Posts

Elder Fraud Expert Answers: How do I prevent & resolve it?

seniors on computerThe past two blogs have outlined why seniors are targeted, what signs to watch for, and some common schemes.  Now for the truly important info: How to prevent elder fraud from happening and what to do if it does happen!

  • Report actual or attempted elder fraud (or any type of fraud) via Fraud.org’s Online Complaint Form.
  • Change the phone number if a senior is receiving excessive sales calls.
  • Change the bank account or credit card numbers if they have fallen into the hands of thieves.
  • Avoid getting on sucker lists. Don’t fill out contest entry forms at fairs or malls—they are a common source of “leads” for con artists. Ask companies you do business with not to share your personal information with other marketers.
  • Know your “Do-Not-Call” rights. Under federal law, you can tell a telemarketer not to call you again and you can file a complaint on the Do Not Call website.
  • Make sure you know the company you are dealing with. If it’s an unfamiliar company or charity, check it out with your state or local consumer protection agency and the Better Business Bureau.
  • Screen your calls. Use an answering machine, Caller ID, or other services that may be available from your phone company to help you determine who you want to talk to and who you want to avoid.
  • Never sign blank insurance claim forms.
  • Never give blanket authorization to a medical provider to bill for services rendered.
  • Ask your medical providers what they will charge and what you will be expected to pay out-of-pocket.  Get it in writing.
  • Carefully review your insurer’s explanation of the benefits statement. Get an annual “Benefits Request Checkup” from your insurance provider to see a list of all benefits and services paid in your name.  Call your insurer and provider if you have questions.
  • Do not do business with door-to-door or telephone salespeople who tell you that services of medical equipment are free.
  • Give your insurance/Medicare identification only to those who have provided you with medical services.
  • Keep accurate records of all health care appointments.
  • Use caution when purchasing drugs on the Internet. Do not purchase medications from unlicensed online distributors or those who sell medications without a prescription. Reputable online pharmacies will have a seal of approval called the Verified Internet Pharmacy Practice Site (VIPPS), provided by the Association of Boards of Pharmacy in the United States.
  • Always ask for and wait until you receive written material about any offer or charity. If you get brochures about costly investments, ask someone whose financial advice you trust to review them.  Remember, even a classy brochure can be a hoax!
  • Always take your time making a decision. Legitimate companies won’t pressure you to make a snap decision.
  • Don’t pay for a “free prize.” If a caller tells you the payment is for taxes or shipping fees, he or she is violating federal law.
  • Never send money or give out personal information such as credit card numbers and expiration dates, bank account numbers, dates of birth, or social security numbers to unfamiliar companies or unknown persons.
  • Get a second opinion!  When filling out important forms or making a big financial decision, ask someone you trust to look it over and talk it over before giving away any personal information.
  • Get help when using the internet, especially concerning financial transactions.  NEVER give out personal information such as SS numbers or credit card information. Remember that older grandkids make great resources when it comes to using the Internet because they are true digital natives.

Remember, you’ve worked hard to reach a point where you can enjoy your golden years.  Don’t let someone else enjoy the fruits of your labor.  Be vigilant and be protected!

John Sileo is an author and highly engaging speaker on business fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Elder Fraud Expert Answers: What are the Most Common Schemes?

senior on internet ccIn our previous blog we talked about why senior citizens have become such a target for con artists and even unscrupulous relatives to commit elder fraud and take their hard-earned money.   We also talked about signs that they may be being duped.  Today, we want to make you aware of the variety of schemes that are out there.  This is by no means a complete list, but will give you a pretty good idea of what to watch for.

