In our post today, Intersections’ Consumer Security Adviser, Neal O’Farrell shares his insights on the recent identity theft report released by Javelin Strategy & Research.

Hackers, identity thieves, and scam artists follow the crowds. This is why there are more attacks targeted at Windows PCs instead of Macs, and endless scams focused on social networking sites like Facebook and Twitter.

With so many people relying on increasingly powerful smartphones, this may be the new battleground for your information and identity. A new report may provide the first hard evidence. Just last week, Javelin Strategy and Research released their ninth annual Identity Fraud Report which provides the most comprehensive and detailed look at the current state of identity theft.

The news wasn’t good. The study found that in spite of a significant drop in the number of identity theft victims in 2010, that might have just been a temporary blip, because in 2011 the number of identity theft victims in the U.S. spiked back up to more than 11.6 million – possibly the highest on record.

One of the more interesting facts revealed by the report was the heightened vulnerability of smartphone users to identity theft. The survey found seven percent of smartphone owners were victims of identity fraud, which was nearly 30% higher than the general population.

The report attributed this increased exposure to a number of reasons. For example:

• 32 percent of smartphone owners do not update to a new operating system when it becomes available.

• 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost.

• 32 percent save login information on their device.

According to James Van Dyke, president and founder of Javelin Strategy & Research “The study found specific opportunities for improvement. Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes.”

Identity thieves have plenty of opportunities when it comes to attacking smartphones. There are estimated to be more than 200 million Android phones and tablets in use today, with another 700,000 being added every single day.

Every day, users of those devices are downloading some of the nearly 500,000 apps that are available for Android devices. With those apps come lots of data-stealing malware. A company called NQ Mobile says it discovered more than 22,000 instances of mobile malware in 2011, Google saw a 40% increase in potentially malicious apps in its own Android market, and Juniper Networks saw a 150% increase in mobile malware in 2011.

There are some simple steps you can take to protect yourself:

• Keep to a minimum the amount of personal information you keep on your smartphone.

• Password-protect your device.

• Be careful and selective about the apps you download.

• Consider using one of the free apps that will help you find, disable, and backup a lost or stolen phone.

• Consider using one of the growing number of free security apps that can protect your smartphone from malware and malicious apps.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

The IRS recently released its annual list of the “Dirty Dozen”, the top twelve most common scams the IRS detects each year. And it is no surprise that identity theft and fraud take the top three places.

According to the IRS, many of these schemes hit a peak during filing season as people prepare their tax returns. “Taxpayers should be careful and avoid falling into a trap with the Dirty Dozen,” said IRS Commissioner Doug Shulman. “Scam artists will tempt people in-person, on-line and by e-mail with misleading promises about lost refunds and free money. Don’t be fooled by these scams.”

The following is the Dirty Dozen list of the tax scams to watch out for in 2012:

1. Identity Theft

2. Phishing

3. Return Preparer Fraud

4. Hiding Offshore Income

5. “Free Money” from the IRS & Tax Scams Involving Social Security

6. False/Inflated Income and Expenses

7. False Form 1099 Refund Claims

8. Frivolous Arguments

9. Falsely Claiming Zero Wages

10. Abuse of Charitable Organizations and Deductions

11. Disguised Corporate Ownership

12. Misuse of Trusts

As you can see from the list, many of those threats are actually scams faced by the IRS and not consumers. And while anything that costs the IRS money costs taxpayers money too, many of these scams will not apply directly to you. But the top three are always something to worry about. And of course we have seen an increase in identity theft and fraud committed by tax preparers.

Dishonest tax preparers can be a very dangerous threat because they can possess so much personal and financial information about you, and perhaps hundreds or even thousands of others. The IRS offers some advice on the things a dishonest tax preparer might not do that should be a red flag:

• They don’t sign the return or place a Preparer Tax identification Number on it.

• They don’t give you a copy of your tax return.

• They promise larger than normal tax refunds.

• They charge a percentage of the refund amount as preparation fee.

• They require you to split the refund to pay the preparation fee.

• They add forms to the return you have never filed before.

• They encourage you to place false information on your return, such as false income, expenses and/or credits.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

It seems that not a day goes by when there is not a story about a major data breach in the news. And the reason for that is that in 2011, there were more than 400 major data breaches – more than 1 every day! In today’s article, Intersections’ Consumer Security Adviser, Neal O’Farrell breaks down the data breach and provides some helpful tips on what you can do to protect yourself should your records be compromised.

