Posts

Identity theft and fraud a pitfall, even for government workers

Though businesses of all kinds have reasons to be concerned about their susceptibility to identity theft and fraud, contractors working for the government should be fine, right? Well, not when glitches lurk. 

There are enough threats to private information floating out there without us accidentally opening the floodgates. If proper security is kept up at all times, it creates a higher standard that can allow for less laziness and more protection. Unfortunately, even the government can’t keep the possibility of dangerous security gaps at zero. Contractors working for the feds may have learned this the hard way last month, when a flaw in software used by the General Services Administration left valuable information vulnerable to identity theft and fraud, potentially including Social Security and bank account numbers.

To be fair, the information was only visible to those in the system already, and the GSA managed to close the gap relatively quickly. But this still should be enough to keep businesses of all kinds on their toes. We may count on increasingly sophisticated technology to help us get our work done, but that doesn’t erase the possibility for error of all kinds. And even the fastest responses don’t erase the chance for someone to be in the right place at the right time to swipe your most precious data.

What can your company do to reduce the likelihood of something like this affecting you? It might seem like predicting where lightning will strike, but proper prevention measures can indeed help a company to fight instances of identity theft and fraud. Seeking consultation can help businesses prepare for the worst – no matter how it arrives.

John Sileo is an identity theft expert and keynote speaker on identity theft and fraud protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. 

Thieves could now be targeting your medical records

Businesses may already be rushing to protect their financial information, but other kinds of personal data are at risk, too. Case in point: medical records.

Big companies with huge profit margins might seem like the most attractive targets for identity theft and fraud. After all, what more direct way to get at your money? But there are other ways an outsider could infiltrate your personal data. Right now, security around healthcare information is a big concern, and fraudsters are lying in wait to pounce on gaps in the system.

Recently, the Montgomery Advertiser reported the story of National Guardsman Zane Purdy, who fell victim to a particularly nasty bit of fraud that cost him his high-paying job. Now he's a waiter making fewer than eight dollars an hour, barely enough to support his wife and two kids. Purdy's story is heartbreaking, and he's only one of the more than 800 people taken advantage of by the same criminal.

That criminal would be a woman named Angeline Austin, who stole information from the files of an Alabama medical center and sold them to another source. Austin has been tried and sentenced to nearly five-and-a​-half years in prison, but that still leaves a huge mess for people like Purdy to clean up.

This particular flavor of scam is becoming more common than you probably think. So far, almost 50 percent of the identity theft incidents reported to the Identity Theft Resource Center for 2013 concern medical organizations. Unless we increase our medical fraud prevention skills, the number could get even higher. 

For a digital hijacker, nothing is off-limits. Those who process medical records should take it upon themselves to incorporate proper fraud detection into their practices as soon as possible. Otherwise, we may be facing a nation of Zane Purdys who did nothing wrong but trust their health info to the unprepared. 

John Sileo is a medical security expert and keynote speaker on privacy, identity and fraud protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Hackers Steal Business Identity Via Your Browser With Java Exploit

You should take five minutes to understand Java browser threat before it undermines your security. The internet has become much like the Wild Wild West, where individuals play by their own rules and do as they please. Think of hackers as being malicious like Mongo from “Blazing Saddles,” but as smart and cunning as the most nefarious of Bond villains. It all reads like a bad Hollywood script until you get hit.

These outlaws of the digital age have turned their attention to your browser, and specifically to Oracle Corp’s Java software, continuing their efforts to victimize unsuspecting individuals who think they’re surfing the net safely. According to a recent Reuters report, the company is hard at work on a software update meant to address a critical security flaw that would allow hackers to infect your computer, possibly even taking control of it and using it in an attack on another server.

Like most forms of digital intrusion, identity theft and fraud, the victim doesn’t realize what has happened until the damage has already been done. That can mean a massive loss of data, debilitating downtime and a significant monetary investment for even the smallest businesses. Let’s stop standing in the batter’s box watching pitch after pitch go by without taking the bat off our shoulders. Instead, it’s time to take a swing at identity theft prevention and data breach.

How often do you think your employees find themselves cruising the Web when a pop-up prompts them to install a program update or enable cookies to view a site? Do they stop to think about what it is asking them? Do they take a moment to consider the impact on your company? Do the understand how to tell if the update is real and necessary? Probably not.

