Posts

Child Identity Theft Expert: A Growing Concern – Part I of 4

Child Identity TheftAre you as protective of your kids as I am of mine?

My wife and two highly-spirited daughters are more than just the center of my universe – they are the compass by which I set my course in every aspect of life. If something is not good for the family, then it isn’t good for me. And that means that I want to do everything in my power to keep them safe.

You and I are called on to protect our children from many things, starting in the womb. Even before they are born, we practice good preventative care. We take specially designed pre-natal exercise classes, coax ourselves to eat right for their benefit, learn CPR and Love and Logic and screen regularly for signs of trouble. Once they are born, we provide the best nourishment, the finest medical care, ample playtime, rest and an infinite flow of unconditional love. You get the point… we do everything in our power to prevent complications and to give them the best chance to grow up healthy, happy and in harmony with the world around them. That is our responsibility, our purpose and our joy.

But how often do you check their credit report? Their WHAT?! I can feel the surprise in your blank stare. I can hear your questions:

“Check my kid’s …credit report? But she is only seven! She doesn’t even have her front teeth yet, let alone a credit card! There are so many years to go before we need to worry about that. Right?”

Unfortunately, no. Because children have untouched and unblemished credit records, they are highly attractive targets. Child identity theft is profitable, hard to detect and a nightmare to recover. Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it.

How Does it Happen?

Identity Theft Expert John Sileo – Video Tips

Facebook Safety Tips to Stop Social Networking Hangovers

Social NetworkingFacebook safety has a direct correlation to your business’s bottom line.

Facebook, and social networking sites in general, are in an awkward stage between infancy and adulthood – mature in some ways, helpless in others. On the darker side of sites like Facebook, LinkedIn and Twitter, scammers and identity thieves are drooling at the sight of this unchecked data playground. In contrast, most social networkers are addicted to all of the friendships they are creating and renewing.

There is no denying that Facebook and other social networking sites have a very luring appeal.  You can sit in the comfort of your own home and suddenly have a thriving social life.  You can look up old friends, make new ones, build business relationships and create a profile for yourself that highlights only your talents and adventures while conveniently leaving out all your flaws and troubles.  It is easy to see why Facebook has acquired over 200 million users worldwide in just over five years. Which is why Facebook safety is still so immature: Facebook’s interface and functionality has grown faster than security can keep up.

Unfortunately, most people dive head first into this world of social connectedness without thinking through the ramifications of all the personal information that is now traveling at warp speed through cyberspace.  It’s like being served a delicious new drink at a party, one that you can’t possibly resist because it is so fun and tempting and EVERYONE is having one.  The downside? Nobody is thinking about the information hangover that comes from over-indulgence: what you put on the Internet STAYS on the internet, forever. And sometimes it shows up on the front page of the Wall Street Journal, in the hands of a prospective employer or your boss’s inbox. All of the personal information that is being posted on profiles — names, birth dates, kids’ names, photographs, pet’s names (and other password reminders), addresses, opinions on your company, your friends and your enemies — all of it serves as a one-stop shop for identity thieves.  It’s all right there in one neat little package and all a scammer has to do to access it is become your “friend”.

Follow these Five Facebook Safety Tips and save yourself the trouble…

5 Facebook Safety Tips

Facebook Safety Tip #1: If they’re not your friend, don’t pretend. Don’t accept friend requests unless you absolutely know who they are and that you would associate with them in person, just like real friends.

Facebook Safety Tip #2: Post only what you want made public. Be cautious about the personal information that you post on any social media site, as there is every chance in the world that it will spread beyond your original submission.  It may be fun to think that an old flame can contact you, but now scammers and thieves are clambering to access that personal information as well.

Facebook Safety Tip #3: Manage your privacy settings. Sixty percent of social network users are unaware of their default privacy settings. Facebook actually does a good job of explaining how to lock your privacy down (even if they don’t set up your account with good privacy settings by default). To make it easy for you, follow these steps:

  1. Spend 10 minutes reading the Facebook Privacy Policy. This is an education in social networking privacy issues. Once you have read through a privacy policy, you will never view your private information in the same way. At the point the privacy policy is putting you to sleep, move on to Step 2.
  2. Visit the Facebook Privacy Help Page. This explains how to minimize all of the possible personal information leakage that you just read about in the privacy policy. Once you understand this on one social networking site, it becomes second nature on most of the others. 
  3. Now it is time to customize your Facebook Privacy Settings so that only information you want shared, IS shared. This simple step will reduce your risk of identity theft dramatically.