Ever wondered why there are so many data breaches and why they keep happening. In 2011 there were more than 420 reported data breaches, or an average of more than one every day. And some of these breaches exposed millions of personal and customer records. What’s more worrying is that in at least 80% of these breaches, Social Security numbers were exposed.

A security firm called Trustwave did an investigation of more than 300 data breaches and exposed some interesting statistics and trends that might help to explain why so many businesses keep losing our personal and private information:

• Personal customer records were the target of hackers in nearly 90% of the breaches.

• Surprisingly, the food and beverage industry made up the majority of investigated breaches (44%), followed by retailers at 33%. Normally the biggest targets for data breaches are educational institutions and healthcare but in this report they only accounted for a combined 2% of investigated breaches

• Also surprising was the focus by hackers on franchised businesses, where the local business is owned by individual business owners. More than a third of the breaches happened at franchised businesses.

• When malware was used in the attacks, it was only detected by anti-malware software in just 12% of the attacks – suggesting the thieves are easily able to get past the most fundamental security defenses.

• But perhaps not that surprising is that the most common password being used by these breached organizations was “Password1”

So how are the attackers breaching security so often and so easily? The report exposed another troubling trend – in more than three quarters of the breaches investigated the access point was traced to third parties, like suppliers, partners, and technology developers. This suggests that while an organization you do business with might be doing all it can to protect your personal information, all the hard work can easily be undone when the partners they rely on are not as focused on protecting you as they should be.

And in more than 80% of the breaches investigated, the biggest weakness identified was poor passwords. Weak passwords continue to be exploited by hackers and intruders, and in spite of endless education on the subject, for some reason employees continue to choose passwords that can be guessed or cracked in seconds. If the most common password found in these attacks was Password1 (it’s a default password that employees obviously couldn’t be bothered to change), it suggests that we shouldn’t give up on educating everyone about the need for stronger and smarter passwords.

And what fixes did the report recommend? The very first recommendation of their report was better user and employee education, saying “The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees can often be the first line of defense.”

What else can you do?

• Use this as a reminder to beef up your passwords. Imagine how you’d feel if your weak password was cracked by hackers and used to launch a costly attack on your workplace?

• Be vigilant and careful when paying at a fast-food restaurant. Security can be a big problem here because they have limited security, a high staff turnover, and often few background checks on employees. Consider using a credit card instead of debit card when paying at one of these establishments so you’re not giving hackers access to your bank account.

• Spread the word. If you believe in security, and the role of each of us has to play in protecting our little corner of cyberspace, then share that idea with others. If each one of us were to change just a couple of our bad computing or financial habits, these crimes would be much harder to pull off.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Your smartphone is more than just a phone – it’s a small, personal computer. And that makes it an attractive target for criminals and identity thieves. In today’s Daily Shield article, Intersections’ Consumer Security Adviser, Neal O’Farrell gives us the scoop on smartphone safety for the holidays. Our advice: Hang on to your smartphone this holiday season!

A smartphone is not really a phone, and that’s a fact you should keep in mind over the coming holidays. A smartphone really is an ultra-powerful, ultra compact computer with a phone thrown in for convenience. And it’s that computing power that has millions of users running their lives around that tiny, pocket-sized device. And why thieves around the world want those devices too. Maybe yours.

With power comes storage, for lots of personal and work information, and so to lose a smartphone could be the first step towards losing your identity. Which might explain why we’re seeing such a spike in the theft of smartphones, in public places and crowds and in broad daylight.

According to a recent study by the New York Police Department, of the 16,000 or so robberies reported in New York in the first ten months of this year, half involved mobile devices and most of those were phones. The iPhone is one of the most popular, accounting for more than 70% of phones stolen on buses and subways, and often snatched out of the hands of the user. And computers, MP3 players, and tablets were taken in nearly half the reported burglaries in the city.

There are a number of explanations for this trend. Personal tech gadgets have a good resale value and will fetch more money when fenced. And many thieves will steal a smartphone or iPad simply because they want one.

The smartphone and the iPad are the new wallets and purses, yet imagine if you sat on a busy subway with your wallet held close to your ear for everyone to see, while at the same time your mind is already home and sitting down to dinner? That’s just too much of a temptation for opportunist thieves.

