There are news reports almost daily about how hackers are able to gain access to the bank accounts of innocent victims and rip off thousands and thousands of dollars. In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell explains what you need to do to keep your hard-earned money out of the hands of hackers and criminals. A must read!.

The title of this article could just as easily have been “How to make half a million bucks a month from the comfort of your computer.” I was reading recently about how a twenty-something hacker from Russia managed to steal more than $3.2 million in just six months simply by pushing out malware designed to sneak on to unprotected computers, steal banking passwords, and empty bank accounts. His efforts paid off to the tune of around $17,000 a day, give or take.

The hacker goes by the nickname Soldier, and according to research by security firm Trend Micro, he managed to infect more than 25,000 computers in the three months leading up to June of this year using a malware toolkit that is freely available on the internet.

His success, at infecting so many computers and making so much money in such a short timeframe, should be a warning to every consumer to be ever vigilant when it comes to online banking. Soldier is one only of probably thousands of hackers using the same or similar crime kits to plunder online bank accounts.

So if you want to avoid being Soldier’s next victim, here are some simple tips to beef up your defenses.

1. Lock down your computer. Every computer should be protected by multiple layers of security, including anti-virus and other malware protection, encryption to protect your data, browser security to steer you away from malicious web sites etc.

2. Beef up your passwords. Weak passwords are your worst enemy – make them strong, random, and original. No sense in creating one strong password and then using it for every web site you know.

3. Sign up for alerts. Most financial institutions provide email or text alerts when certain things happen with your account – a transfer is attempted, an ATM withdrawal is made, or a check more than a certain amount is presented. Sign up for these alerts because they can be your earliest warning that something’s not right.

4. Be very careful with the apps you use. Apps are great, especially if they’re free. But apps are the wild west of security, with little control over who makes and sells them, and how securely the code is written. So use as few apps as you need and only from trusted sources.

5. Think twice about mobile banking. While banking from your smart phone sounds like a great idea, it’s still in its infancy and new security holes are being discovered daily. If you’re not completely confident about the security of your smartphone, stick to doing your online banking from a computer you do trust. Or at least trust a little more.

6. Don’t access your bank account over a public Wi-Fi network. It’s very easy to snoop on any computers using Wi-Fi networks in places like coffee shops and hotels. So much better to wait until you get home before checking your balances or paying bills.

7. Limit access to your computer. The fewer people who have access to your computer, the less risk you have of compromise. So it might be smart to ban family members from using the computer you use to bank online. That way, you won’t be at risk from their mistakes or bad habits.

8. Consider using a separate computer just for online banking. That’s the advice of the security expert who discovered the first banking Trojan a couple of years ago. If you use a separate computer just for online banking, you reduce the risk of malware sneaking on to your computer through drive-by downloads, infected attachments etc.

9. Use a keylogger prevention system, like PRIVACYPROTECT® which comes free with your IDENTITY GUARD® TOTAL PROTECTION(SM) membership, to protect your passwords from being snooped upon. Keyloggers are able to sniff and steal logins and passwords by monitoring what you type on your keyboard, but products like ID Vault allow you to bypass the keyboard and enter your login credentials using a virtual keyboard instead.

10. Take Facebook security very seriously. It’s not only an easy way for thieves to deliver the kind of malware that can steal your bank account login and password, it’s also a great way for thieves to find the answers to the most common “secret” questions – like the city you were born, your first pet, favorite teacher, and mother’s maiden name.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield welcomes Intersections’ Consumer Security Adviser Neal O’Farrell. In today’s article, Neal shares a victim’s story and brings home the point once again that damages caused by identity theft don’t always involve money.

I often hear from law enforcement that if identity theft victims are reimbursed by their banks or credit cards providers, and don’t lose any money, then they’re not really victims and shouldn’t expect much sympathy. And I also hear from victims that they wish they had lost some money, because if that was their only loss it could put an end to the nightmare that seems to go on forever.

