Posts

Identity Theft Speaker Says Fraud from Target Breach is Your Fault (As of Today)

,

credit cardsToday I served as the keynote identity theft speaker for the Fort Worth Speakers Foundation, here in balmy Texas (well, compared to Montana, where I spoke last week). After the main presentation, I fielded a range of questions on all topics. One woman asked me this: “At what point is fraud committed as a by product of the Target breach no longer Target’s fault?” The question was highly intelligent and the answer is very revealing.

When word got out about the massive security breach that occurred at Target in December of 2013, and which could wind up being the largest in U.S. history, many speculated that shoppers would dramatically change their habits.  After all, nearly 1 out of 3 Americans were affected.

But a recent poll conducted by the Associated Press shows that our intentions don’t necessarily match our actions. The AP-GfK Poll, which was conducted in January and involved interviews with 1,060 adults, shows that the majority of Americans polled say they fear becoming victims of theft after the breach.

Yet, despite these numbers, the statistics show that very few are willing to make significant changes to actually protect their data:

  • Only 29% requested new credit or debit card numbers from their bank
  • Only 31% have changed their online passwords at retailers’ websites,
  • Only 18% signed up for a credit monitoring service
  • Only 37% have tried to use cash for purchases rather than pay with plastic in response to data thefts like the one at Target
  • Only 41% have checked their credit reports

Which means that if you shopped at Target during the breach window (November – December 2013) or have been notified that you were part of the breach, but have done nothing about it, you are, from today forward, responsible for any fraud that happens to you. 

Target has done their part (notifying the American public via letter and press), now you need to do yours. Cancel your credit or debit card and have them send you one with a new number, and then sign up for Target’s free credit monitoring. Anything less aggressive is naive, which seems to be what 71% of Target shoppers insist on being.

John Sileo is an author and a highly engaging identity theft speaker. Watch him on The Rachael Ray Show or contact him to speak to your group – 800.258.8076.

Can Medical Identity Theft Really Kill You? [Burning Questions Ep. 2]

, ,

There has been a great deal in the news about medical identity theft leading to death. Is it possible? Yes. Is it likely? Less likely than dying of a heart attack because you eat too much bacon. But let’s explore the possibility of death by medical identity theft (below, in this article), and why the threat gets sensationalized (in the video).

Read more

Sileo Speaking at NAFCU Technology and Security Conference

Credit Union Members: A special thanks to NAFCU for having me back a second year to present at their Technology and Security Conference.  Join us in Vegas for some fun and really get into the nuts and bolts of cyber security.

Screen shot 2013-09-09 at 11.04.06 AM

 
 

6 Ways Your Facebook Privacy Is Compromised | Sileo Group

One billion people worldwide use Facebook to share the details of their lives with their friends and may be unaware their Facebook Privacy could be compromised. Trouble is, they also might be unintentionally divulging matters they consider private to co-workers, clients and employers.

Worse yet, they may be sharing their privacy with marketing companies and even scammers, competitors and identity thieves. Luckily, with some Facebook privacy tips, you can help protect your account online.

Here are six ways Facebook could be compromising your private information and how to protect yourself:

Facebook Privacy

1.  The new Timeline format brings old lapses in judgment back to light. Timeline, introduced in late 2011, makes it easy for people to search back through your old Facebook posts, something that was very difficult to do in the past. That could expose private matters and embarrassing photos that you’ve long since forgotten posting.

What to do: Review every entry on your Facebook timeline. To hide those you do not wish to be public, hold the cursor over the post, click the pencil icon that appears in the upper right corner, select “Edit or remove” then “Hide from timeline.” Being able to “revise” your history gives you a second chance to eliminate over-sharing or posts made in poor taste.

Facebook Privacy2.  Facebook third-party app providers can harvest personal details about you—even those you specifically told Facebook you wished to be private. Third-party apps are software applications available through Facebook but actually created by other companies. These include games and quizzes popular on Facebook like FarmVille and Words with Friends, plus applications like Skype, TripAdvisor and Yelp. Most Facebook apps are free—the companies that produce them make their money by harvesting personal details about users from their Facebook pages, then selling that information to advertisers. In other words, you are paying for the right to use Facebook using the currency of your personal information.