But more thieves are turning to gadget theft as a way to steal the owner’s identity. Your phone alone could be a treasure-trove of information that thieves can use to piece together your identity, including:

• Personal and family information, including names and addresses, contained in email and texts.

• Personal, family, and work phone numbers

• Work information including computer logins and passwords.

• Financial information and financial apps.

• Location information that can tell the thief where you go and where you hang out.

• Downloaded books and music that clues the thief into your musical tastes.

• Photos of you, your friends and family that can help the thief identify you or impersonate you.

And while there are moves towards a national standard that will instantly disable a phone or device so it can’t be used with any carrier, thus turning into little more than a sleek brick, thieves are easily able to replace a SIM card in a phone and being using it immediately.

In a recent blog on CIO magazine, security writer Tom Kaneshige spoke about how as he sat on a train in San Francisco he got the eerie feeling that two passengers, aged only around 10 or 11, were paying just a little too much attention to him and his phone as they worked their way down the carriage in his direction. He trusted his instincts and put the phone in his pocket, and turns out he made the right decision. Minutes later the two kids snatched a phone from the ear of a passenger and dashed away into the rush-hour crowd.

As he said in his blog “Smartphone owners bury their noses into phone screens and plug their ears with earbuds, making themselves easy targets. Lost in our own virtual smartphone worlds, we’re just not aware of our surroundings anymore. Can you ask for a better victim profile?”

He added “As the holiday shopping rush ramps up, smartphone owners will be whipping out their phones more than ever. Smartphones in crowded places are becoming a common sight, as holiday shoppers tap the power of apps to keep track of Christmas gifts, get directions, compare prices, check into bars and restaurants.”

If you don’t want to gift your favorite phone to a complete stranger over the holidays, here are a few tips to keep in mind:

• Less is more. If you don’t really need to use your device in a public place, or you’re just bored, put it in your pocket and find some other way to distract yourself.

• Eyes up. If you’re using a phone or tablet on a train, a bus, subway, or park bench, keep an eye on the people around you so you’re not surprised by a quick grab-and-dash.

• Be especially vigilant if you’re on your phone on a busy street. It’s no uncommon for thieves to run past a target, snatch the phone from their ear and disappear back into the same crowd.

• Keep as little personal information as possible on your phone. Here’s a revolutionary idea – use the phone as a phone, and not a portable data locker. If your phone is stolen, your life doesn’t go along with it.

• Consider using one of the growing number of free apps, like Lookout, that will backup and restore your phone’s contents, disable your phone, and even help locate it if it’s stolen.

Keep informed about the latest threats to your safety. Join our Facebook group.

Fox 5 News DC recently interviewed Intersections’ Vice President Joe Mason. The topic? How to avoid credit card skimming. Check out the video below for his expert advice.

Experts Provide Tips on Avoiding Credit Card Skimmers: MyFoxDC.com

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell joins us today. In this article, Neal talks about a disturbing trend – the rise of gang activity and identity theft.

One of my greatest identity theft fears has been the involvement of other criminals in identity theft. By that I mean criminals who have traditionally focused on other crimes, like burglary, switching to identity theft because they realize that identity theft is a much better business opportunity and career path for them.

We do know that burglary and identity theft are already connected, because most burglars realize that a stolen Social Security number or birth certificate is worth far more than a stolen TV or jewelry. Not only is personal information worth more, it can be sold over and over again, and there’s far less risk of being caught. And of course drugs like meth have long been associated with identity theft, in part because in the early days of identity theft the chemicals used to wash stolen checks were also a key ingredient in the synthesizing of meth.

But what if more organized criminals, like street gangs or drug dealers, realized that there was more money to be made in identity theft than selling drugs on street corners? What if they switched business and moved en masse into identity theft? It could spark another massive escalation that would be very hard to stop.

Well, it seems that my worst fears are being realized. A few weeks ago I wrote about Operation Rainmaker, an identity theft scheme busted by law enforcement in Florida. The thieves may have netted as much as $130 million by using stolen identities to file fraudulent tax returns. The most disturbing part, apart from the fact that the thieves managed to pull off such a massive heist so easily, was that the thieves were street level drug dealers who took courses in how to use the internet to commit identity theft.