The reality of identity theft is that the cases that involve things other than money are often the toughest on the victim. And that’s especially true when it comes to a stolen or forged driver’s license.

One case I’m currently working on involves an elderly victim in San Diego California who has been fighting to get her driver’s license back for three years. It turns out that a thief had been using the victim’s identity for more than a decade, and in addition to numerous new credit accounts opened, the thief had also racked up DUIs and other traffic offenses using the victim’s license.

According to the victim, the DMV was completely unsympathetic to her plight and her claims that she was the victim. The DMV repeatedly advised the victim that her record could not be cleared or her license re-issued until the identity theft case went through a police investigation and the courts.

Problem is, few police departments or courts are pursuing identity theft cases, and especially the smaller ones. And the victim’s local Sherriff’s department in California had already said they would not take on the case.

So that has left the victim in limbo, unable to drive a car or even cash checks. To add to the victim’s frustration, the thief has been caught and is in jail in Nebraska for numerous identity theft and fraud charges. Law enforcement and the DMV in Nebraska have been very helpful and sympathetic, and have provided letters confirming they have the thief and the victim does not appear to be responsible for the record on her driver’s license.

The California DMV still didn’t budge. And that’s when I got involved. My first step was to go to the California DMV web site to see if there was any information or service that could help in this kind of victim situation. Although this is a very common crime, and compromised driver’s licenses come up in nearly half of all id theft cases I investigate, I could find nothing on the DMV site that would help.

I finally found a number for DMV investigations, and that gave me some hope that at least I might be able to talk to the right people. The first investigator I spoke to was gruff and rude, and didn’t seem to want to help or even talk to me. Instead she gave me a couple of hotline numbers to call. As soon as a hung up the phone I called the numbers she gave me, and they were all out of service. Another dead end.

Undeterred, I decided to call another investigator office, this one closer to the victim’s home. To my surprise, this investigator was even ruder. She refused to answer my questions, constantly cut me off, tried to hang up, and told me she wouldn’t speak to me because I wasn’t a victim.

She asked if the victim has ever contacted the DMV before and I said she had, a year ago, but couldn’t remember who she spoke to or what number she called. Too bad, said the investigator. The victim would need to go back to the first DMV office she contacted and start the process all over again.

Not getting anywhere, I tried another tactic. What if I was just looking for “general” advice on what any victim should do in a case like this? The investigator curtly responded that it wasn’t her job to give out advice. Probably an understatement to say I was a bit steamed by now, so when the investigator tried to give me the same dud numbers her colleague had given me earlier, I demanded she find me a real number to call.

She put me on hold and eventually came back with a number for yet another investigator. I called right away and guess who picked up? Yet another incredibly gruff, rude, irritable and irritated investigator who was no more sympathetic and had no interest in speaking to me.

But he did give me the same advice. He suggested that the victim ask law enforcement in California to investigate the case and let the courts deal with it. Where have I heard that before? So when I mentioned causally that we all know that because of budget challenges law enforcement rarely investigates identity theft, just as in this case, the investigator assured me that I was completely wrong in that assertion and that law enforcement “always investigates identity theft.”

That’s where the discussion ended, but it was the clearest reminder of just how much out of touch the California DMV is with the crime of identity theft and the plight of victims. We’re now going to look at ways we can change this, and maybe encourage the DMV to look into its own investigator training. Even if they don’t learn anything more about identity theft, they might learn about the concepts of courtesy and customer service.

But there was some good news. We were finally able to get the victim in touch with a DMV office that would accept the documentation proving she was a victim, and promised to issue a new license in the coming weeks. Time will tell. But there’s little doubt that the DMV victimized this victim all over again, and for no other reason than indifference.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post on the Daily Shield, Intersections’ Consumer Security Advisor Neal O’Farrell shares some frightening stories of true identity theft. These are extreme cases, where criminals literally used the identity of unknowing victims.