Facebook Safety Tip #4: Keep Google Out. Unless you want all of your personal information indexed by Google and other search engines, restrict your profile so that it is not visible to these data-mining experts.

Facebook Safety Tip #5: Don’t unthinkingly respond to Friends in Distress. If you receive a post requesting money to help a friend out, do the smart thing and call them in person. Friend in Distress schemes are when a thief takes over someone else’s account and then makes a plea for financial help to all of your friends (who think that the post is coming from you). As with all matters of identity, verify the source.

Following these 5 Facebook Safety tips are a great way to prevent an information-sharing hangover.

The best way to protect you and your children from Online threats is to educate yourself about Facebook, Twitter, MySpace and other online social networking utilities.  We recently published the Facebook Safety Survival Guide (with Parents’ Guide to Online Safety) with that exact goal in mind. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.

Read more

Traveling Safety: Identity Theft Takes a Trip

traveling-safetyIdentity Theft Speaker John Sileo on Traveling Safety.

Traveling Safety has become a study of its own ever since the advent of identity theft. Your biggest concern may no longer be physical in nature (pickpockets, hotel theft, muggings); the value of the personal identity you carry as you travel is worth far more than the cash in your wallet.

We all love to plan the vacation of our dreams. I can almost taste the pasta Bolognese as I read about that out-of-the way trattoria half way down the ancient narrow vicolo (blind alley) in Tuscany. But there’s one area we often overlook that can turn that long-anticipated dinner into a nightmare – the theft of our most-valuable asset, our identity. Let’s fast forward – we’ve savored the last bite of pasta and drained our pitcher of the vino rosso locale before presenting our credit card.   Our friendly waiter looks concerned as he walks back to our table to tell us that our credit card has been declined. It doesn’t take us long to discover a thief has maxed out our credit and there is nothing left to pay for our dream. If we’re lucky, we’ll have a backup plan and pay by cash or another credit card. If we are less lucky, the thief has cashed out our bank account as well, has stolen our passport numbers to set up new accounts, or has gained access to a laptop computer full of sensitive personal and workplace data. What were we thinking (or not thinking) by neglecting traveling safety?

Traveling safely and preventing identity theft go hand in hand. Because we carry so much identity with us when we travel, because we are much less organized when on the road, and because thieves target travelers, the likelihood of identity theft while on vacation or business travel increases.

Traveling Safety 101

Traveling Safety – Before You Leave Home

  1. Travel light! Simplify and minimize what to bring with you. Take as little identity with you as necessary. If possible, leave the following items at home when you travel:

    Checks and Checkbooks. Resist the temptation to carry checks or take only one or two for an emergency, carrying them with your cash in your money belt. Checking account takeover is one of the simplest crimes to commit and one of the most devastating types of financial fraud from which to recover. The easy alternative? Use a credit card or cash.
    Debit Cards. You can reduce your vulnerability to having your checking account emptied while on vacation by leaving all debit cards (check cards) at home. Don’t be lulled into thinking that Debit/ATM cards are safe just because they have a PIN or password. In fact, the only time a PIN is needed to use the card is when it is being used at an ATM. No PIN is required when it is used at a store as a debit or credit card. Be aware, too, that debit cards don’t have the same financial fraud protections as most credit cards. The Solution? Ask your bank for an ATM-Only debit card (it won’t work in stores, only at an ATM) and make sure your password isn’t overseen when you are at the ATM. Better yet, use a credit card or cash.  The exception to this is when you are traveling in a foreign country and your debit card is the most economical method of obtaining cash from an ATM.
    Extra Credit Cards. Every piece of identity you take with you creates more sources of potential fraud to which you are exposed. I recommend that if you are traveling with another adult, you each take one credit card (and if possible, take cards from two separate credit card companies. That way, you each carry only one card that can be lost or stolen, but you have a backup card if the other person’s card is lost, stolen or shut down because of fraud).  Make sure that your credit card company knows the dates and places you are traveling so that they don’t shut it down when charges are made out of town. Also, make sure you have a large enough credit line to cover your purchases while traveling.
    Social Security Cards. You do not need your Social Security Card while traveling (or at any time other than your first day of work with a new employer), so leave it locked up at home.
    Bills. Don’t try to take bills to pay while traveling.
    Identity Documents. Leave birth certificates, passports (unless travelling internationally), library cards, receipts, etc. at home while you travel. Anything you don’t absolutely need should be left at home locked in a fire safe. If you can travel with only a credit card, driver’s license and health insurance card (as long as it doesn’t have your SSN on it), you will be much safer.