Many apps collect only fairly innocuous information—things like age, hometown and gender that are probably not secret. But others dig deep into Facebook data, even accessing information specifically designated as private.

Example: A recent study found that several Facebook quiz game apps collected religious affiliations, political leanings and sexual orientations. Many Facebook apps also dig up personal info from our friends’ Facebook pages—even if those friends don’t use the apps. There’s no guarantee that the app providers will sufficiently safeguard our personal information and there are numerous instances where they have done just the opposite.

What to do: Read user agreements and privacy policies carefully to understand what information you are agreeing to share before signing up for any app. The free Internet tool Privacyscore is one way to evaluate the privacy policies of the apps you currently use (www.facebook.com/privacyscore), but remember that it is provided by the very company that is collecting all of your data. You also can tighten privacy settings. In “Facebook Privacy Settings,” scroll down to “Ads, Apps and Websites,” then click “Edit Settings.” Find “Apps You Use” and click “Edit Settings” again to see your privacy options. And be sure to delete any apps you don’t use. While you are in the privacy settings, take a spin around to find out other data you are sharing that might compromise your privacy.

Facebook Privacy3.  Facebook “like” buttons are spying on you—even when you don’t click them. Each time you click a “like” button on a Web site, you broadcast your interest in a subject not just to your Facebook friends but also to Facebook and its advertising partners.

Example: Repeatedly “like” articles in a publication with a specific political viewpoint, and Facebook advertisers might figure out how you vote.

Not clicking “like” buttons won’t free you from this invasion of privacy. If you’re a Facebook user and you visit a Webpage that has a “like” button, Facebook will record that you visited even if you don’t click “like.” Facebook claims to keep Web browsing habits private, but once information is collected, there’s no guarantee that it won’t get out.

Example: If an insurance company purchases this data, it might discover that someone applying for health coverage has visited Web pages about an expensive-to-treat medical disorder. The insurer might then find an excuse to deny this person coverage, or to raise their rates substantially.

What to do: One way to prevent Facebook from knowing where you go online is to set your Web browser to block all cookies. Each browser has a different procedure for doing this, and it will mean that you will have to re-enter your user ID and password each time you visit certain Web sites.

Another option is to browse the web in “InPrivate Browsing” mode (Internet Explorer), “Incognito” mode (Google Chrome) or “Private Browsing” mode (Firefox and Safari), which seems to be a less intrusive way to raise your privacy levels.

Less conveniently, you could log out of Facebook and select “delete all cookies” from your browser’s privacy settings before visiting Web sites you don’t want Facebook to know about. There are also free plug-ins available to prevent Facebook from tracking you around the Internet, such as Facebook Blocker (webgraph.com/resources/facebookblocker).

Facebook Privacy4.  Social readers” tell your Facebook friends too much about your reading habits. Some sites, including the Washington Post and England’s The Guardian, offer “Social Reader” Facebook tools. If you sign up for one, it will tell your Facebook friends what articles you read on the site, sparking interesting discussions.

The problem: excessive sharing. The tools don’t share articles with your Facebook friends only when you click a “like” button, they share everything you read on the site. Your Facebook friends likely will feel buried under a flood of shared articles, and you might be embarrassed by what the social reader tells your friends about your reading habits.

What to do: If you’ve signed up for a social reader app, delete it. In Facebook privacy settings, choose “Apps you use,” click “Edit Settings,” locate the social reader app, then click the “X” and follow the directions to delete.

Facebook Privacy5.  Photo and video tags let others see you in unflattering and unprofessional situations. If you work for a straight-laced employer, work with conservative clients or are in the job market, you may already realize that it’s unwise to post pictures of yourself in unprofessional and possibly embarrassing situations.

But you may fail to consider that pictures other people post of you can also hurt you.

A Facebook feature called photo tags has dramatically increased this risk. The tags make it easy for Facebook users to identify by name the people in photos they post—Facebook even helps make the IDs—then link these photos to the Facebook pages of all Facebook users pictured.