In all of Larry Edward Smith’s 67 years, he had never had a criminal record or lived in California. But according to law enforcement, he had done both. And worse.

Turns out a career criminal from Auburn California had been using Larry Smith’s identity, largely undetected, for nearly 20 years. And over those twenty years he had racked up numerous arrests and convictions in his victim’s name, including drug offenses, welfare fraud, and forgery. In just one county alone, the thief has been convicted in seven separate cases, and in spite of serving time in a federal prison in the name of his victim, the authorities never spotted the mistake.

The impersonation spree apparently started a little more than eighteen years ago, when the thief managed to steal his victim’s Social Security number and immediately used it to assume a new identity in order to avoid arrest.

The thief was finally busted when his fingerprints came back to his real identity and not to his victim. But too late for the victim. According to media reports, the victim has had his tax refunds garnished, has been denied medical care, has had his driver’s license suspended, and even spent a week in jail for the crimes of his thief.

What’s most troubling is that this case is far from unique. In the same week, we learned that a former journalist who went to his local police department to pay a small fine for fishing without a current license was promptly arrested. Not for fishing though, but apparently because of warrants for drug charges.

Not only was he wanted for drug charges, the police notified him that he had in fact made it to Nevada’s 10 Most Wanted list. It took the journalist three days in jail before he was able to convince authorities that they had the wrong man. Turns out the real drug dealer had used his victim’s identity to evade capture, and remains at large.

And the theft of an identity doesn’t have to be complicated to cause great inconvenience and distress to a victim. Just last week I had to work on the case of a woman who received a ticket in the mail for running a red light. The photo that accompanied the ticket was of a different car and a different driver, and the victim wasn’t even in the state at the time.

But the registered owner of the car not only gave authorities the victim’s address, the thief also produced a real driver’s license that was an identical copy of the victim’s. Turns out the thief now rents an apartment where the victim lived more than three years ago. The victim now has to file a police report, complete an identity theft affidavit, gather her evidence, and take at least a day off work to appear in traffic court.

But under California law, the victim has to pay the $350+ fine first, if she wants to challenge the ticket in court, and then wait for the state to take its time to reimburse her. If she wins.

These and many more cases like them are a stark reminder of how identity theft can haunt victims for years after the crime, even when there’s no financial crime involved. And once in the criminal records system, victims can find themselves fighting an endless battle, and often multiple arrests, as one moment of bad luck ends up haunting them for life.

Want to learn more about identity theft and fraud protection?

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield is once again pleased to publish this article by Intersections’ Consumer Security Adviser, Neal O’Farrell.

If you do bad things, bad things can happen to you. It’s a common worry, or maybe superstition. But it does seem to bother consumers who have opted to pirate software instead of ponying up for the real thing.

Microsoft just released the results of a major worldwide study into the practice of software counterfeiting, and consumer attitudes to the risks counterfeiting can create.

According to the study, most consumers agreed that using counterfeit software was not a smart or safe idea, and that identity theft was one of the top concerns. And rightly so. We’ve been warning consumers for years that pirated software is a favorite tool for crooks who are easily able to hide all kinds of malicious code in this software. And as data stealing malware has become more sophisticated, the threat has become far more serious.

But back to the study:

• 85% of consumers polled worldwide have a range of concerns about the risks of using counterfeit software.

• 70% said they believe genuine software is more secure, more stable and is easier to keep up-to-date.

• 75% of consumers agree that they need ways to protect themselves from inadvertently buying counterfeit software.

According to Microsoft, more than 300,000 consumers have provided the company with information chronicling their experience with fake or pirated software, in many cases finding the software laden with dangerous viruses.

Here are just some of the user experiences provided by Microsoft:

• “The product came from another country and once installed, it caused my computer to crash, which will now only run in Safe Mode. When Safe Mode appeared, the Validation notification said it no longer had a VLK number. It looks like the real thing, but does not work!”

• “When beginning to load, a message appears saying, ‘Trojan virus continued’ and at the end, a message appeared saying, ‘copy US invalid.”