  2. Photocopy the contents of your wallet/documents.Or make a list of all the contents and all your travel documents to carry with you in a secure place as you travel. It’s also a good idea to leave a copy at home with a trusted person whom you can contact. It will save you hours of frustration if anything is lost or stolen.
  3. Hold the Mail. Your mailbox is an identity bonanza. Before you leave, place a “postal hold” on your mail so that your mailbox isn’t vulnerable while you are gone. Arrange with your post office that you (or your spouse) are the only people allowed to pick up your mail. Don’t have it “mass-delivered” the day after you return, as this puts everything at risk all at once. Instead, pick it up at the post office once you return.
  4. Social Networking Sites.Don’t put an “Away on Vacation” note on your social networking sites just as you wouldn’t tack one to your front door. Broadcasting this information opens the door to criminals using that information while you are away.Think twice about any information you share on social networking sites.

Traveling Safety – During Travel

  1. Lock it Up. I can’t stress enough the importance of using the in-room safes that are now a part of almost every hotel room. They are simple to use and drastically increase traveling safety (decreasing theft by cleaning staff and other travelers). Lock up the following items:

    Laptop Computers. Only carry your laptop with you when absolutely necessary. The rest of the time, place your laptop (or just the hard drive if your laptop is too big) in the safe while you aren’t using it.  While using your laptop to access online banking or other password-protected services from Wi-Fi networks, be sure the Wi-Fi hotspots are secure.
    Public Access Internet Facilities. If you’re using a public computer in hotel business centers or cyber-cafes, never access any sensitive information.  Keyloggers (software that can track your keystrokes) may be tracking you.
    Cell Phones/PDAs. While you go down to the pool or off shopping and don’t need your cell phone or other electronic device, store it in the safe along with jewelry, extra cash, your iPod, thumb drive or other valuables.
    Passports. Unless you are traveling in a country where you are required to keep your passport with you at all times, lock it up in the safe the entire time you are staying at the hotel.
    Other Identity Documents. Store your plane tickets, receipts, and any other identity documents (birth certificates, extra credit cards, visa, etc.) in the safe when not in use.

  2. Carry it Safely. I recommend carrying all of your identity documents (passport, credit card, driver’s license, tickets, etc.) in a travel pouch that fits around your neck or your waste (and inside of your clothing). It is a minor inconvenience, but it lowers instances of pick pocketing and unintentional misplacement. Thieves have unbelievably nimble fingers that can slip into your pocket or purse undetected so here’s an essential habit to cultivate: just before you leave your hotel room (especially in cities), verify that your money pouch is securely fastened around your waist or neck, under your clothes.

    Use a Backpack. When possible, carry laptops and other large identity-storing items in a backpack that stays zipped and on your back at all times. It is easy to set down a purse, book bag or piece of luggage while at a ticket counter or retail store. Backpacks, on the other hand, are easy to keep on our person at all times, and are harder to break into without alerting the wearer.
    Watch Your Cards. When paying with a credit card in a restaurant, try to keep your eye on the card. If the server removes it from sight, they may be able to create a “clone” by using a portable card skimmer that will copy the information from the card’s magnetic strip. Many restaurants are now able to process the card at your table or you can take it to the register and observe the transaction.