Common schemes:

  • The “Grandparents Scam”: someone phones or e-mails and pretends to be a grandchild in trouble. The elderly person, who may not have much contact with their grandchild, might be convinced and may wire money or send a prepaid debit card to help.
  • Offers of “freebies”: the Better Business Bureau of eastern Michigan reports that scammers now are offering seniors $3,000 in “free groceries savings certificates” along with a free medical alert bracelet. The scam may lure people to give away bank account information.
  • Enticing links on websites lure inexperienced seniors into divulging personal information.
  • Con artists may attend the funeral service of a stranger claiming that the deceased had an outstanding debt with them.
  • Reverse mortgage scams: the FBI reports that victims are offered free homes, investment opportunities and foreclosure or refinance assistance.
  • Thieves steal personal information and contact the Social Security Administration to change the payment routing information to the thieves’ own bank accounts or prepaid debit cards.
  • Fake lottery/sweepstakes: seniors are enticed into buying inexpensive knick-knacks or magazine subscriptions (which they do receive) in order to be entered into a contest.  Another variety is they receive an official looking check saying they’ve won a foreign lottery.  In both cases, they are asked to give up personal information to proceed.
  • The discount prescription scam: seniors are offered prescription drugs at a significant discount, but are required to pay a $200 membership fee or give up their credit card information.
  • The “credit card company” calls:  a polite caller says he’s from the senior’s credit card company and is investigating a possible fraudulent purchase. He even IDs the last four digits of the charge card as proof. When the senior denies making the purchase, the caller offers to reverse it immediately, but asks for the verification code on the back of the credit card.
  • Door-to-door solicitors ask for donations on behalf of charitable organizations.
  • Telemarketing fraud: according to the National Consumers League, nearly a third of all victims are age 60 or older. Studies by AARP show that most older telemarketing fraud victims don’t realize that the voice on the phone could belong to someone who is trying to steal their money.
  • Medical Equipment Fraud: equipment manufacturers offer “free” products, such as wheelchairs or oxygen tanks, to individuals. Insurers are then charged for products that were not needed and/or may not have been delivered.
  • “Rolling Lab” Schemes: unnecessary and sometimes fake tests are given to individuals at health clubs, retirement homes, or shopping malls and billed to insurance companies or Medicare.
  • Services Not Performed: Customers or providers bill insurers for services never rendered by changing bills or submitting fake ones.

This list truly only scratches the surface of what is out there, but it gives you a good idea of just how vigilant seniors and their caretakers need to be.  In our next blog, we will provide a list of what seniors need to do to prevent becoming a victim of scams and what to do if it does happen to them.

John Sileo is an author and highly engaging speaker on fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Elder Fraud Expert Answers: Why Are Senior Citizens Targeted?

senior id theft1

Imagine spending your whole life working hard, saving wisely and spending conscientiously—only to have your comfy “nest egg” taken away by unscrupulous scammers or even your own greedy relatives in your golden years.  Sad to say, this is a scenario that is far too common; up to 80% of scam victims are over 65, according to the U.S. Federal Trade Commission. A 2009 study by MetLife’s Mature Market Institute estimates that seniors lose approximately $2.6 billion per year to elder fraud, or what they call financial abuse, meaning fraud by outside scammers or theft by family members and acquaintances.

And this issue will take on even more importance in the years to come as the senior population in America grows.  According to the U.S. Census Bureau, there were 37.3 million people 65 and older in the United States as of 2006.  This group is expected to double in size within the next 25 years. By 2030, almost 1-out-of-5 Americans – some 72 million people- will be 65 years or older.

A scan of recent alerts from the Senior Journal shows a wide variety of areas that require constant vigilance:

By definition, Elder Fraud targets seniors, but why?

  • Senior citizens are most likely to have significant savings, to own their home and/or to have excellent credit—all very desirable to criminals.
  • People who grew up in the 1930s, 1940s, and 1950s were generally raised to be polite and trusting.  They are less likely to be suspicious of a nice salesperson, say no or hang up on pushy telemarketers.  There is even a study showing that we get more trusting as we age.  Through MRI testing, researchers at  the University of California, Los Angeles found that the area known as the anterior insula, which is associated with “gut feelings,” became more active in the younger subjects at the sight of an untrustworthy face. Older subjects, however, showed little to no activation in this area.
  • Seniors can be less comfortable with technology and inadvertently share information online or click on links that makes them vulnerable.
  • Criminals know that seniors are less likely to report a fraud.  This could be either because they don’t know who to report it to, are too ashamed at having been scammed, or don’t even know they have been scammed. Many are afraid to appear as if they have lost the ability to make sound decisions to their relatives, so they just keep it to themselves.
  • If an elderly victim does report the crime, scammers know that they often make poor witnesses.   The effect of age on memory combined with the amount of time that often passes between the crime, the realization, and actually acting on it makes it difficult for elderly victims to supply enough detailed information to investigators.
  • Senior citizens are more interested in and susceptible to products promising all sorts of wonderful results, from anti-aging creams to improved memory to medical cures.  In a world full of the miracles they’ve witnessed in their lifetimes, nothing seems too good to be true.  And if they can get a bargain on it, so much the better!

