rent a vacation home that simply did not exist. And while the victim was careful enough to rent the property through a reputable online broker called HomeAway.com, she was still out of luck. Many of these sites do little if anything to verify the authenticity of their advertisers. And in this case, the crooks had gone to the trouble of hacking into the real owner’s email account and launching the scam that way.

But with some sites hosting property listings by more than half a million property owners and managers, it’s impossible to police such a large pool of properties all around the world.

Unfortunately, there’s very little you can do to avoid such a scam. The obvious protection is to not pay upfront for rental listings you find on Craigslist or in unsolicited emails. But even going through reputable online sites and brokers is no guarantee either.

There are some things you can do to at least reduce the risks:

• Use an established and reputable online broker and see if they have some form of rental guarantee or insurance.

• Pay with a credit card or PayPal if you can but never by wire transfer.

• See if you can get any referrals from friends who might have some favorite vacation properties they can recommend.

• Never respond to an email offering vacation rentals. Most legitimate renters won’t spam you.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell writes today about a dangerous new banking Trojan that has recently been making the rounds. It’s called “SpyEye” and it is causing all sorts of trouble. In today’s article, Neal provides some important tips on how to protect yourself, and your bank account from this nasty threat.

A few years ago I started warning about a dangerous new type of malware known as a banker or banking Trojan, with names like Clampi and Zeus. Banking Trojans were such a threat because they were very good at what they were designed to do – sneak on to your computer, bypass security, steal your passwords, log in to your bank accounts and empty them. Within a matter of months the FBI estimated that these Trojans had stolen hundreds of millions of dollars from victims across America.

Security researchers recently discovered a very dangerous new form of this Trojan that has financial institutions very worried. The Trojan is called SpyEye and has also been around for a few years – most researchers believe SpyEye is just a reincarnation of the dreaded Zeus Trojan.

In the new version, the Trojan is able to manipulate your transactions history so that if you were to check in on your bank account and look at things like transactions and balances, everything would look OK. That’s because the Trojan is able to erase its tracks and hide any changes it makes in your account – like transferring all your money to another account. This is a very worrying development because in many cases, checking your statements is the only defense you may have against such scams.

Because the attack presents the doctored statements to your browser, it would not be able to hide the attack if you were to access your bank account from another computer or an ATM. And of course the scam would be obvious in a paper statement. But, as experts point, finding out about the attack when your statement arrives thirty days later may be way to late to stop thieves from emptying your account.

In an interview with MSNBC, Amit Klein, one of the security experts who discovered the new threat cautioned “My take is that if your computer is infected with financial malware, it’s game over anyway. My takeaway is you need to prevent getting infected with financial malware in the first place.”

Because SpyEye variants are constantly changing to evade virus detection, it can sometimes take virus companies weeks to push out a virus signature to your computer. If SpyEye manages to infect your computer during that window, you may be out of luck.

In 2005, almost half of new malicious codes were Trojans, according to Panda Security. By the end of 2010, Trojans made up more than 70% of new malware.

There are believed to be thousands of varieties of banking Trojans in circulation, and some can be purchased as complete ready-to-go kits for as little as a few hundred dollars.

Most Trojans will infect computers by using spam with infected email attachments, or by infecting web sites which in turn will infect unprotected computers visiting those sites – known as “drive by” infections.

Here are some things you can do to protect yourself:

• Scan all your personal and business computers, either using your existing anti-virus software or using any of the free scanning services listed on our web site.

• Be very careful in the web sites you visit and consider using one of the many free web site verification tools, like Trusteer, that can help identify infected web sites before you click on them.

• Layer every computer with the best virus and spyware protection available and update it constantly. But be aware that having the latest anti-malware protection in place is no guarantee that you’ll be able to prevent or detect an infection.

• Patch your computer constantly and make sure your computer settings are configured to automatically download and install patches and updates as soon as they become available.

• Avoid opening email attachments or clicking on links in emails unless you’re able to verify the email is legitimate, and be careful about visiting web sites you’re not familiar with.

• Teach all family members or employees to be especially vigilant for phishing schemes and to watch out for unusual or personalized emails with attachments or links that are not familiar.