What to do: Untag yourself from unflattering photos by using the “remove” option on these posts. Arrange to review all future photos you’re tagged in before they appear on your Facebook Timeline by selecting “Timeline and Tagging” in Facebook’s Privacy Settings menu, clicking “Edit settings,” then enabling “Review posts friends tag you in before they appear on your timeline”. Better yet, ask your friends and family not to post pictures of you without your permission. Be sure to extend the same courtesy to them by asking whether or not they mind you tagging them in a photo.

Facebook Privacy6.  Our Facebook friends—and those friends’ friends—offer clues to our own interests and activities. Even if you’re careful not to provide sensitive information about yourself on Facebook, those details could be exposed by the company you keep.

Example: A 2009 MIT study found it was possible to determine with great accuracy whether a man was gay based on factors including the percentage of his Facebook friends who were openly gay—even if this man did not disclose his sexual orientation himself.

Sexual orientation isn’t the only potential privacy issue. If several of your Facebook friends list a potentially risky or unhealthy activity, such as motorcycling, cigar smoking or bar hopping among their interests—or include posts or pictures of themselves pursuing this interest—an insurer, college admissions officer, employer or potential employer might conclude that you likely enjoy this pursuit yourself.

What to do: Take a close look at the interests and activities mentioned by your Facebook friends on their pages. If more than a few of them discuss a dangerous hobby, glory in unprofessional behavior, or are open about matters of sexual orientation or political or religious belief that you consider private, it might be wise to either remove most or all of these people from your friends list, or at least make your friends list private. Click the “Friends” unit under the cover photo on your Facebook page, click “Edit,” then select “Only Me” from the drop-down menu.

Most of all, remember that Facebook and other social networking sites are social by nature, which means that they are designed to share information with others. The responsibility to protect your personal and private information doesn’t just fall on the social networks; it is also up to you.  Following these Facebook privacy tips can help you succeed in keeping your most personal information safe. 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Stop Check Fraud with Security Checks

, ,

How to Stop Check Fraud and Check Washing

stop check fraudCheck washing, a highly common form of check fraud, is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means.  One of the many ways to protect yourself against check fraud is so important that it deserves its very own article.

A foolproof way to protect your checks from being altered, whether by washing or by electronic means, is to use security checks offered by most companies.

Here are some of the features to look for when you’re purchasing High Security Checks.  These features will safeguard you not only against check washing, but other high tech forms of check fraud as well:

  • Safety security paper (visible and invisible fluorescent fibers, chemical-sensitive)
  • Foil hologram (cannot be reproduced by copiers or scanners)
  • High resolution border elements (intricate design is difficult to reproduce)
  • True watermark (cannot be reproduced by copiers or scanners)
  • Toner adhesion  (damage is visible if toner is lifted or scraped)
  • Void element (the word void appears if photocopied or chemically altered)
  • False positive test area (instant authenticity test with black light or counterfeit pen)
  • Complex pantograph background pattern and high-security colors
  • Thermochromatic ink (reacts to heat to deter copying)
  • Original document backing (deters cut and paste alteration attempts)
  • Chemical wash detection area (shows chemical alteration attempts)
  • Security warning box (becomes visible when photocopied)
  • Padlock icon (signifies that checks meet industry standards)

One more vital tip to foil the check washers: use a dark ink, gel-based pen, preferably one that states it is a security pen. Take a look at the video to the left to see how easy it is to wash a check if you are not using a high security gel-based pen. 

Yes, you may spend a few extra dollars for security checks and pens, but compared to the staggering cost of recovering from check-washing schemes (small businesses lose more than 7%  of their annual revenue to check fraud  – over $600 billion), it’s a drop in the bucket!  Your peace of mind and saved recovery time are worth it.

Checks Unlimited provides personal Securiguard checks with 7 advanced security features including chemical protective paper, microprint signature lines, and a 2 dimensional holographic foil that is irreproducible on copiers or scanners.  Their Security Center also offers fraud prevention tips and security products!

