Catching Credit Card Thieves Before They Cash Out

 

How cool would it be if you could get an alert any time somebody was trying to fraudulently use your credit card account?  Well guess what?  That technology already exists.   You just need to turn it on.

Hi, I’m John Sileo and we’re bringing you this episode of Sileo On Security from Opryland, Tennessee.  So what are account alerts?  An account alert is when your credit card company or your bank alerts you if there’s been any action on your account whether you’re spending on your credit card or transferring money/withdrawing money from your account.  That way if it’s fraudulent you know it right away and if it’s legitimate you don’t have to do anything about it.

Why do account alerts even matter?  Well, first of all, they let you know automatically, without you doing any extra work if someone is spending on a credit card that’s not you, that’s not legitimate.  If they’re transferring out of your bank account or withdrawing out of your bank account when it’s not you or if they’re transferring between accounts.  So you get an automatic alert anytime it’s legitimate and anytime it is illegitimate, and it’s those illegitimate ones that you shut down immediately by calling your bank.

Setting up an account alert is simple.

Number one: you go to the website of the bank or credit card company you’re setting it up with.  So let’s say it’s BankOfAmerica.com.

Number two: in their search toolbar you’re typing the words “account alert” or “account alerts” and it will take you to that page on any good banking or credit card website where you can automatically set up those alerts, where it explains it to you.

Number three: when you set up your alert, set it for a threshold that makes sense.  For me, I set it up for a dollar and above.  If somebody spends a dollar or above I get an automatic alert.  I get a text so that I see it on my phone right away when it happens.

My challenge to you right now is to go and set up one account alert on your most valuable account whether that’s a bank account, a credit card account or an investment account.  Go in and Google the words “account alert” or “account alerts” (in quotes) and then the URL address of that bank or credit card company.  If it’s Bank of America, put in “BankofAmerica.com” and (in quotes) “account alerts” so that you go directly to the page where they tell you how to set it up for that specific account.

All data protection isn’t about prevention; some of it is simply about detecting the fraud very quickly and shutting it down very quickly.  That’s exactly what automatic account alerts do.  They shut it down before the thief has time to spend large amounts of money in your name.  For Sileo on Security here in Nashville, Tennessee, thank you so much.  We’ll see you on the next episode.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Stop Credit Card Thieves in the Act

, ,

Setting Up Account Alerts Can Help Protect You From Fraud.

Did you realize that you can have your credit card company and bank notify you anytime there is activity on your account? This tool makes it very easy to catch fraud before it stings your wallet.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Chip and PIN Credit Cards Finally Explained

, ,

Chip and Pin Credit Cards Lower Fraud by 700%

Chip and Pin Credit Cards

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • It will take at least 5 years for Chip and PIN (or EMV) transactions to make up the majority of retail card processing in the U.S.
  • Most large retailers are likely to implement Chip and PIN technology over the next two years
  • Other technologies, like mobile or electronic wallets (e.g. Apple Pay), could become the preferred payment method over Chip and PIN card technology due to their ease and advanced security.
  • Although Phase 1 (Chip and Signature) will prevent credit card fraud by making credit cards harder to clone, it WILL NOT make them harder to use if they get into the wrong hands. Therefore, continuing to closely monitor our accounts and personal information will help you avoid becoming a victim of fraud.
  • Phase 2 (Chip and PIN) WILL make credit cards harder for thieves to use, which is even more reason to support the transition to the new technology.

John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Cyber Security Expert Sileo on Check Fraud Scams

A new check fraud scam has reached the Front Range.

It involves a sizable check that arrives in the mail that, once cashed, can make you an accomplice in a money laundering scheme.

I recently appeared on 9 News to address the concern of a suspicious viewer, Martha, who had received such a check in the mail for $2,240.00. It was drawn on the Brown-Forman Employees Credit Union of Louisville, Ky.

The check came with a set of instructions:

No. 1: Have the check cashed at your bank.

No. 2: Pay yourself $300 after cashing the check.

No. 3: Take the rest of the funds to the nearest Western Union and transfer that balance to an address in San Diego.

Incredibly, the check is not a fake.  These are actually real checks, with real money attached to them, and you do get money in payment at the end. But you do have to do a little work for the cash. Martha was told that while making the transfer at Western Union, she was to observe how long it took to get service and if the customer service was professional. This is a ploy to make her believe she was actually doing some sort of job. In fact, had Martha followed through, she would have been committing a crime.