• “The disc I ordered online arrived shrink-wrapped and looked good, but then it wouldn’t validate. I checked out the How to Tell website, and even though it was hard to tell the difference between my counterfeit software and the real thing, I spotted a few signs that confirmed I was tricked. If I had checked that site before I bought the software, I would have saved a lot of time and money.”

Of course not all counterfeit software purchasers do so deliberately. It can sometimes be very difficult to tell the difference between fake software and the real thing, and many victims don’t realize their software is pirated until they have problems validating it.

But there are a few clues you should watch out for that could be warning signs of a counterfeiter at work:

• The most obvious clue is price. If an individual or business offers to sell a brand new, unopened copy of a software program that normally retails for $300, for the knock-down price of just $39.99, it’s probably a very good sign the software is not legitimate.

• Auction web sites are a notorious marketplace for pirated software, so you should avoid buying software on these sites if at all possible.

• If you’re offered software that comes on discs but with no packaging or manuals, it may be another good sign that someone is simply copying the software on to new discs.

• Peer-to-peer (P2P) networks or other file-sharing technologies are also a popular trading post for software pirates, so you might want to stay clear of these too.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield is once again pleased to publish this article by Intersections’ Consumer Security Advisor, Neal O’Farrell.

If you’re still not convinced that it really is a bad idea to post any  suggestive images or videos of yourself on Facebook or any other  online site, or even just email them to friends, maybe this tangled tale  will help change your mind.

A hacker was recently arrested in California after the FBI, California  Highway Patrol and many other agencies concluded their  investigation into a very strange case that included hacking,  impersonation, extortion, and even child pornography.

The accused hacker started his attack by simply trawling Facebook pages looking for women he could target. Once he had identified his targets, and engaged them in online conversation, he approached their email service providers, pretending to be his victims, and guessing the answers to the security questions was able to access their email accounts, change their passwords and lock out the victims from their own accounts.

Now he had complete access to all their email messages and everything the victims had ever sent or received. And apparently in many cases that included nude or semi nude photographs and videos the victims had previously exchanged with friends.

Armed with this treasure trove of potentially embarrassing information, the hacker began the process of threatening and humiliating his victims in complying with his sordid demands. Because he had access to their email accounts, the hacker sent the images to everyone in the victim’s email address book and threatened to post the images more widely – unless the victims agreed to send him even more explicit images of themselves.

A number of victims are believed to have complied with his demands, and in some cases the hacker even posted the stolen images on public web sites, including Facebook. When he was arrested, investigators found more than 3,000 email profiles on his computer, suggesting that the hacker was planning a very large and long campaign of extortion. By the time of his arrest he had already targeted an estimated 170 victims. Investigators also discovered more than 1,000 images and 50 child pornography videos on his computer.

This case is by no means unique and should be a clear reminder that if you ever take very personal photographs or videos of yourself, don’t assume that it’s ever safe to post them on Facebook (or anywhere else online) or send them by email.

It’s also a reminder of just how easy it can be for a complete stranger to guess the answer to your secret questions, take over your email account, and wreak havoc on your life.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

To learn more about how phishing scams work, and to learn how to spot common phishing schemes, check out this About.com article: How Phishing Scams Work.

If you receive a suspicious email, report it. You can send it to the US Federal Trade Commission at spam@uce.gov.

Here’s our recap of recent phishing attacks and online scams.

Cisco Security reports that the largest drive-by malware attack on record is targeting LinkedIn users. According to Cisco Security systems officials, cyber spammers sent out a barrage of emails beginning at 2AM on September 27, 2010.  According to officials, the email included embedded links which, when clicked, would redirect the user to a page that stated “PLEASE WAITING…. 4 SECONDS,” before again redirecting to Google’s home page. “During those four seconds,” says Cisco’s security blog post, “the victim’s PC is infected with the ZeuS data-theft malware via a drive-by download.” After embedding itself within the user’s web browser, ZeuS focuses on capturing login credentials and passwords, which in turn can be used to access the user’s personal accounts (financial or otherwise).