• Set up account alerts to notify you of any transactions or changes in account balances, and work with your bank to see if there are additional layers of authentication they can use to prevent or alert you to unauthorized transfers.

• Spread your funds between a number of accounts and limit the number of users on each account.

• Change your passwords regularly, make them tough to guess, and protect them well.

• Use keylogger protection to help hide your passwords and protect them from snoops.

• Consider using just one computer for online banking, and make sure that computer is highly secure and ideally not used for email or any other Internet connected activity.

• Be vigilant when visiting your bank login page, especially for any changes to the login procedure or requests for additional information.

• Check your paper statements as soon as you get them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell asks the question “is the economy helping cybercriminals?” Read on to find the answer!

A recent report from security firm Panda Labs found that in the last three months alone it has detected more than five million new types of malware. That works out to an average of one new type of Trojan, virus, and other malicious program discovered every 1.5 seconds.

Because of the way most anti-virus programs work, once a virus is discovered the anti-virus companies have to rush to write a piece of code or signature that must then be downloaded as quickly as possible by billions of users around the world in order to keep that particular piece of malware out.

That means that many of these viruses can easily make their way on to unprotected computers before the programmers have time to push out the updates. And with many anti-virus companies struggling to grow their profits, it could mean that as malware grows in volume and sophistication, anti-virus companies may have to spend less on updating their software.

And if you don’t believe in such perfect storms, take a close look at the identity theft wars. As identity theft continues to grow, and become more sophisticated, cash strapped police departments no longer have the resources to investigate these crimes. Which only encourages and emboldens more thieves.

The Panda Labs report seems to support this notion. The most powerful and dangerous type of malware, and the type most favored by organized crime for its ability to steal passwords and break into bank accounts, is the Trojan. And according to Panda three out of every 4 new types of malware discovered in the last three months was a Trojan.

Which probably explains why Trojans were responsible for the majority (63%) of infections in the last three months. Trojans are very efficient bank robbers, and the payoff can be enormous. Two cybercrooks from the Ukraine were just sent to prison in the United Kingdom after they were convicted of using exactly this type of malware to steal more than $4 million from bank accounts in just six months.

On a related note, the Panda Labs report also found that the countries with the worst infection rates were China, Taiwan, and Russia. In China, for example, it’s believed that more than half of all PCs are infected by malware.

And traditional attacks like phishing are not going away. Within days of a warning by the American Bankers Association of an unexplained spike in phishing attacks, security researchers had identified a new type of phishing attack that looks like it comes from a well-known bank and offering recipients $35 to complete an online survey.

According to security firm Sophos, the email asked for so much highly confidential information it should be a warning sign. According to Sophos, the email questionnaire asked for:

• Social Security Number
• Card number
• Card expiration
• CVV
• ATM PIN
• First, Middle and Last name
• Email (ironically they mailed you the form)
• Address
• Mother’s maiden name
• Place of birth
• Birthday

And an increasingly common way to spread phishing emails and infect users with this kind of malware is trusty old spam. The irony is that much of the spam in circulation today comes from the computers of innocent users. Spammers use botnets to infect unprotected computers and use them to relay spam to other users. And unfortunately, it appears that the United States still holds the top spot when it comes to relaying spam.

The bottom line? The easiest way to lose a battle is to just walk off the battlefield. As many companies and industries struggle just to survive, they’re cutting back on security. According to this year’s annual Global Information Security Survey, conducted by PricewaterhouseCoopers, nearly 10,000 executives around the world were asked about their plans to make security a priority. Sadly just 11% said that they planned to make data protection a top priority.

Cyber-crooks are taking full advantage. Not only are they developing even more sophisticated malware, they’re deliberately overloading businesses and consumers with so many attacks, something has to give.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell reports on a recent report by Symantec that compares cybercrime to the world wide drug trade. Interesting stuff!.

Is the cybercrime business really bigger than the drug trade?

