Posts

Fraud awareness training: Catch liars and keep your secrets safe

Some fundamental fraud awareness training can help in your everyday life: the next time someone’s talking about your information, watch their face.

We’ve looked at ways to combat electronic criminals, and while it’s true that cyber security is important, it’s also wise to stay alert when dealing with living, breathing people. There are many everyday situations in which your most personal information might be in the hands of a stranger, whether you’re making a purchase, confronting a possibly fraudulent employee or performing a bank transaction. In her book “Body Language Confidential,” author Traci Brown identifies many basic things you can do to check if someone is trying to scam you right in front of your face. 

Let’s start with the face. One key indicator is when a person rubs or scratches their face after being asked a question. This might seem like a fairly obvious giveaway, but you’ll be surprised how often you’ll see this little move in action. According to Brown, this is a physical reaction to lying, which raises the potential scammer’s blood pressure.

“When blood pressure increases, tiny facial capillaries dilate, causing [the liar] to itch,” Brown says. “When you see this, ask a few more probing questions to see if they frequently touch their face.” If they do, your antenna should go up alerting you to a possibly untrustworthy person.

Another sign is the covering of the mouth, which Brown says comes from a repressed desire to speak out. Fidgety hand gestures in general, especially around the face, are worth noting. 

It’s possible that an expert bluffer will know how to control this. But fraud awareness training tips like this can come in handy in unexpected ways – and you can see it in our media all the time. In the infamous Lance Armstrong interview with Oprah, for example, you can observe the cyclist early in the interview practically having to clasp his hands together to keep from touching his face. And just think how entertaining this bit of information will be as we watch politicians.

Of course, fraud awareness training is much bigger than just a few tics and hand movements. This is just a taste of  things worth keeping in mind when trying to determine if a person is trustworthy.

An expert in fraud awareness training can teach you other tricks that are just as applicable. Becoming an aware observer of humanity can be a vital tool both online and in person.

John Sileo is a fraud prevention expert and keynote speaker on fraud detection, data security and identity theft. His clients have included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Thieves could now be targeting your medical records

Businesses may already be rushing to protect their financial information, but other kinds of personal data are at risk, too. Case in point: medical records.

Big companies with huge profit margins might seem like the most attractive targets for identity theft and fraud. After all, what more direct way to get at your money? But there are other ways an outsider could infiltrate your personal data. Right now, security around healthcare information is a big concern, and fraudsters are lying in wait to pounce on gaps in the system.

Recently, the Montgomery Advertiser reported the story of National Guardsman Zane Purdy, who fell victim to a particularly nasty bit of fraud that cost him his high-paying job. Now he's a waiter making fewer than eight dollars an hour, barely enough to support his wife and two kids. Purdy's story is heartbreaking, and he's only one of the more than 800 people taken advantage of by the same criminal.

That criminal would be a woman named Angeline Austin, who stole information from the files of an Alabama medical center and sold them to another source. Austin has been tried and sentenced to nearly five-and-a​-half years in prison, but that still leaves a huge mess for people like Purdy to clean up.

This particular flavor of scam is becoming more common than you probably think. So far, almost 50 percent of the identity theft incidents reported to the Identity Theft Resource Center for 2013 concern medical organizations. Unless we increase our medical fraud prevention skills, the number could get even higher. 

For a digital hijacker, nothing is off-limits. Those who process medical records should take it upon themselves to incorporate proper fraud detection into their practices as soon as possible. Otherwise, we may be facing a nation of Zane Purdys who did nothing wrong but trust their health info to the unprepared. 

John Sileo is a medical security expert and keynote speaker on privacy, identity and fraud protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Inside fraud goes 'low and slow,' burns businesses for years

Most inside fraud is committed using the barbecue approach – “low and slow.”

A recent study conducted by Carnegie Mellon University’s CERT Insider Threat Center examined 80 instances of insider fraud. What researchers discovered is that the most damage to companies and their clients was done when criminals pilfered small amounts over extended periods of time. This makes it easier for them to evade detection and cause serious harm.

If you’ve never watched the Food Network, low and slow is the best way to cook barbecue. Really, it’s the only way. You get the juiciest meat and best flavor. When miscreants apply this approach to fraud, they get the same result. There’s no sudden flare-up that catches anyone’s attention and they can usually make off with more of your money than if they tried for one big score. Fraud detection efforts have to account for this if they are to be successful.