  3. ATM Machines. Use your “ATM Only” card (one that requires a PIN and does not contain a Visa or MasterCard logo) at ATM machines found at banks or credit unions that are in well-lit areas. Be sure to examine the ATM machine carefully for signs of tampering. Be on the lookout for anything that looks suspicious. Save all transaction receipts in a specific envelope to make it easy to reconcile your bank statement when you arrive home.

Traveling Safety – Upon Your Return Home

  1. Monitor Your Accounts. Shortly after you return from your travels, pay special attention to your account statements to make sure that nothing out of the ordinary appears. If a credit card number or bank account number was stolen during your trip, this is how you will catch it early and keep it from becoming a major nightmare. Contact your provider and alert them to the breach immediately.
  2. Rotate Your Account Numbers . If you feel like your identity might have been compromised (e.g., your credit card number stolen), call your financial institution and have them issue a new card. This makes the old number obsolete, should anyone try to use it in the future.
  3. Pick Up the Mail! Don’t leave it in anyone else’s hands any longer than necessary. Make sure you shred any mail that you no longer need.

Think about Traveling Safety before you leave so that you can fully enjoy your trip instead of being preoccupied with identity theft. Safe travels!

Identity Theft Speaker John Sileo is America’s top identity theft expert. His clients include the Department of Defense, FDIC, Federal Reserve Bank, Pfizer and organizations around the world.

Identity Theft Expert Endorsed by Larry Winget

, ,

If I’ve learned one thing as an identity theft expert these past few years, it’s this: As bloggers with something to gain (monetarily) from our daily posts, we do everything we can to veil our advertisements deep within the text. Nearly every blog post has some financial gain tied to it: Google AdWords down the right side of the column, gentle product sales, magazine subscriptions, you name it.

That’s the trade-off: bloggers give you content and in return, you agree to watch our commercials. With a few exceptions (truly altruistic and non-commercial blogs, which do exist), anytime someone tells you that they gain nothing financially from their blog, tell them HOGWASH! They are simply hiding behind their content. When you get something of value, you are paying with something of value. When you read the Wall Street Journal, you agree to at least browse their advertising (however passively). When you read my blog about identity theft prevention, you learn that I speak to corporations and organizations around the world about data breach and identity theft.

So I’m not going to even try and conceal the commercial nature of this post: the very hilarious and very famous Larry Winget endorsed me as a speaker. I tell you for one reason: to get you to hire me as an identity theft expert and identity theft speaker, and to hire Business Humorist Larry Winget. Period. Let us expose your audience to messages of financial responsibility and financial privacy before they bring their poor habits into your organization.

Larry and I have done about 20 speeches together over the past couple of months for the Department of Defense (e.g., Vandenberg AFB, Camp Pendelton, Andrews AFB) so I’ve gotten to see Larry time and again. And he knocks ’em dead every time. Which is why he is the World’s best and busiest business humorist. And why I am so proud that he took the time to record this short endorsement video about my identity theft speech and me as an identity theft speaker. Thanks, Larry. You’re a pal.

Tweet Breach: 140 Characters of Destruction

tweet-breachLike a wounded, cornered Doberman, I was irrational and reactive.

My blog was down, non-existent. When you earn your keep by communicating ideas, like I do as a professional speaker, any threat to the distribution of those ideas raises the peach fuzz on the back of your neck. After days of being unable to reach my webmaster by office phone, cell phone, SMS text, instant message or email, I dialed up the pressure on him to respond. I turned to the powerful and influential world of social media…

I tweeted him. Publicly.

@johnswebguy Where in the name of Google Earth are you? Why won’t you contact me? [poetic license applied to save face]

140 characters that delivered the impact of a rabid canine. Yes, there was obvious anger in my words, but they were transformed into a venomous rant in the hands of others. Those reading it from the outside could feel the rage I felt at having been cornered without a backup plan. Unfortunately, in my anger, I didn’t make it a direct tweet (a private communication that only the recipient could see), so anyone following these hyper-succinct mini-blogs could view my dirty laundry and fill in the blanks with any back-story they liked. And fill in they did.

