Posts

Identity Theft & Fraud Keynote Speaker John Sileo

, , ,

America’s top Privacy & Identity Theft Speaker John Sileo has appeared on 60 Minutes, Anderson Cooper, Fox & in front of audiences including the Department of Defense, Pfizer, Homeland Security and hundreds of corporations and associations of all sizes. His high-content, humorous, audience-interactive style delivers all of the expertise with lots of entertainment. Come ready to laugh and learn about this mission-critical, bottom-line enhancing topic.

John Sileo is an award-winning author and keynote speaker on the dark art of deception (identity theft, fraud training, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust.

Fun Social Engineering Training?

,

Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Fraud Training Step 1: The Trigger

The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of private information in any form (your identity, customer information, employee records, intellectual capital, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up identity, or to the paper, plastic, digital or human data where identity lives (whether it is yours or your organization’s), the trigger should trip and sound an alarm in your head.

There are hundreds of examples of fraud triggers in the workplace. Here are a few of the more common:

  • When someone is requesting information about you on Facebook, LinkedIn, etc.
  • When someone requests information about your company, computer login or co-workers in person or by phone
  • When you are clicking on a link in an email
  • When you are entering data into a website

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

Fraud Training Step 2: Hogwash!

Your team should be trained such that anytime their reflex is triggered, a phrase or picture automatically pops into their head, whether they actively think about it or not. If the word (also called a trigger) is a bit out-of-the-ordinary and the picture is humorous, you almost can’t help but noticing when it appears. The trigger that I use when I train is the word HOGWASH! Here is my definition of Hogwash:

Hog’wash |hôg’wô sh | n. 1. A gut reaction that someone is manipulating you for their own gain, or feeding you a line of bull in order to deceive you (e.g., I’ll just borrow your password for a short time); 2. Healthy skepticism that persists until the person requesting information from you proves they are worthy of your trust.

When the word Hogwash pops into your head, picture a pig feeding at a trough. Better yet, picture the person (who is requesting your information) feeding at a trough (the image is what makes it fun and memorable – don’t be afraid of the silliness – it works). As they provide legitimate reasons for needing the information and adequate reassurance that your data will be handled securely, they begin to rise from the trough. But don’t let them off the hook yet, because social engineers are masters at using your natural biases against you.

Fraud Training Step 3: Vigilance

When an outsider has access to your identity or critical business data, your trigger should automatically activate without thinking about it (Hogwash!). Your first response should be to heighten your level of observation, to become more vigilant. View the situation as a child would—with curious eyes. You can even borrow what we teach our children to be more aware in dangerous situations—Stop, Look and Listen:

Listen to your instincts. Ask yourself if your identity is safe. Is there a change in the environment that makes you uneasy or uncertain? What is your gut saying? Would a spy give away this information? Is the benefit you are receiving worth the data you are sharing? Be a healthy skeptic (i.e., not paranoid, but vigilant) of anyone who is requesting sensitive information. The final and most important step is to follow up with the right questions, or interrogate the enemy.

Don’t make privacy a policy, make it part of your culture. Start by engaging your troops, not putting them to sleep.

If you are interested in having John Sileo conduct fraud training and social engineering workshops for your organization, contact him directly on 1.800.258.8076. His satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Trade Commission.

Medical Identity Theft Increasing

Medical records are one-stop shopping for identity thieves. There is no need to slowly gather bits and pieces of someone’s personal information – it’s all packaged together: Social Security number, name, address, phone number, even payment accounts. Crooks have received everything from medication to a liver transplant using a stolen identity. And that’s only the tip of the iceberg! More than just medical treatment is at stake. Once a thief’s medical information is entered into your records, it’s extremely difficult to get rid of that information. It’s conceivable, for example, that at a later date, you’ll need a Type A blood transfusion but be given the thief’s Type B with dire consequences.

Identity theft of medical records has more than doubled since 2008, as stated in Javelin’s 2010 Identity Fraud Survey Report. It’s not difficult to imagine the misery that a million Americans have suffered during the past two years when their identities were stolen. And the Poneman Institute, in their National Study on Medical Identity Theft, states that another half million people loaned their insurance cards to uninsured family members and friends. The unsavvy lenders have incurred huge medical bills in this “friendly fraud”.

Larry Ponemon says that, on average, it costs $20,000 to resolve a medical identity theft case. Unlike credit card companies,where the banks incur the losses, the victims often have to pay for the fraudulent care and sometimes lose their health insurance or have to pay higher premiums to restore their accounts. Even though there are HIPAA laws to protect your privacy, not all health care organizations have strict safeguards in place.

The risk goes even further: if someone is treated using your identity, your medical records will more than likely be altered and could compromise your treatment and ability to get service.  According to Larry Ponemon, “stolen medical records offer a complete dossier to get a passport in a victim’s name that could be used for terrorism.”

Ways to Protect Yourself:

  • When you receive an Explanation of Benefits from insurers, read it carefully and save – don’t throw it away even when it says “this is not a bill”! If a treatment date or doctor’s name is not familiar to you, call the insurer and the billing physician to resolve.
  • If your wallet is stolen, contact your insurance company just as you would your credit card company. Don’t carry your Medicare card in your wallet. Carry a photocopy and black out the last four digits of the SS#.
  • Urge your health care providers to ask patients for photo ID’s.
  • Ask your doctors for copies of everything in your medical files, even if you have to pay for them.
  • Monitor your credit report at www.AnnualCreditReport.com. If you see medical billing errors, contact your insurer and the three credit bureaus, TransUnion, Experian, and Equifax.
  • Avoid Internet and storefront offers of free treatment and supplies.
  • Ask for a list of benefits paid in your name and an “accounting of disclosures” which shows who got your records.

John Sileo became one of America’s leading Information Control Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.