What they are doing is laundering illegal stolen money. They’ve gotten it through another breach like the Home Depot breach or the Target breach. They’ve gained all of this money, but they don’t want it to be tracked. So they send you a legitimate check, and they have you cash it because they don’t want to be traced to that money.  You then get to keep a part of the proceeds, say $300 of the $2,500, and you send off the remainder to them. They now have laundered money in a legitimate check that you have given them.  But you would be the one that’s held for the crime.  

Keep your “Hogwash” radar on high alert if someone wants to give you money out of the blue.  As always, if it seems to good to be true, it probably is!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Mark K 9 News

8th Day: What to Give the Person Who has Everything (and Wants to Keep it!)

,

Holiday Security Tips: On the eighth day of Christmas, the experts gave to me, 8 scam detectors

Most of us are too busy to monitor every form of identity that is at risk. Unfortunately, victims usually get hit when they take their eye off the ball.

 Solution: Purchase a comprehensive identity monitoring service

While a partridge in a pear tree may have been appreciated in 18th century England, it’s not a very coveted item these days!  Instead, help out the ones you love (and yourself!) by giving the gift of identity theft monitoring.

Traditional credit monitoring (which you can do for free at AnnualCreditReport.com) only detects a portion of identity theft. The remaining theft occurs as a by-product of non-credit loan activities (pay-day loans, etc), shared public records (court cases, real estate transactions, government filings, etc.), Internet trading sites (bought and sold on rogue websites), or in relation to medical or criminal records. It is important to monitor these forms of potential identity theft as well as your credit file. The key here is convenience; if you don’t have to do much to monitor a large portion of your identity, the work goes down while peace of mind increases. Make sure that your monitoring service has at least the following features:

  • 3-in-1 Credit Monitoring from each of the bureaus (Experian, Equifax, TransUnion)
  • Court & Public Record Monitoring
  • Non-credit loan monitoring like pay-day loans
  • Internet Surveillance for the buying and selling of your data
  • Sex Offender Reports to make sure crimes aren’t being committed in your name
  • Identity theft insurance to cover costs if you are affected
  • Identity theft restoration services to save you time

Forget the fruitcake; buy them something they’ll truly appreciate and remember long after the holidays! On the ninth day of Christmas…

To review our tips from previous days, click here.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Is Home Depot Data Breach an Example of the “New Normal”?

,

Home Depot Data Breach Exposes Our Growing Complacency

When Target suffered a data breach back in December of 2013, you couldn’t look at a news source without seeing a new story about it.  Yet when the Home Depot data breach was revealed recently, it received almost a ho-hum reception in the news.  This, even though, it was the biggest data breach in retailing history and has compromised 56 million of its customers’ credit cards!  It seems we have come to expect these data breaches to the point where we have become almost complacent.

Consumers, like the companies that breach our data, have become apocalyptic zombies, staring unquestioningly forward as we are attacked from all sides.

Even scarier is that it appears the retailer itself had become complacent. Former members of Home Depot’s cyber security team said the company was slow to respond to early threats and only belatedly took action.  It used outdated Symantec antivirus software from 2007 and did not continuously monitor the network for unusual behavior, such as a strange server talking to its checkout registers. These are security oversights that most companies eliminated 5 years ago!

Another issue is that Home Depot performed vulnerability scans irregularly and often scanned only a small number of stores.  The former employees say that more than a dozen systems handling customer information were not assessed.  Home Depot has defended its actions saying that they have complied with industry standards since 2009 and those standards included an exception from scanning store systems that are separated from larger corporate networks.

This brings up a great point: Compliance with laws doesn’t equate to security for customers. And customers leave because of security breach – they could care less about compliance mumbo jumbo.

Yet another smudge on their record is they hired a security engineer, Ricky Joe Mitchell, who had been fired from his previous job.  In April, he was sentenced to four months in prison for disabling the computers for a month at that former employer.

After the Target breach, Home Depot brought experts in from Voltage Security, a data security company that introduced enhanced encryption that scrambled payment information the moment a card was swiped in some of its stores.  However, by that time it was too late; hackers had been stealing millions of customers’ card information and had gone unnoticed for months. The rollout of the company’s new encryption was not completed until last week.