In the ensuing minutes, my tweet was re-tweeted (sent out to a mass number of recipients), screen shot (digitally captured to be preserved forever in all its glory) and used as an example as why others shouldn’t do business with my webmaster. I had never even considered ending my relationship with my webmaster, so driving his customers away was the last thing on my mind.

I just wanted to know where he was!

In that instant, dumbfounded with regret, I understood the power of social media to communicate, influence and destroy. Destroy personal reputations. Destroy brand identity. Destroy profit margins, relationships and open communication. As I hit the enter button, I thought I was tossing a snowball, but quickly discovered it had the potential to become an all-out avalanche. For all of its brevity, the words we publish on Twitter or Facebook can be misinterpreted, read as gospel or spread like the plague. It can be very difficult to separate emotion from fact in 140 characters.

My webmaster contacted me from the hospital; he had just gotten out of surgery. Fortunately, I deleted the tweet before it went totally global, explained my mistake to my followers, apologized to my webmaster and got down to resuscitating my blog (when he had recovered from surgery).

Explaining what I had done to someone the following day, I used a term that has stuck in subsequent conversations — tweet breach. Here is my current working definition of tweet breach:

tweet•breach n. 1. Accidentally or intentionally exposing data through social media or other Web 2.0 applications (e.g., Twitter, Facebook, LinkedIn, Wikipedia, Second Life, blog posts, webmail, text messaging, instant messaging, etc.) that would otherwise have remained acceptably private, confidential, anonymous or otherwise properly controlled by the owner or agent responsible for the information. 2. Self-inflicted tweet breech (common) is the act of accidentally or reactively releasing one’s own private information without thinking through the consequences.

Examples: a) posting an individual’s personally identifying information (phone number, credit card account, social security number, etc.) without their consent, knowledge and understanding; b) posting someone’s physical whereabouts, personal history or confidential information without their agreement; c) improperly revealing proprietary corporate information such as intellectual capital, corporate financials, business processes, deal secrets, organizational structure or other sensitive commercial data; d) improperly using social media as a tool of leverage, extortion (if you don’t do this, I will…), or revenge (posting sordid details about your ex, dirty laundry about your former employer, etc.).

I learned so much as a product of my experience that it will provide materials for years to come. Let me share a few of the many fundamental takeaways that you should keep in mind both personally and professionally:

  1. Posting is Public. This seems so obvious, but it is constantly overlooked. When you post (I use the term post to encompass tweeting, blogging, commenting, writing on a wall, publishing to a website, and certain types of texting, instant messaging, etc.), you are making the information available to everyone on the internet (unless you somehow restrict access).In-person relationships are often subtle. For example, you probably wouldn’t tell the same joke to your young child as you would your closest friend. You wouldn’t tell your boss about a successful job interview with another company in the same way that you would tell your sister. But when you post these items online, you are collapsing those layers of distinction, or access, into a one-dimensional view. Everyone has equal and identical access to your joke and your job news, whether you want them to or not. Denial and misunderstanding of this basic principle, that posting is public and will be seen by others, is what leads teenagers to populate MySpace with pictures and content that they would never want their future employers, college admissions officers or even parents, to see.
  2. Posting is Permanent. When you post, you are creating a permanent piece of digital DNA that, for all practical purposes, never disappears. Your words and photos and videos are forwarded, replicated, backed up, quoted and made a permanent part of the internet firmament. In other words, if you post it, you’d better be willing to claim ownership of it for the rest of your life. It is very hard to think a week in advance, let alone 20 years. Would George W. Bush have ever been President had he tweeted his DUIs or possession of Cocaine arrest? The viral and permanent and traceable nature of the information would have doomed his chances.
  3. Posts are Exploitable. Whether they are used against you in a court of law (yes, posts have been used as admissible evidence), used by identity thieves and social engineers (e.g., once a con knows your social network, they can easily use it against you to establish undeserved trust), or aggregated by companies that want to sell you something, posts can and will be used in ways that we average users are not currently considering.