Elder Fraud Warning Signs:

  • You notice an excess amount of ATM or bank account withdrawals, perhaps even exceeding the daily maximum allowed on that account.
  • The senior is bouncing checks, which might indicate an unexpected loss of money.
  • There are debit transactions that don’t seem to make sense for an older adult.  Also, there may be debits that the person can’t remember or explain.
  • The older adult may be suddenly wiring large sums of money or writing large checks.
  • He or she may close a certificate of deposit, even though a large penalty would be paid for early withdrawal before that CD matured.
  • The bank is unable to speak directly with the older adult, despite repeated attempts to contact him or her.
  • A “new friend” suddenly begins handling the money for a senior.
  • The senior receives excessive amounts of junk mail.  (Once a senior takes the bait for one scam, thieves sell the person’s name, address and telephone number, and fake mailings proliferate.)
  • The phone rings excessively with sales calls.
  • He or she may be having difficulty buying groceries and paying bills.
  • They seem to receive lots of cheap items such as costume jewelry, beauty products, water filters, and knick-knacks that they bought to win something or received as prizes.

Tomorrow, we will outline common schemes that are used to prey on senior citizens.

John Sileo is an author and highly engaging speaker on fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Fraud Expert John Sileo in Woman'sDay

, ,
By Daisy Chan, Woman’sDay

The latest scams to steal your personal information are scarily simple—and effective. Learn how to protect yourself.

You thought shredding documents was enough to protect you from having your identity stolen, but thieves have found new ways to rip you off. No wonder 9 million Americans fell prey to them in 2010, according to the most recent data from the Federal Trade Commission. The average out-of-pocket cost to the victim? About $3,000! Here’s how to safeguard your identity—and your cash—from the three newest scams.

THE SCAM: Trolling social networking sites

HOW IT WORKS: Thieves check out Facebook and Twitter looking for any piece of personal information they can use to search for your address, such as your name or phone number. “Once they know where you live, they can submit a change of address form and have your mail sent to their P.O. box,” says fraud expert John Sileo, founder of ThinkLikeaSpy.com, a Denver-based identity theft prevention company. Thieves can even figure out your passwords using the seemingly innocent information you post online, like your pet’s or kids’ names—terms many people often use as passwords. Once they have all that information, it’s easy for them to siphon money from your bank account.

Read the full story here: Prevent Identity Theft – How to Outsmart Identity Thieves – Woman’s Day

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Identity Theft & Fraud Keynote Speaker John Sileo

, , , ,

America’s top Privacy & Identity Theft Speaker John Sileo has appeared on 60 Minutes, Anderson Cooper, Fox & in front of audiences including the Department of Defense, Pfizer, Homeland Security and hundreds of corporations and associations of all sizes. His high-content, humorous, audience-interactive style delivers all of the expertise with lots of entertainment. Come ready to laugh and learn about this mission-critical, bottom-line enhancing topic.

John Sileo is an award-winning author and keynote speaker on the dark art of deception (identity theft, fraud training, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust.

7 Steps to Secure Profitable Business Data (Part II)

, , , ,

In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.