They realized that if they just learned some basic skills they could make much more money, with much less risk, if they focused on identity theft over drug dealing. Drug dealing is hard work and brings a lot of risk, from arrest to death. And the dealers almost always have to rely on other people – the distributors to provide them with the drugs, the sellers on the streets to move the “product,” and of course customers willing to buy from them instead of their competitors.

But with identity theft these dealers don’t need anyone else. They can commit the crime themselves from the comfort of their own home, there’s a lot less risk, and they don’t need partners or suppliers. Unless of course you count the stolen identities they exploit.

If more drug dealers come to the same conclusion, if could be good news for the fight against drug use but terrible news for identity theft. And signs are other criminals are catching on. According to an analysis just released by the FBI, “gangs are also engaging in white collar crime such as counterfeiting, identity theft, and mortgage fraud, primarily due to the high profitability and much lower visibility and risk of detection and punishment than drug and weapons trafficking.”

And according to the National Gang Intelligence Center (NGIC) many gang members are now using the Internet for identity theft, computer hacking, and phishing schemes. Earlier this year, law enforcement officials arrested dozens of members of the Armenian Power gang on a variety of charges that included including a $2 million credit card scam and a large-scale check fraud scheme.

The FBI estimates that there are around 33,000 known gangs in the United States, with nearly 1.5 million active members. If these gangs start moving seriously into identity theft and other frauds, there’s no telling how bad identity theft will become. And especially with law enforcement already stretched to the limit.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell uncovers the secret contained in the recent 2011 Microsoft Intelligence Report. What’s the secret? It’s the user’s fault!

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Neal O’Farrell talks about the importance of keeping on top of your own personal security. And there is no better time to do that than in October, which is National Cyber Security Awareness Month.

It’s October again and you know what that means. No, not just Halloween, although some of the stuff out there is beginning to get scary. It’s also National Cyber Security Awareness Month and a great time for you to review your security, take a close look at your personal habits, and make some of those changes you might have been putting off.

October should be “take another look” month because it’s a great reminder for you to take another look at some of the stuff you might be taking for granted.

Take another look at Facebook

• Have you changed your password recently? If not, do it now.

• Have you removed any personal information that might help a thief learn more about your background, like where you grew up, went to school, date of birth etc.?

• Have you hidden your mobile phone number on your Facebook page? Your bank may use that number to send you alerts and you don’t want thieves intercepting those alerts.

• Have you revisited your privacy settings lately? Because Facebook changes so much, you should check your settings regularly to make sure they’re still doing what you expect them to. Network World has a great slideshow entitled “Facebook Privacy: 11 settings to revisit now.”

Take another look at your computer and device security

• When was the last time you updated your anti-virus software, and is it set to automatically update?

• Have you checked that your anti-virus program is actually in place and turned on? Make sure that it wasn’t disabled accidently by another user or family member, or even by malware.

• Are you protecting valuable information on your computer or laptop with encryption? It’s a great defense against theft and hackers.

• Have you removed any apps from your phone and tablet that you don’t really need?

• Have you installed security software in your smartphone or tablet? Don’t forget that these devices can be just as vulnerable as your computers.

Take another look at your credit reports

• When was the last time you checked your credit reports? If it’s been more than three months, it might be time to check them again. Check your reports free at www.annualcreditreport.com.

• Are you using IDENTITY GUARD®? IDENTITY GUARD® provides one of the most comprehensive collections of security tools to protect your identity from all kinds of attacks and it works best if you take advantage of all its great features.

Take another look at your browser

• Have you updated it lately or set it to automatically update?

• Have you looked at the security of add-ons and extensions to your browser, and uninstalled extensions you don’t need?

• Have you thought about switching or upgrading to Internet Explorer 9 or IE 9? It has a host of new security features that can provide almost as much protection as desktop security software.

Take another look at your kids

• Are they on Facebook? If they are, have you talked to them about dangers and precautions?

• Have you created your own Facebook page so you can friend your kids and keep an eye on them?

• Have you set rules for what they can’t say and send on their phones and computers?

• Have you moved family computers to a family area – meaning no computers where you can’t see them?

Take another look at your passwords

• Have you changed the most important ones lately, like bank accounts, email, and Facebook?

• Have you moved from passwords to passphrases, to make it easier to create and remember complex passwords?