The study’s findings showed that it takes an average of nearly 32 months for a company to uncover impropriety on the part of a trusted employee. That’s almost three years of them defrauding both you and your clients. Furthermore, of the cases studied, the bottom half averaged $382,000 in terms of financial losses. The upper half registered an average of $479,000.

“As long as there are institutions that hold money, internal and external adversaries will make every attempt to subvert control mechanisms to illegally profit,” the study said.

The above statement is true, even though no one wants to believe that someone they trust would steal from them or their clients. But, if you close your eyes to the problem, someone is likely to steal the change right out of your pockets while you’re not looking. Fraud prevention has to be on every business’ radar. If it isn’t, imagine the monetary and PR damage that 32 months of illegal and malicious activity from within your own walls can do.

In the culinary world, low and slow makes for great barbecue. In the business world, it’ll just leave you burned.

John Sileo is a fraud detection and prevention expert and will be hosting a FREE Fraud Webinar on Thursday, January 31 at 2 p.m. EST.

Without fraud training, companies are guaranteed to go down for the count

Insider fraud struck again yesterday, this time resulting in charges being filed by the U.S. Securities and Exchange Commission (SEC).

According to the SEC, a former executive in the Stamford, Connecticut offices of a New York-based broker-dealer deceived clients when selling them mortgage-backed securities (MBS). He allegedly told them that his firm paid more for the MBS than it actually did, or made up a fictional seller and arranged supposed trades, when in reality he was selling out of his company’s own inventory at higher prices to bank a better profit.

In the SEC filing, the former exec was said to have swindled his clients and brought in nearly $3 million in additional profits. While the duplicitous activity went unnoticed for a time, his star rose within the company and so did his bonuses.

When news like this breaks, how long do you think it takes before other clients start to question the trustworthiness of the entire company? If one person was ripping people off, who is to say there aren’t more? Fraud awareness training is meant to prevent these situations from giving companies black eyes in very public ways.

And once that bell is rung, good luck trying to unring it. Now, rather than focusing on doing their jobs, everyone at that firm has to work double time to assure clients that they aren’t just like the guy who could be eating three squares a day behind bars for the next few decades.

Think of it like a bad food experience. If you got really sick after eating say, shrimp, you may end up feeling queasy every time you see or smell shrimp again. The same works in the business world, and the last thing you want is for people to get queasy when they hear your company’s name because of the actions of a deceptive employee – someone you thought you could trust.

John Sileo is a fraud detection and prevention expert and will be hosting a FREE Fraud Webinar on Thursday, January 31 at 2 p.m. EST.

 

Anti-fraud training critical to avoiding betrayal, losing trust of customers

The havoc wrought by insider fraud can have far-reaching consequences for both your company and clientele. Several recent examples have proven how damaging fraud can be in the financial sector. But, in truth, there isn’t a single industry today that can afford to forego implementing safeguards.

According to an article at online news source Bank Info Security, one such incident in Ohio earlier this month lead to the collapse of a credit union and a man being sentenced to 37 months in prison for loan fraud and money laundering. About a week prior, two former employees of Chemung Canal Trust Company Bank pleaded guilty to masterminding a seven-year embezzlement scam that cost the bank roughly $325,000.

Insider fraud, also known as friendly fraud, is a difficult topic for many businesses to tackle because it involves trusted employees betraying the companies they are supposed to be – and often appear to be – loyal to. However, the dangers are far too real to be ignored, and fraud detection must be a top priority.

When an employee commits fraud, there are obvious legal entanglements, not to mention the loss of money they’ve stolen. But, there’s much more to it than that. Not only will clients begin to question your company’s dedication to keeping their information secure and the safeguards you are willing to put in place, but they will also question your ability to assess your employee’s character. And if they cannot trust your judgment in hiring reliable individuals, how can they expect to trust you with their business and their money?

Companies must be proactive and pursue the most effective measures of fraud prevention, or face the uphill task of earning back the trust of their customers. Any business owner who has not strongly considered a fraud workshop to help bolster the company defenses should take a look at recent news stories and give it some more consideration.

John Sileo is a fraud detection and prevention expert and will be hosting a FREE Fraud Webinar on Thursday, January 31 at 2 p.m. EST.

7 Steps to Secure Profitable Business Data (Part II)

, , , ,

In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.