For the third time this year, a Blacksburg, Virginia bank has reported a phishing scam targeting its’ customers. Customers from the National Bank of Blacksburg, which operates 25 branches in Southwest Virginia, reported receiving text messages asking for personal information.  Bank CEO James Rakes stated in a press release that, like most banks and financial institutions,”National Bank does not solicit customer information by e-mail, phone or text message unless in response to a customer request.” Customers who receive such text messages should report it to their local branch.

Students at Washington State University have been targeted by an email phishing attack.  According to university officials, this type of attack occurs every semester as criminals attempt to capture personal information from students and faculty. In an annoucement to students, faculty and staff, official say “the best solution is not to click on links provided by a questionable e-mail, and never respond to online requests for personal information, according to the WSU News release. If anyone on campus has already become a victim of a phishing scam, they are welcome to visit the ITS Help Desk or call (509) 335-4357 for assistance.”

The email security firm Websense reports that a phishing email targeting Skype users is spreading across the Internet. According to Websense, the purpose of the attack is to trick users into disclosing personal information like credit card information, name etc.  This particular email attack is especially malicious as it appears to be coming from Skype and it also presents the user a payment page that pretends to be a URL using SSL (Secure Sockets Layer) for secured payment.  Please be alert and don’t provide personal or banking information through emails that appear in your email in-box!

And in a particularly brazen act, law enforcement officials in Michigan have shut down a business claiming to be a credit union after banking officials charged it was actually a bold scam designed to steal money and identities.  These criminals were posing as a legitimate business in order to get personal information from prospective customers that would be used in identity theft.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield is pleased to republish the following article that appeared on ID Guardian. It was written by Neal O’Farrell, Intersections’ Consumer Security Advisor

If you ever get a phone call from the Federal Deposit Insurance Corporation, or FDIC, you shouldn’t just be surprised, you should be very suspicious too. And maybe hang up. Trust me, the FDIC won’t be the least bit offended.

Most people probably haven’t heard of the FDIC, or at least don’t really know what the organization does -  it’s an independent agency created by Congress to maintain stability and public confidence in the nation’s financial system, and may be best known recently for its involvement in stabilizing troubled financial institutions.

Apparently scammers are using that publicity to try to con and even threaten unsuspecting consumers into paying on loans they know nothing about.

The FDIC recently issued a warning about a spike in complaints from consumers claiming to have received calls or emails from the FDIC demanding payment on a delinquent loan.

The scammers are exploiting the ongoing shake-up in the financial industry, as banks merge, some are taken over by others, and yet others are closed down. They may claim that they are trying to collect on a loan from a recently acquired bank, and threaten fines or even lawsuits if the target doesn’t make an immediate payment – usually on the spot, over the phone, with a credit card.

What’s more troubling is that in order to convince the recipient of the call that the scammer is genuine, they may even provide private and confidential information about the victim being targeted, including their Social Security number.

This means the caller already has access to the recipient’s personal information, probably stolen, and so the recipient of the call may already be a victim of identity theft.

The FDIC wants to remind everyone that they never call or email consumers, for any reason, and they are not responsible for collecting loans, payments, or fines from consumers.

If you receive such a call or email, just hang up or delete. If the caller appeared to have personal information about you, you should immediately check your credit reports for any discrepancies, and consider either placing a freeze on your reports or constantly monitoring them for any future abuse.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

Today’s post comes from Neal O’Farrell, Intersections’ Consumer Security Advisor.

Security firm Panda recently announced that the Nigerian 419 scam ranks among its top picks for scams – not for this year, but of the decade. In case you need a reminder, those are the often comical solicitations, usually by email, that wish to information in eloquent but faulty English that you are the beneficiary of a vast fortune from an African cousin and only need to complete some routine paperwork in order to inherit what’s rightfully yours.