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

Identity Thieves Score Billions from the IRS and Taxpayers

, ,

Every dollar counts, now more than ever, as the government searches for ways to wisely spend our money. It’s dismaying to learn that an audit report from the Treasury Inspector General for Tax Administration (TIGTA) has found that the impact of identity theft on tax administration is significantly greater than the amount the IRS detects and prevents. Even worse, the “IRS uses little of the data from identity theft cases…to detect and prevent future tax refund fraud” according to Mike Godfrey, Tax-News.

  • The IRS is detecting far fewer fake tax returns than are actually falsely filed. 938,700 were detected in 2011. On the other hand, TIGTA identified 1.5M additional undetected tax returns in 2011 with potentially fraudulent tax refunds totaling in excess of $5.2B.
  • The study predicted that the IRS stands to lose $21B in revenue over the next 5 years with new fraud controls, or $26B without the new controls.
  • Key victims include the deceased, children, or someone who would not normally file a return such as lower income individuals that are not legally required to file.
  • A Postal Inspector in Florida uncovered a tax refund scheme whereby refunds were going into debit-card accounts via thieves using the social security numbers (SSN) of dead people. Direct deposit is preferred as it doesn’t require a mailing address, photo ID, name or a trip to the bank.
  • The IRS allows multiple direct deposits to the same bank account. A key finding in the report showed hundreds of tax returns were filed from a single address. In one case, 2,137 returns resulted in $3.3M in refunds to a home in Lansing, Michigan, and 518 returns resulted in $1.8M in refunds to a home in Tampa, Florida.
  • The IRS lacks access to 3rd party information to verify returns and root out fraud. It is issuing refunds in January before it can verify data from employers and financial institutions in March. This gap provides a huge window of opportunity for thieves.
  • The IRS is not gathering enough information to prevent fraud; i.e., how the return is filed, income information on the W-2, the amount of the refund and where the refund is sent.
  • New screening filters that can identify false tax returns before they are processed have the potential to diminish the number of fraud cases as well as other ongoing anti-fraud procedures employed by the IRS. It is placing a unique identity theft indicator on the accounts of the deceased. As of March, 2012, 164,000 accounts were locked, possibly preventing $1.8M in fraud.

Charles Boustany, the US House of Representatives Oversight Subcommitte Chairman, who sent a letter to the IRS demanding a full accounting for the agency’s continued inability to stop tax fraud related to identity theft, declared that “this report raises serious questions regarding the IRS’s ability to detect tax fraud…”. The lost federal money is extremely troubling but there’s another loss to consider – the potential to erode taxpayer confidence in our system of tax administration.


John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

$10 Buys Thieves Access To A Dead Person's Identity

You may think your deceased loved ones are safe from having their identities stolen. Not true! The Death Master File contains data about millions of deceased people including the full name, Social Security number and other personal information. Though you’d think this would be carefully guarded, the Social Security Administration provides the file to the Department of Commerce’s National Technical Information Service (NTIS). NTIS, in turn, distributes it to more than 450 entities including state and local governments, hospitals, universities, financial institutions, insurance companies and genealogy services. Even worse, anyone can access the information through the NTIS website. The cost? $10 for one person or an annual subscription with unlimited access to all of the files of deceased individuals costs $995.

The Social Security Administration created the file to help financial institutions and businesses prevent identity theft by using the file to cross-reference applicants and customers to verify they’re not using a dead person’s identity. According to CNN Money, Senator Bob Casey, Democrat, Pennsylvania, said the agency is “inadvertently facilitating tax fraud” and has called for restrictions to be placed on access to the Death Master File. The IRS has been adding protections but it’s struggling to keep up with a surge in tax fraud. The Treasury Inspector General said in May that the IRS could end up doling out $26 billion in fraudulent refunds over the next five years. In a congressional hearing in May, IRS deputy commissioner Steven Miller said that as of mid-April, his agency had already flagged 91,000 tax returns that were filed under the names of recently deceased individuals.