• Have you started using a password manager to keep all those passwords in a safe place?

• Have you talked to your kids or employees about changing and protecting their passwords?

Take another look at your bank accounts:

• Do you have a password management system, like ID Vault® or an anti-keylogger such as PRIVACYPROTECT®, on your computer to protect your bank logins and passwords from thieves?

• Have you opted for e-statements instead of paper statements, to protect your statements from being intercepted in the mail?

• Have you set up account alerts so that your bank or credit union can immediately notify you of any payments, transfers, or withdrawals?

• Have you changed your bank account password recently?

• Have you checked your statements for any unusual transactions?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In a recent report by the firm ID Analytics, more than 140,000 children across the United States were found to have been victims of child identity theft. The report supported other studies that have found the same troubling trend, as well as a growing awareness in the cybercrime community of the value of child identities and the ease with which they can be compromised.Today, the Daily Shield welcomes Steve Schwartz, Intersections’ Executive Vice President, Consumer Services. In today’s video presentation, Steve shares some thoughts on the growing problem of child identity theft.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell shares 10 very important tips that could help keep your personal and employment information out of the hands of cyber spies. Read on!

Could corporate spies be stalking you?

It’s been more than thirty years ago since I followed a surge in corporate spying in Ireland, where corporate thieves were being paid small fortunes to steal data from businesses, tap telephones, and even break into offices.

Fast forward thirty years and while the game remains the same, the players and tools have changed. And there’s clear evidence over the last few years that criminals, corporations, and governments around the world are targeting employees who may be careless with what they say or how they guard corporate secrets.

In a recent story in the Washington Post, business travelers heading to China were warned not to bring with them anything that might give competitors a competitive advantage. The Post warned that China, Russia, Israel and even France were hotbeds for corporate espionage, in many cases sanctioned by their own governments in an effort to give home-grown companies a competitive or technical advantage.

According to the Post “Travelers there often tote disposable cell phones and loaner laptops stripped of sensitive data. Some U.S. officials take no electronic gear. And a few corporate executives detour to Australia rather than risk talking business in a bugged Chinese hotel room.”

Corporate and personal data are the new world currency and the thieves will stop at nothing to get their hands on whatever data you’re carrying. As far as thieves are concerned, everyone has as story worth telling and data worth stealing. If they can’t use it themselves, they can still make money selling it to someone else.

And there have even been reports of governments placing bounties on the laptops of senior executives of a long list of companies, paying handsomely for any who steals and turns over these laptops.

The risks are two-fold: that in an effort to steal company data from you while you’re travelling, the thieves end up with your personal information and identity; and you become the unwitting backdoor through which corporate spies steal invaluable data that could do serious damage to the company you work for.

American identities are considered especially valuable on the black market because, in spite of the recession and credit crunch, it’s still relatively easy to access credit lines quickly if you have the basic identity information of the victim.

Here are ten ways you can protect your personal and employer information from the sticky fingers of cyber spies.

1. Travel “data light.” Take as little sensitive information with you, both corporate and personal. It means less for you to guard and worry about, and less harm if you fall victim.

2. Encrypt everything. Encryption is the best and easiest way to protect data that has been lost, stolen, or accessed by malware. Without the proper key the data is useless to the thief.

3. Watch your laptop like a hawk and turn your back on it down for a moment.

4. Think twice about using free Wi-Fi networks when travelling, and especially at conference venues and your hotel room.

5. Avoid bringing thumb drives with you or transferring information from your laptop to thumb drive when travelling.

6. Treat your smart phone like it’s a laptop and take as many precautions as possible. Store as little information as possible on it, use the password locking feature, and don’t leave it lying around.

7. Make sure you make regular online backups of everything that’s on your laptop and phone. If they’re lost or stolen, at least you’ll still have an accessible copy.

8. Practice safe computing. A common way to steal data and breach security is to target busy employees with emails, text messages, and Facebook messages that hide dangerous Trojans and other malware. Always be vigilant when clicking on any link or opening any attachment, but give everything double scrutiny and skepticism when you’re travelling.

9. Don’t leave files or data storage devices in your hotel room. Carry everything with you, even if it’s a little inconvenient.

10. Consider using a laptop or smartphone tracking system. It can help locate a lost or stolen device.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.