That’s the claim (sort of) of an eye-opening report recently published by Symantec. According to the Norton Cybercrime Report 2011, the global cost of cybercrime was nearly $388 billion last year. That number is made up of $144 billion in direct financial losses by victims, and another $274 billion in losses due to lost time and other indirect costs as a result of the attacks.

Norton then compared that to a number of United Nations World Drug Reports over the last few years that pegged the black market for marijuana, cocaine and heroin combined at $288 billion, coming to the conclusion that the global cost of cybercrime exceeded the drug market.

Hard to argue with, except that many media outlets have been reporting that Norton’s study claims that cybercriminals make more money than drug distributors. Which is obviously not the case, at least not yet – the report claims that victims lost $388 billion in direct and indirect losses but not that the crooks actually made that money.

But I’m sure it’s only a matter of time before the profits from cybercrime, and especially identity theft, exceed those from the drug trade. Just recently I spoke at a security conference for law enforcement where we discussed a recent case in Florida called Operation Rainmaker, an identity theft and tax fraud scheme that netted street level drug dealers more than $130 million simply by switching from dealing drugs on street corners to committing identity theft with laptops.

Here are some of the other findings of the report:

• More than two thirds of online adults (69 percent) have been a victim of cybercrime in their lifetime.

• Every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.

• 10 percent of adults online have experienced cybercrime on their mobile phone.

• Increased social networking and a lack of protection are the main culprits behind the growing number of cybercrime victims.

• Men between 18 and 31 years old who access the Internet from their mobile phone are most likely to be victims.

• Globally, the most common – and most preventable – type of cybercrime is computer viruses and malware, with 54 percent of respondents saying they have experienced it in their lifetime.

• Viruses are followed by online scams (11 percent) and phishing messages (10 percent). Earlier this year the Symantec Internet Security Threat Report, Volume 16, found more than 286 million unique variations of malicious software (“malware”) compared to the 240 million reported in 2009.

• Forty-one percent of adults indicated they don’t have an up-to-date security software suite to protect their personal information online.

• Less than half review credit card statements regularly for fraud (47 percent), and 61 percent don’t use complex passwords or change them regularly.

Read the full report for more findings from the Norton Cybercrime Report globally and by country.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Unfortunately, there is a lot of consumer apathy about the topic of identity theft and credit fraud. So, Neal O’Farrell, Intersections’ Consumer Security Adviser is back today with his ten tips that are guaranteed to make you an easy mark for identity theft.

Continue to believe that it can’t happen to you

Apathy is the biggest enemy, whether it’s towards your health, wealth, or security. If you don’t take security seriously, refuse to accept that you could fall victim to identity theft, and fail to take responsibility for your own security, you stand a much greater chance of being victimized.

Assume zero liability means you have nothing to lose

Zero liability has given many consumers a very false sense of security, and the belief that if identity theft costs them nothing, they have nothing to worry about. But zero liability does not mean zero risk, zero responsibility, or zero loss. Zero liability won’t cover your costs, the emotional harm, time off work, or damage to your credit.

And just because your bank or credit card company says you won’t be on the hook for credit fraud losses, that doesn’t mean you won’t fall victim and face losses. Zero liability can be discretionary, and in many cases financial institutions can take weeks and often months before they return any lost funds or wipe away any debts. And when it comes to compromised bank accounts, small business owners don’t enjoy zero liability at all.

Don’t monitor your credit, or watch it constantly

If you’re not watching you credit reports like a hawk, you’re unlikely to spot the tell-tale signs that someone is trying to steal your identity. It could start with a number of applications for new credit, which can be accepted or declined. A determined thief will keep trying, and if you are not watchful, a simple fraud attempt could easily turn into a more serious identity theft.

Surf where and how you like

So many identity thefts are now being triggered by malware that lies in wait on infected web sites. With so many legitimate web sites are now believed to be infected with malware, you need to be ultra cautious where you surf, what you click on, and what you download. If you don’t, you increase the chance that very nasty malware will work its way on to your computer, steal your information, and hijack your identity.