Home Depot has just become a perfect case study of all of the ways that a corporation can fail to protect itself from breach. They make Target look like rocket scientists. In the meantime, those of us who are customers continue to pay their price for their ignorance and inability to take responsibility for their data.

John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Anti-SPAM Software

I mentioned anti-SPAM software on a 9News piece regarding email scams and ways to avoid them. The anti-SPAM software that I use (and get paid nothing to mention) is called SpamSieve for Apple devices. In the future, I will review anti-SPAM software more comprehensively.

Latest Tax Scams "Target" Data Breach Victims

,

irs scam alertIt’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014.  They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name.  Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.

KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each.  This data is being sold in hundreds of online “stores” advertised in cybercrime forums.  A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.

The twist this year is that telephone scams are being linked to the breaches as well.  There are many variations, but most involve criminals contacting a victim saying they are from the IRS and that money is owed.  They know the victim’s personal information such as Social Security numbers (from the stolen breach data), so it is very convincing.  They may demand payment be sent immediately, threatening anything from arrest to driver’s license revocation if non-compliant.

Then here’s the kicker, there is often a follow up call supposedly from the local police department or the state motor vehicle department (with realistic numbers on the caller ID using a “spoofing” technique) to scare the victim into action even more.  So far victims in nearly every state have fallen prey to this scheme to the cost of more than $1 million.

To read more about the characteristics of these scams and how to avoid them or get help if you think you’ve been a victim of this hoax, visit the IRS website.  In the mean time, remember what IRS Acting Commissioner Danny Werfel said in a press release: “Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer.”

Also remember to guard well your personal information.  This tax scheme is just one example of how obtaining your personal information from one source makes it easier to socially engineer you in another way.  Be wary to be on the safe side!

John Sileo   [ Expert in the Art of Human Hacking ]

At The Sileo Group we make security sticky, so that it works.
We specialize in humorously-interactive keynotes that inspire human
 responsibility around privacy, technology and business risk. Interested?
Watch John engage and change an audience at the Pentagon, discuss
ID theft on the Rachael Ray Show or just listen to our satisfied clients.

303.777.3221 | Social Engineering | Identity Theft | Mobile Technology | Internet Privacy

“Jaw dropping content laced with laughter.”  – Homeland Security

Target Data Breach Touches 40 Million In-Store Shoppers

, ,

If you are one of the 40 million customers who have used a credit or debit card at Target stores in the United States between November 27 and December 15, you’d better start checking your accounts for fraudulent activity.  Target confirmed that the data stored on the magnetic strip of cards (customer names, debit or credit card numbers, and card expiration dates) were taken, along with the three-digit security codes  (CVVs) often imprinted on the backs of cards.

The type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines.  Only in store purchases are at risk, so online shoppers need not worry.

Target spokeswoman Molly Snyder would not comment on how customers’ data were stored or encrypted prior to the attack, saying that would be part of the ongoing investigation.  Target immediately notified law enforcement authorities and financial institutions, and the issue is being investigated by the Secret Service and a third-party forensics firm.

This breach is one of the largest ever of American consumer data, nearly matching that of TJX (TJ Maxx and Marshalls stores), which experienced a data breach in 2007 that affected more than 45 million customers.  2013 has been a particularly bad year for breaches overall.  Overall, one in four Americans have been told that some personally identifiable information has been lost or compromised because of data breaches, according to a recent report from Experian, and the pace of attacks is expected to continue rising through 2014.

In a letter sent to Target customers, Target officials say those who have noticed irregular activity on their accounts should call the firm at 866-852-8680.  In addition, all Target shoppers should:

  1. Review their credit card activity online on a daily basis to monitor for suspicious activity.
  2. Set up automatic account alerts with your credit card provider to quickly detect any misuse of cards.
  3. Visit AnnualCreditReport.com to see if there are any newly established, fraudulent accounts set up.
  4. Cancel your credit card if they notice any suspicious behavior. If it’s a debit card, I would cancel it no matter what given that it connects directly to your bank account. Make sure to transfer balances, miles and to switch any auto-pay accounts to the new card.
  5. Freeze your credit with the 3 credit scoring bureaus.
  6. Consider ID Theft monitoring services to help you keep track of abusive behavior of your information online.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.