  1. Start with the humans.
  2. Immunize against social engineering.
  3. Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
  4. Eliminate the inside spy. Most businesses don’t perform a serious background check before hiring a new employee. That is short sighted, as much of the worst data theft ends up being an “inside job” where a dishonest employee siphons information out the back door when no one is looking. In the consulting work we have done with breached companies, we have discovered the number one predictor of future theft by an employee – past theft. Most employees who are dishonest now were also dishonest in the past, which is why they no longer work for their former employer.Strategy: Invest in a comprehensive background check before you hire rather than wasting multiples cleaning up after a thief steals valuable data assets. Follow up on the prospect’s references and ask for some that aren’t on the application. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work. More importantly, letting your prospective hire know in advance that you will be performing a comprehensive background check will discourage dishonest applicants from going further in the process (watch the video for further details). I personally recommend CSIdentity’s SAFE product, which is a technologically superior service to other background screen services.
  5. Don’t let your mobile data walk away. In the most trusted research studies, 36-50% of all major data breach originates with the loss of a laptop or mobile computing device (smart phone, etc.). Mobility, consequently, is a double-edged sword (convenience and confidentiality); but it’s a sword that we’re probably not going to give up easily.Strategy: Utilize the security professional mentioned above to implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after 5 minutes of inactivity and check the box that requires you to enter your password upon re-entry. This will help keep unwanted users out of your system. Finally, lock this goldmine of data down when you aren’t using it. Either carry the computer on your person (making sure not to set it down in airports, cafes, conferences, etc.), store it in the hotel room safe, or lock it in an office or private room when not using it. Physical security is the most overlooked, most effective form of protection.
  6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out. The problem tends to be that no one in the business uses it consistently.Strategy: Take a day to pretend that you are your fiercest competitor and sort through all of the trash going out your door for sensitive documents. Do you find old invoices, credit card receipts, bank statements, customer lists, trade secrets, employee records or otherwise compromising information? It’s not uncommon to find these sources of data theft, and parading them before your staff is a great way to drive the importance of privacy home. If your employees know that you conduct occasional “dumpster audits” to see what company intelligence they are unsafely throwing away, they will think twice about failing to shred the next document. In addition to properly disposing of new documents, make sure that you hire a reputable on-site shredding company to dispose of the banker’s boxes full of document archives you house in a back room somewhere within your offices.
  7. Anticipate the clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, noncompliant server farm, you will ultimately be held responsible when that data is breached.Strategy: Spend a few minutes evaluating your business’s use of cloud computing by asking these questions: Do you understand the cloud service provider’s privacy policy (e.g. that the government reserves the right to subpoena your Gmails for use in a court of law)? Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)? What happens if the cloud provider (Salesforce.com, Google Apps) goes out of business or is bought out? Is your data stored locally, or in another country that would be interested in stealing your secrets (China, Iran, Russia)? Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control? If you are bound by HIPAA, SOX, GLB, Red Flags or other forms of legislation, you might be pushing the edges of compliance.

By taking these simple steps, you will begin starving data thieves of the information they literally take to the bank. This is a cost-effective, incremental process of making your business a less attractive target. But it doesn’t start working until you do.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

 

Fun Fraud Detection Training

, , , ,

Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Fraud Training Step 1: The Trigger

The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of private information in any form (your identity, customer information, employee records, intellectual capital, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up identity, or to the paper, plastic, digital or human data where identity lives (whether it is yours or your organization’s), the trigger should trip and sound an alarm in your head.

There are hundreds of examples of fraud triggers in the workplace. Here are a few of the more common:

  • When someone is requesting information about you on Facebook, LinkedIn, etc.
  • When someone requests information about your company, computer login or co-workers in person or by phone
  • When you are clicking on a link in an email
  • When you are entering data into a website

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

Fraud Training Step 2: Hogwash!

Your team should be trained such that anytime their reflex is triggered, a phrase or picture automatically pops into their head, whether they actively think about it or not. If the word (also called a trigger) is a bit out-of-the-ordinary and the picture is humorous, you almost can’t help but noticing when it appears. The trigger that I use when I train is the word HOGWASH! Here is my definition of Hogwash:

Hog’wash |hôg’wô sh | n. 1. A gut reaction that someone is manipulating you for their own gain, or feeding you a line of bull in order to deceive you (e.g., I’ll just borrow your password for a short time); 2. Healthy skepticism that persists until the person requesting information from you proves they are worthy of your trust.