Talk too much, especially on Facebook

Another sure-fire way to lose your identity is blabbing too much. Facebook has become a haven for identity thieves looking for all that personal information that they need to steal your identity and that you might be giving away free. Things like family background and history (your mother’s maiden name), where you were born, where you went to school, where you work and worked, and your date of birth – all of immense value to thieves. Here’s a great article to help keep you safe – Ten Privacy Settings Every Facebook User Should Know.

Get careless with your password

A number of recent high profile attacks have exposed a number of things we’ve known all along – that most users still use very weak and easy to crack passwords, and they use the same passwords for multiple web sites. So if a hacker gets your password in an attack on one site, they could do a lot more damage.

Trust too much, especially when it comes to email

Phishing continues to be a major threat, and getting more sophisticated every day. If you’re not aware of what phishing is, can’t recognize the tell-tale signs of a phishing attempt, and don’t know how to respond (or not respond), you stand a much greater chance of being hooked by “phishy” bait. If you aren’t sure, the Anti-Phishing Working Group has compiled a list of recommendations to help you avoid this type of scam.

Don’t properly protect your credit cards and accounts

Just like with your credit reports, if you’re not watching your bank account and credit card statements constantly and carefully, you won’t spot any signs that your account is being tapped or dripped, or those small test transactions thieves will often use to test your vigilance before launching a major assault.

Don’t manage your personal information properly

A very easy way to fall victim to identity theft is to not protect your paperwork and possessions. That includes hiding personal documentation in the home (especially financial statements, tax returns, and anything with your Social Security number on it), protecting personal documents at work or when travelling, and not protecting your mail.

Don’t Think Security First

The key to staying off the radar and out of the traps of thieves is to think security first. That means constant vigilance – don’t worry, it eventually becomes second nature – so that you think about security before you click on an attachment and not afterwards, think about security before you create or use a password, think about checking your credit reports before you find out there’s something wrong, and so on.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield welcomes back Intersections’ Consumer Security Advisor Neal O’Farrell. Today, Neal writes about the disturbing uptick in cybercrime.

Every three months or so, security firm McAfee shares with the world all the trends uncovered and identified by its research labs.

The quarterly results rarely offer any good news, and unfortunately the first three months of 2011 are off to a very troubling start. Unless you’re a cybercriminal.

We went through McAfee’s most recent quarterly threat review and identified a dozen worrying trends you might want to be aware of:

1. There appeared to be a significant reduction in spam although research shows that many others are waiting in the wings to take its place. McAfee worries that the reduction is just as a result of a pause by global cyber gangs as they retool and upgrade their attacks.

2. Historically, Android has been ranked as the third most targeted mobile platform, but in the last three months it has jumped to the number 2 spot overall for mobile malware.

3. Mobile malware will continue to evolve in sophistication and functionality and at a much faster rate than the development of PC-based malware. Criminals are now using everything they’ve learned in developing PC-based malware and quickly adapting those lessons to anything mobile.

4. Hacktivism may be on the rise again, as exhibited by a number of high profile hacks like the Sony PlayStation Network, the Wikileaks saga, and the uprisings around the Arab world.

5. Malware just posted its busiest quarter in history. McAfee Labs identified more than six million unique types of malware in the last twelve weeks, the busiest quarter on record, and adding up to about 75 million different types of malware expected by the end of this year.

6. Fake anti-virus software seems to be on the rise again and password-stealing Trojans are demonstrating a consistent level of activity.

7. Search-term manipulation continues, with criminals talking advantage of vulnerabilities in search rankings to lead users to malicious sites. McAfee found that 49% of the daily search terms in the top 100 results lead to some kind of malicious web site.

8. McAfee identified a new password-stealing Trojan every day of the quarter.

9. Banking stealing Trojans are now commonly being delivered by phishing emails, from UPS and FedEx, the IRS and NACHA.

10. McAfee identified an average of 8,600 new infected web sites every single day during the first three months of the year.

11. Over the last three months, McAfee uncovered an average of 2,500 new phishing sites every day. The most common brands used in phishing emails included Wells Fargo and Paypal.

12. The malicious exploit of Adobe products (more than 36,000 this quarter) topped the number of malicious exploits of Microsoft Office products by a wide margin.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.