  1. Start with the humans.
  2. Immunize against social engineering.
  3. Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
  4. Eliminate the inside spy. Most businesses don’t perform a serious background check before hiring a new employee. That is short sighted, as much of the worst data theft ends up being an “inside job” where a dishonest employee siphons information out the back door when no one is looking. In the consulting work we have done with breached companies, we have discovered the number one predictor of future theft by an employee – past theft. Most employees who are dishonest now were also dishonest in the past, which is why they no longer work for their former employer.Strategy: Invest in a comprehensive background check before you hire rather than wasting multiples cleaning up after a thief steals valuable data assets. Follow up on the prospect’s references and ask for some that aren’t on the application. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work. More importantly, letting your prospective hire know in advance that you will be performing a comprehensive background check will discourage dishonest applicants from going further in the process (watch the video for further details). I personally recommend CSIdentity’s SAFE product, which is a technologically superior service to other background screen services.
  5. Don’t let your mobile data walk away. In the most trusted research studies, 36-50% of all major data breach originates with the loss of a laptop or mobile computing device (smart phone, etc.). Mobility, consequently, is a double-edged sword (convenience and confidentiality); but it’s a sword that we’re probably not going to give up easily.Strategy: Utilize the security professional mentioned above to implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after 5 minutes of inactivity and check the box that requires you to enter your password upon re-entry. This will help keep unwanted users out of your system. Finally, lock this goldmine of data down when you aren’t using it. Either carry the computer on your person (making sure not to set it down in airports, cafes, conferences, etc.), store it in the hotel room safe, or lock it in an office or private room when not using it. Physical security is the most overlooked, most effective form of protection.
  6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out. The problem tends to be that no one in the business uses it consistently.Strategy: Take a day to pretend that you are your fiercest competitor and sort through all of the trash going out your door for sensitive documents. Do you find old invoices, credit card receipts, bank statements, customer lists, trade secrets, employee records or otherwise compromising information? It’s not uncommon to find these sources of data theft, and parading them before your staff is a great way to drive the importance of privacy home. If your employees know that you conduct occasional “dumpster audits” to see what company intelligence they are unsafely throwing away, they will think twice about failing to shred the next document. In addition to properly disposing of new documents, make sure that you hire a reputable on-site shredding company to dispose of the banker’s boxes full of document archives you house in a back room somewhere within your offices.
  7. Anticipate the clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, noncompliant server farm, you will ultimately be held responsible when that data is breached.Strategy: Spend a few minutes evaluating your business’s use of cloud computing by asking these questions: Do you understand the cloud service provider’s privacy policy (e.g. that the government reserves the right to subpoena your Gmails for use in a court of law)? Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)? What happens if the cloud provider (Salesforce.com, Google Apps) goes out of business or is bought out? Is your data stored locally, or in another country that would be interested in stealing your secrets (China, Iran, Russia)? Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control? If you are bound by HIPAA, SOX, GLB, Red Flags or other forms of legislation, you might be pushing the edges of compliance.

By taking these simple steps, you will begin starving data thieves of the information they literally take to the bank. This is a cost-effective, incremental process of making your business a less attractive target. But it doesn’t start working until you do.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

 

Fun Fraud Detection Training

, , , ,

Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Fraud Training Step 1: The Trigger

The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of private information in any form (your identity, customer information, employee records, intellectual capital, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up identity, or to the paper, plastic, digital or human data where identity lives (whether it is yours or your organization’s), the trigger should trip and sound an alarm in your head.

There are hundreds of examples of fraud triggers in the workplace. Here are a few of the more common:

  • When someone is requesting information about you on Facebook, LinkedIn, etc.
  • When someone requests information about your company, computer login or co-workers in person or by phone
  • When you are clicking on a link in an email
  • When you are entering data into a website

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

Fraud Training Step 2: Hogwash!

Your team should be trained such that anytime their reflex is triggered, a phrase or picture automatically pops into their head, whether they actively think about it or not. If the word (also called a trigger) is a bit out-of-the-ordinary and the picture is humorous, you almost can’t help but noticing when it appears. The trigger that I use when I train is the word HOGWASH! Here is my definition of Hogwash:

Hog’wash |hôg’wô sh | n. 1. A gut reaction that someone is manipulating you for their own gain, or feeding you a line of bull in order to deceive you (e.g., I’ll just borrow your password for a short time); 2. Healthy skepticism that persists until the person requesting information from you proves they are worthy of your trust.