Ignorance is bliss until it swings back around to bite you on the technological backside. In this day and age, that can be in the form of stolen bank account information, customer identity, Social Security numbers, intellectual property, account passwords and a plethora of other personal data that can be used to steal identity or further breach your company.

Other top keynote speakers I’ve spoken to on this subject understand why people opt for convenience over security: because we’ve gotten lazy; but that doesn’t mean we should just shut up and passively condone these bad habits. There are countless ways to avoid identity theft, like not installing plug-ins unless you know their source and their actual purpose. Even more effective is to disallow Java to run on everything but your trusted websites.  And there are many inexpensive controls businesses can put in place to make the job easier. But first, it’s time to start using better judgment.

John Sileo is an online security expert and keynote speaker on risk management and protecting sensitive information. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Identity Theft: Don't Fool Me Once and Definitely Don't Fool Me Twice

Too often we hear about what steps people should take after they have been victims of identity theft and fraud. That’s like telling a batter to wear a helmet after he’s been hit in the head by a baseball.

In a recent news report from a local Fox affiliate in Florida, Jackson Hewitt tax preparer Jessica Douglas said she constantly sees instances of fraud when people come to her to file their returns. Many of these individuals don’t even realize that they have been victimized until months later when they’re sitting at her desk and are blindsided with the news. The Internal Revenue Service sends back a rejection notice, which signifies that someone else has already used your Social Security number to file a return.

Now, Douglas says the IRS will give you a personal identification number that supposedly makes it more difficult for villainous types to steal your identity. But, once again, the catch is that you have to have already been victimized once before you can get a PIN.

Rather than relying on after-the-fact “fixes” that are the equivalent of putting band-aids on bullet wounds, we need to focus on preventative measures that one can take to avoid being an identity theft victim in the first place. After all, if you aren’t taken by fraudsters once, you can’t be taken by them twice. Hence, there’s no need for a PIN.

For starters, everyone should know their Social Security number by heart, and no one should carry their Social Security card in their wallet or purse. If it falls into the wrong hands, it’s like handing over the combination to a safe that holds all your most treasured valuables.

Maintaining detailed financial records and periodically checking your credit report are also very useful identity theft prevention tools.

John Sileo is an identity theft prevention expert, the award-winning author of the ID theft prevention book, Privacy Means Profit, and a keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Mission Impossible: Self-Destructing Digital Messages Still Fictional

In "Mission: Impossible," messages would self-destruct five seconds after being viewed. But, in real life, any application that claims to do the same should be met with hearty laughter and a salt shaker full of skepticism.

According to a report from a local ABC affiliate in Los Angeles, the Snapchat mobile app has shared more than one billion "snaps" globally. These are text and picture messages, sent between friends via smartphone, that supposedly disappear from the sticky tendrils of the World Wide Web without a trace. However, I highly doubt any application can completely wipe a message from existence once it hits the internet, which means that your digital reputation grows, for better or worse, every time you share.

For many years now, we have been gently trained to share all of our juicy personal information without taking much time to consider the risks. And at the very heart of it, technology isn't the solution to our exposure problems – we are. The choices that we humans make every day about what to share and what not to share accumulate in large quantities over relatively short periods of time.

It's like depositing digital currency (identity, blog posts, social media updates, photos, videos) in someone else's account (Facebook, Instagram, Twitter, LinkedIn, YouTube, Google, etc.).

While there are certainly applications available today that purport to erase messages for good, none are 100-percent reliable. The instant you post anything online it's immediately copied, forwarded, screenshot and backed up. You are too late, as the chances of eliminating it are about as good as negotiating friendly terms with Iran.

Solution: if you are sending a message or picture that you absolutely wouldn't want anyone else to see besides the intended recipient, the internet is probably not the right method for sharing it with that individual. Digital DNA lasts forever. Billions of people go online every day. If just one of them manages to get ahold of something you post or send to a friend, all bets are off. You now no longer have control over that content.

As an alternative, consider sending an encrypted PDF file that can only be accessed by an end user with the appropriate code. Or get old fashioned and send a FAX, which minimizes exposure on the Web. If you can, call the person to deliver the sensitive information. In other words, if it's private, limit its exposure to the Web.

If you don't stop to think about and act upon how much of your life you're sharing with the internet community, maintaining the security of your digital reputation is truly an impossible mission.

There is no surefire way to control every single bit of information you send via smartphone or post online, and any application or service provider that tells you otherwise likely knows better, but is hoping that you won't.

John Sileo is a digital reputation expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.