About 2.4 million deceased Americans each year get their identities stolen according to ID Analytics. Besides taking revenue from the government, thieves steal the personal information to apply for credit cards, cell phones and anything that requires a credit check. And think of the toll it takes on the families that have just lost a loved one. Their grief is compounded by having to rescue that person’s identity. 

Because of the Freedom of Information Act, it’ll take legislation to restrict access to the file unless the Office of Management and Budget finds a way to limit access and cut down tax fraud. The best action you can take to protect your private information while you’re alive (and that will carry over in death) is to freeze your credit. A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

Identity Theft & Fraud Keynote Speaker John Sileo

, , , ,

America’s top Privacy & Identity Theft Speaker John Sileo has appeared on 60 Minutes, Anderson Cooper, Fox & in front of audiences including the Department of Defense, Pfizer, Homeland Security and hundreds of corporations and associations of all sizes. His high-content, humorous, audience-interactive style delivers all of the expertise with lots of entertainment. Come ready to laugh and learn about this mission-critical, bottom-line enhancing topic.

John Sileo is an award-winning author and keynote speaker on the dark art of deception (identity theft, fraud training, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust.

Identity Theft – Know Your Rights

,

Have you experienced that clutch of fear that makes your heart skip a beat when you all of a sudden discover your wallet is missing? Your first reaction might be a cuss word for carrying all that critical information in the first place. Your second is to try to slow your mind as it frantically scans for solutions. Knowing what to do if you lose vital information and knowing your rights if you become a victim of identity theft will save you time, money and a ton of stress.

A consumer survey conducted by the Federal Trade Commission reveals, in a new report, that many identity theft victims do not understand their rights. Following is a summary of what you should know if you become the unfortunate victim of identity theft.

  • Fraud Alert. Placing a fraud alert on your credit file with the three credit bureaus (CRA’s) is the first step and may prevent identity theft if done timely. It’s important to file with each of the bureaus, TransUnion, Experian and Equifax. Although each of the bureaus claims it will notify the other two, it may take weeks or longer and you have no time to lose.Once a fraud alert is placed on your account, you should be contacted by phone by any lenders to confirm that you truly do want to open a new account. Any consumer who has a good faith suspicion that they have been, or are about to become, a victim of identity theft may place a fraud alert on their credit files. Such alerts notify potential creditors that consumers may have been a victim of fraud and that special care should be taken to verify the consumers’ identity before extending new or additional credit. It’s important to follow up after your request and verify with each CRA that it has, in fact, placed a fraud alert on your file. See the final bullet point about freezing your credit for additional protection.
  • Free Credit Report. When a consumer places a fraud alert, she has a right to request a free credit report from each of the CRA’s. These credit reports are separate from, and in addition to, the annual free credit report that all consumers are entitled to receive from the three nationwide CRA’s via annualcreditreport.com. According to the FTC survey, only half of consumers know they are entitled to this additional, free report. Again, follow up with the CRA’s if the credit reports do not arrive timely.
  • Disputing the Accuracy of Information on Credit Reports. Consumers have the right to dispute the accuracy of information on their credit report either with the creditor that provided the information to the CRAs or with the CRAs themselves. The creditor or CRA is then required to perform a reasonable investigation to determine whether the contested information is accurate. If the information is inaccurate, the report must be corrected.As Martha White reported in Time Moneyland, credit bureaus don’t always make it easy to dispute incorrect information. While almost three-quarters of respondents were able to get disputes resolved in either one or two contacts, 24% had to contact the bureau three to five times and another 4% had to initiate six or more contacts to get their dispute resolved.
  • Blocking the Release of Fraudulent Information in Credit Reports
    Generally, if a consumer identifies information on his or her credit report as being the result of identity theft and provides a copy of the police report to the CRAs, the FTC requires the CRA to block the reporting of that information.
  • Credit Freeze. A fraud alert is different than a credit freeze, which completely freezes your credit to all activity for a period of time.  To learn more about freezing your credit and how to reach the three credit bureaus, go to  https://192.241.219.145/2/.

FTC data shows that, for more than a decade, the top category of complaints it handles is identity theft. It’s essential that you know your rights and, without fail, follow up and, perhaps most importantly, be persistent.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.