When the word Hogwash pops into your head, picture a pig feeding at a trough. Better yet, picture the person (who is requesting your information) feeding at a trough (the image is what makes it fun and memorable – don’t be afraid of the silliness – it works). As they provide legitimate reasons for needing the information and adequate reassurance that your data will be handled securely, they begin to rise from the trough. But don’t let them off the hook yet, because social engineers are masters at using your natural biases against you.

Fraud Training Step 3: Vigilance

When an outsider has access to your identity or critical business data, your trigger should automatically activate without thinking about it (Hogwash!). Your first response should be to heighten your level of observation, to become more vigilant. View the situation as a child would—with curious eyes. You can even borrow what we teach our children to be more aware in dangerous situations—Stop, Look and Listen:

Listen to your instincts. Ask yourself if your identity is safe. Is there a change in the environment that makes you uneasy or uncertain? What is your gut saying? Would a spy give away this information? Is the benefit you are receiving worth the data you are sharing? Be a healthy skeptic (i.e., not paranoid, but vigilant) of anyone who is requesting sensitive information. The final and most important step is to follow up with the right questions, or interrogate the enemy.

Don’t make privacy a policy, make it part of your culture. Start by engaging your troops, not putting them to sleep.

If you are interested in having John Sileo conduct fraud training or social engineering keynotes for your organization, contact him directly on 1.800.258.8076. His satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Trade Commission.

Fun Social Engineering Training?

,

Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Fraud Training Step 1: The Trigger

The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of private information in any form (your identity, customer information, employee records, intellectual capital, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up identity, or to the paper, plastic, digital or human data where identity lives (whether it is yours or your organization’s), the trigger should trip and sound an alarm in your head.

There are hundreds of examples of fraud triggers in the workplace. Here are a few of the more common:

  • When someone is requesting information about you on Facebook, LinkedIn, etc.
  • When someone requests information about your company, computer login or co-workers in person or by phone
  • When you are clicking on a link in an email
  • When you are entering data into a website

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

Fraud Training Step 2: Hogwash!

Your team should be trained such that anytime their reflex is triggered, a phrase or picture automatically pops into their head, whether they actively think about it or not. If the word (also called a trigger) is a bit out-of-the-ordinary and the picture is humorous, you almost can’t help but noticing when it appears. The trigger that I use when I train is the word HOGWASH! Here is my definition of Hogwash:

Hog’wash |hôg’wô sh | n. 1. A gut reaction that someone is manipulating you for their own gain, or feeding you a line of bull in order to deceive you (e.g., I’ll just borrow your password for a short time); 2. Healthy skepticism that persists until the person requesting information from you proves they are worthy of your trust.

When the word Hogwash pops into your head, picture a pig feeding at a trough. Better yet, picture the person (who is requesting your information) feeding at a trough (the image is what makes it fun and memorable – don’t be afraid of the silliness – it works). As they provide legitimate reasons for needing the information and adequate reassurance that your data will be handled securely, they begin to rise from the trough. But don’t let them off the hook yet, because social engineers are masters at using your natural biases against you.

Fraud Training Step 3: Vigilance

When an outsider has access to your identity or critical business data, your trigger should automatically activate without thinking about it (Hogwash!). Your first response should be to heighten your level of observation, to become more vigilant. View the situation as a child would—with curious eyes. You can even borrow what we teach our children to be more aware in dangerous situations—Stop, Look and Listen:

Listen to your instincts. Ask yourself if your identity is safe. Is there a change in the environment that makes you uneasy or uncertain? What is your gut saying? Would a spy give away this information? Is the benefit you are receiving worth the data you are sharing? Be a healthy skeptic (i.e., not paranoid, but vigilant) of anyone who is requesting sensitive information. The final and most important step is to follow up with the right questions, or interrogate the enemy.

Don’t make privacy a policy, make it part of your culture. Start by engaging your troops, not putting them to sleep.

If you are interested in having John Sileo conduct fraud training and social engineering workshops for your organization, contact him directly on 1.800.258.8076. His satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Trade Commission.

Fraud Training: Bored to Tears Yet?

,

Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Fraud Training Step 1: The Trigger

The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of private information in any form (your identity, customer information, employee records, intellectual capital, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up identity, or to the paper, plastic, digital or human data where identity lives (whether it is yours or your organization’s), the trigger should trip and sound an alarm in your head.