Without question, social media and social networking are killer apps and are here for the long haul. They fulfill too deep a need and too profitable a role in our lives and businesses to write off as a fad. Fortunately, there are concrete solutions for preventing tweet breach and for minimizing damage when it does inevitably happen. I am already experiencing corporations (probably because of their increased risks and liability) beginning to pro-act on the ever evolving side effects of social media. For starters, they are gaining a competitive advantage by:

  • Learning about Twitter, Facebook and other social media first hand. A fun place to start are the videos by Twitter Goddess Gina Schreck (@GinaSchreck).
  • Educating their workforce on the benefits and drawbacks of social media, including tweet breach, productivity gains and losses, social media exhaustion, etc.
  • Establishing guidelines for how to use Twitter, Facebook and Web 2.0 tools in responsible, productive ways
    that deliver the greatest ROI with the least risk
  • Incorporating age-old ideas of etiquette, editorial policy and discretion into the fabric of their new media strategies

I would love to hear your ideas on tweet breach and examples that you have come across. Please feel free to comment with your own tweet breach or similar stories.

After losing his business to data breach and his reputation to identity theft, John Sileo became America’s leading identity theft and data breach speaker. He speaks on the topics of workplace identity theft, data breach and tweet breach. His recent clients include the Department of Defense, the FDIC, Blue Cross Blue Shield, and Pfizer. You can follow his tweets at @john_sileo.

The 7 Deadly Sins of Privacy Leadership: How CEOs Enable Data Breach

Technology is not the root cause of identity theft, data breach or cyber crime.

We are.

Too often, technology is our scapegoat, providing a convenient excuse to sit apathetically in our corner offices, unwilling to put our money where our profits are. Unwilling, in this case, to even gaze over at the enormous profit-sucking sound that is mass data theft. The deeper cause of this crisis festers in the boardrooms of corporate America. Like an overflowing river, poor privacy leadership flows inexorably downhill from the CEO, until at last, it undermines the very banks that contain it.

The identity theft and data breach bottom line? Read more

Military Identity Theft Protection & Prevention Kit

Military personnel have unique and pressing reasons to pay extra attention to protecting themselves from military identity theft, as well as guarding the private data of their loved ones. For example:

  • Historically, the armed forces have used pieces of identity (including Social Security Numbers) to openly identify personal items, including: dog tags, military IDs, commission papers, pay checks and duffel bags. While this practice is being fazed out, it still increases the risk of identity theft among military personnel.
  • If a member of the military has their identity stolen while deployed (especially overseas), it is exceptionally difficult to recover from the crime in a timely and effective manner. Can you imagine trying to repair your credit rating from the streets of Iraq or prove your innocence to a collection agency while crouched in the bunkers of Afghanistan? To add insult to injury, returning from a tour to find that your credit has been destroyed and that you are wanted for crimes you didn’t commit can be overwhelming.
  • Our airmen, soldiers, sailors and marines can be called to duty in an instant. If financially unprepared, this leaves their families vulnerable to attack. It is imperative that we proactively protect not only ourselves, but our loved ones as well.
  • Protecting the privacy of our military is a national security concern. In the age of cyber-attacks and digital warfare, we cannot leave our fighting and peace-keeping personnel open to attack.

Because of these additional risks, it is imperative for our military personnel to implement the steps below to prevent military identity theft. Read more

The First Eight Steps to Bulletproof Your Identity

Think about it…slowly, over time, we have given away our privacy. Many times we don’t even realize we are giving it away. We commonly trade our personal information for access to website content (free songs, email), the chance to win a contest (iPods, vacations) or a one-time 10% discount at a clothing retailer. I call this slow and unnecessary leakage of our personal information identity creep. Our information is requested in a subtle way, and because the immediate benefits seem substantial and often feel harmless, we overlook the downside—that we are gradually broadcasting our identity to those who shouldn’t have it.

One source at a time, we must reverse our bad habits and guard information rather than give it out. Understandably, we cannot entirely give up sharing our information. But we must determine what to share and with whom. We must begin to accumulate our privacy over time. This incremental approach keeps prevention from being an overwhelming task and reminds you to consider the risk anytime identity is involved.

Here are Eight Steps to Start the Process: Read more