In other variations, the emailer is a US soldier serving in Iraq who has stumbled across a small fortune in US dollars hidden in one of Saddam’s many palaces, and wants your help to get it back to the US.

These are called advance fee frauds, because the scammer usually tries to drip money out of the victims, in bogus fees, before the victims can get their hands on the non-existent fortune.

Anyone reading these ridiculous emails could be forgiven for wondering what kind of person would even fall for such an obvious scam. The answer may be found in the words of one of the thousands of scammers plying his trade.

A recent prosecution of a Nigerian 419 scammer by a Connecticut court revealed how easy it is for poor, uneducated thieves, with little more than access to the internet, to make more than $1 million from this scam.

The scammer is a Nigerian citizen who came to the United States to make enough money to retire on. Between 2004 and 2009, he and his partners targeted thousands of email addresses at random, in the expectation that if they were able to bait just a handful of the most gullible, the risks would be worth it.

Court documents showed that the gang often shared information on known “mogus” – a slang for fools – who had been tapped repeatedly for many years and who regularly fell for the scheme.

In many of these cases, the thieves target the elderly. Once the victims lose the first payment they make, they often become desperate and continue to make more payments in the hope they will eventually get all of their money back. But they never do.

Personally I know of one elderly gentleman who has lost more than $1 million to these thieves, and I’m currently working with one couple who now receive almost weekly calls from a man with a thick Nigerian accent who claims to be from the US Department of Grants and wants to deposit a stimulus check into the couple’s bank account.

This kind of harassment is not uncommon. Once the scammers hook someone they believe may be vulnerable, they don’t let go. This particular scammer admitted to calling one victim more than 1,200 times over a two-year period – an average of nearly twice a day, every single day, for two years.

There’s plenty we can do to educate and warn consumers about this kind of scam. What’s tougher is addressing the inherent greed that still traps many.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

Sheer luck uncovers plot to steal the identities of kids fighting cancer.

As any cop will tell you, there’s no such thing as a routine traffic stop. You always have to be prepared for surprises, and a simple traffic stop in New Jersey might have thwarted a heartless scam focused on the identities of young cancer victims and their parents.

When cops in New Jersey pulled over a white Infiniti for some unnamed traffic violation, they ran the license plate and quickly found it had been purchased in the name of a victim of identity theft.

Apparently the two conspired to join forces and pool their knowledge to file more than 100 bogus tax returns in the names of patients whose medical records had been pilfered. As if that wasn’t heartless enough, in their scam they included as dependents the children of these victims, some of whom were fighting cancer.

Lessons learned?

• Your kids are just as vulnerable as you are. Some would say more vulnerable, because unlike you, they can’t protect themselves.

If you are interested in online safety for your children, we invite you to join our Facebook group, “Keeping My Kids Safe Online.”

Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

To learn more about how phishing scams work, and to learn how to spot common phishing schemes, check out this About.com article: How Phishing Scams Work.

If you receive a suspicious email, report it. You can send it to the US Federal Trade Commission at spam@uce.gov.

Billionaire Donald Bren targeted in $1.4-million ID theft. A man who looks nothing like the Orange County real estate magnate allegedly opened accounts in Bren’s name and deposited a tax-refund check stolen from Bren.

Online identity thieves pose as IRS agents. The Internal Revenue Service says taxpayers should be on guard for identity thieves who use many methods to steal personal information that is used to file tax returns for refunds

Fake BBB triggers malware attacks. The Better Business Bureau said a fake complaint scam disseminated to businesses nationwide has begun appearing in Omaha, NE.

Gamers beware: Scammers are attempting to steal StarCraft II accounts by way of a phishing scam

Cell phone phishing scam hits Long Island, New York area. The text messages are designed to trick the receiver into divulging personal information.

If you are interested in online safety for your children, we invite you to join our Facebook group, “Keeping My Kids Safe Online.”

Learn more about the flexible and innovative solutions from IDENTITY GUARD®.