There are hundreds of examples of fraud triggers in the workplace. Here are a few of the more common:

  • When someone is requesting information about you on Facebook, LinkedIn, etc.
  • When someone requests information about your company, computer login or co-workers in person or by phone
  • When you are clicking on a link in an email
  • When you are entering data into a website

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

Fraud Training Step 2: Hogwash!

Your team should be trained such that anytime their reflex is triggered, a phrase or picture automatically pops into their head, whether they actively think about it or not. If the word (also called a trigger) is a bit out-of-the-ordinary and the picture is humorous, you almost can’t help but noticing when it appears. The trigger that I use when I train is the word HOGWASH! Here is my definition of Hogwash:

Hog’wash |hôg’wô sh | n. 1. A gut reaction that someone is manipulating you for their own gain, or feeding you a line of bull in order to deceive you (e.g., I’ll just borrow your password for a short time); 2. Healthy skepticism that persists until the person requesting information from you proves they are worthy of your trust.

When the word Hogwash pops into your head, picture a pig feeding at a trough. Better yet, picture the person (who is requesting your information) feeding at a trough (the image is what makes it fun and memorable – don’t be afraid of the silliness – it works). As they provide legitimate reasons for needing the information and adequate reassurance that your data will be handled securely, they begin to rise from the trough. But don’t let them off the hook yet, because social engineers are masters at using your natural biases against you.

Fraud Training Step 3: Vigilance

When an outsider has access to your identity or critical business data, your trigger should automatically activate without thinking about it (Hogwash!). Your first response should be to heighten your level of observation, to become more vigilant. View the situation as a child would—with curious eyes. You can even borrow what we teach our children to be more aware in dangerous situations—Stop, Look and Listen:

Listen to your instincts. Ask yourself if your identity is safe. Is there a change in the environment that makes you uneasy or uncertain? What is your gut saying? Would a spy give away this information? Is the benefit you are receiving worth the data you are sharing? Be a healthy skeptic (i.e., not paranoid, but vigilant) of anyone who is requesting sensitive information. The final and most important step is to follow up with the right questions, or interrogate the enemy.

Don’t make privacy a policy, make it part of your culture. Start by engaging your troops, not putting them to sleep.

If you are interested in having John Sileo conduct fraud training and social engineering workshops for your organization, contact him directly on 1.800.258.8076. His satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Reserve Bank.

Detection-Fraud: 15 Signs You're a Victim of Identity Theft!

Detection: Fraud and Identity Theft.

“Consumers are spending considerably more time on fraud Resolution, up to an average of 30 hours in 2008. This increase may be attributed to the increased sophistication of fraud schemes.”
–    2009 Identity Fraud Survey Report, Javelin Strategy & Research

Most cases of identity theft are discovered by the victim, which reinforces the importance of monitoring your various accounts for suspicious behavior. Here are a few of the most common warning signs for the detection of fraud, identity theft or data breach:

The Top 15 Ways Victims Detect Identity Theft

  1. You receive a data breach notice in the mail from a company you do business with.
  2. Your bills or statements are not arriving in your mail (or email) on time.
  3. You notice unauthorized charges on your credit card bill or debit card statement.
  4. You notice new accounts or erroneous information on your credit report.
  5. You are denied credit for a purchase.
  6. You receive credit card bills for cards you don’t own.
  7. You are contacted by a collection agency about an item you didn’t purchase.
  8. You receive bills for unknown purchases, rental agreements or services.
  9. Businesses won’t accept your check or credit card.
  10. You are unable to set up new banking, loan or brokerage accounts.
  11. You notice withdrawals on your checking, savings or brokerage account that you didn’t make.
  12. The checks listed on your bank statements don’t reconcile with those listed in your check register. Many times these checks are made out to “Cash.”
  13. You notice a downward trend in benefits on your Annual Social Security Statement.
  14. The police show up at your door.
  15. A subpoena to appear in court arrives in the mail.

According to Javelin Strategy & Research, over the past 3 years, stolen data being used in less than one week jumped from 33% to 71%.  Identity thieves count on our lackadaisical attitude toward monitoring our wealth. Remember, actively monitoring your accounts, credit reports, and other identity documents is the best strategy to catch identity theft in its earliest stages, before it becomes a problem.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.