When the word Hogwash pops into your head, picture a pig feeding at a trough. Better yet, picture the person (who is requesting your information) feeding at a trough (the image is what makes it fun and memorable – don’t be afraid of the silliness – it works). As they provide legitimate reasons for needing the information and adequate reassurance that your data will be handled securely, they begin to rise from the trough. But don’t let them off the hook yet, because social engineers are masters at using your natural biases against you.

Fraud Training Step 3: Vigilance

When an outsider has access to your identity or critical business data, your trigger should automatically activate without thinking about it (Hogwash!). Your first response should be to heighten your level of observation, to become more vigilant. View the situation as a child would—with curious eyes. You can even borrow what we teach our children to be more aware in dangerous situations—Stop, Look and Listen:

Listen to your instincts. Ask yourself if your identity is safe. Is there a change in the environment that makes you uneasy or uncertain? What is your gut saying? Would a spy give away this information? Is the benefit you are receiving worth the data you are sharing? Be a healthy skeptic (i.e., not paranoid, but vigilant) of anyone who is requesting sensitive information. The final and most important step is to follow up with the right questions, or interrogate the enemy.

Don’t make privacy a policy, make it part of your culture. Start by engaging your troops, not putting them to sleep.

If you are interested in having John Sileo conduct fraud training or social engineering keynotes for your organization, contact him directly on 1.800.258.8076. His satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Trade Commission.

Fraud Training: Bored to Tears Yet?

,

Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Fraud Training Step 1: The Trigger

The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of private information in any form (your identity, customer information, employee records, intellectual capital, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up identity, or to the paper, plastic, digital or human data where identity lives (whether it is yours or your organization’s), the trigger should trip and sound an alarm in your head.

There are hundreds of examples of fraud triggers in the workplace. Here are a few of the more common:

  • When someone is requesting information about you on Facebook, LinkedIn, etc.
  • When someone requests information about your company, computer login or co-workers in person or by phone
  • When you are clicking on a link in an email
  • When you are entering data into a website

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

Fraud Training Step 2: Hogwash!

Your team should be trained such that anytime their reflex is triggered, a phrase or picture automatically pops into their head, whether they actively think about it or not. If the word (also called a trigger) is a bit out-of-the-ordinary and the picture is humorous, you almost can’t help but noticing when it appears. The trigger that I use when I train is the word HOGWASH! Here is my definition of Hogwash:

Hog’wash |hôg’wô sh | n. 1. A gut reaction that someone is manipulating you for their own gain, or feeding you a line of bull in order to deceive you (e.g., I’ll just borrow your password for a short time); 2. Healthy skepticism that persists until the person requesting information from you proves they are worthy of your trust.

When the word Hogwash pops into your head, picture a pig feeding at a trough. Better yet, picture the person (who is requesting your information) feeding at a trough (the image is what makes it fun and memorable – don’t be afraid of the silliness – it works). As they provide legitimate reasons for needing the information and adequate reassurance that your data will be handled securely, they begin to rise from the trough. But don’t let them off the hook yet, because social engineers are masters at using your natural biases against you.

Fraud Training Step 3: Vigilance

When an outsider has access to your identity or critical business data, your trigger should automatically activate without thinking about it (Hogwash!). Your first response should be to heighten your level of observation, to become more vigilant. View the situation as a child would—with curious eyes. You can even borrow what we teach our children to be more aware in dangerous situations—Stop, Look and Listen:

Listen to your instincts. Ask yourself if your identity is safe. Is there a change in the environment that makes you uneasy or uncertain? What is your gut saying? Would a spy give away this information? Is the benefit you are receiving worth the data you are sharing? Be a healthy skeptic (i.e., not paranoid, but vigilant) of anyone who is requesting sensitive information. The final and most important step is to follow up with the right questions, or interrogate the enemy.

Don’t make privacy a policy, make it part of your culture. Start by engaging your troops, not putting them to sleep.

If you are interested in having John Sileo conduct fraud training and social engineering workshops for your organization, contact him directly on 1.800.258.8076. His satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Reserve Bank.