Credit card processors' new approach to preventing data theft

• Tweet

May 28th, 2009 - Posted by Caitlin

When credit card processors fail to adequately protect customer data, data breaches and identity theft occur. This fall, they'll be trying out a new strategy for protecting that data. Since processors are finding it impossible to thwart each and every hacker, they'll encrypt the data in such tiny segments that stealing it will no longer be cost-effective for criminals. Heartland Payment Systems, which recently announced a major data breach, will be introducing the new data storage system in October, with the hope that identity thieves will be deterred by the lack of easy profit.

This week, Consumerist posted an interesting interview with Evan Schuman, the editor and publisher of the blog StorefrontBacktalk.com, which sheds some light on the strengths and weaknesses of this new technique. The interview also makes it clear that while Heartland's strategy may be somewhat effective, only a significant investment in encryption technology by the credit card providers themselves will truly make our credit card transactions safe from identity thieves. And unfortunately, the credit card providers don't seem particularly eager to spend the money that would require.

In the meantime, the best way to stop hackers who attempt to steal your credit card data and open new credit accounts in your name is to make your own investment in identity theft protection or credit monitoring.

Identity theft is coming to your cell phone

• Tweet

May 28th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

History indicates that we are at the forefront of an era in which criminal hackers develop tools and techniques to steal your money using your own cell phone.

Fifteen years ago, cell phones were so bulky and cumbersome, they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Calls dropped every other minute. Clearly, cell phones have evolved since then. Today's cell phone is a lot more than a phone. It's a computer, one that rivals many desktops and laptops being manufactured today. A cell phone can pretty much do everything a PC can do, including online shopping, banking, and merchant credit card processing.

The personal computer started out slow and stodgy, and was mainly used for things like word processing and solitaire. Today, PCs are fast, multimedia machines, capable of performing amazing tasks.

There are consequences to the rapid evolution of these technologies.

A decade ago, during the slow, dial up era, hackers (and, in the beginning, phreakers) hacked for fun and fame. Many wreaked havoc, causing problems that crippled major networks. And they did it without today's sophisticated technology.

Meanwhile, the dot-com boom and bust occurred. Then, as e-commerce picked up speed, high speed and broadband connections made it easier to shop and bank online, quickly and efficiently. Around 2003, social networking was born, in the form of online dating services and Friendster. PCs became integral to our fiscal and social lives. We funneled all our personal and financial information onto our computers, and spent more and more of our time on the Internet. And the speed of technology began to drastically outpace the speed of security. Seeing an opportunity, hackers began hacking for profit, rather than fun and fame.

Now, iPhones and other smart phones have become revolutionary computers themselves. For the next generation, the phone is replacing the PC. AT&T recently announced that they'll be upping the speed of the latest version of their 3G network, doubling download speeds. It has been reported that the next iPhone will have 32 gigabytes. That's more hard drive than my three year old laptop.

So naturally, criminal hackers are considering the possibilities offered by cell phones today, just as they were looking at computers five years ago.

Two things have changed the game: the speed and advancement of technology and spyware. Spyware was created as a legitimate technology for PCs. Spyware tracks and records social network activities, online searches, chats, instant messages, emails sent and received, websites visited, keystrokes typed and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user's mouse and keyboard. Parents can use spyware to monitor their young children's surfing habits and employers can make sure their employees are working, as opposed to surfing for porn all day.

Criminal hackers created a cocktail of viruses and spyware, which allows for the infection and duplication of a virus that gives the criminal total, remote access to the user's data. This same technology is being introduced to cell phones as "snoopware." Legitimate uses for snoopware on phones do exist: silently recording caller information, seeing GPS positions, monitoring kids' and employees' mobile web and text messaging activities. Criminal hackers have taken the snoopware and spyware technology even further. Major technology companies agree that almost any cell phone can be hacked into and remotely controlled. Malicious software can be sent to the intended victim disguised as a picture or audio clip, and when the victim clicks on it, malware is installed.

One virus, called "Red Browser," was created specifically to infect mobile phones using Java. It can be installed directly on a phone, should physical access be obtained, or this malicious software can be disguised as a harmless download. Bluetooth infared is also a point of vulnerability. Once installed, the Red Browser virus allows the hacker to remotely control the phone and its features, such as the camera and microphone.

While this may sound improbable, I've consulted and appeared on television with an entire family that seems to have been victimized by every aspect of snoopware. The Kuykendalls, of Tacoma, Washington, found that several of their phones had been hijacked in order to spy on them. They say the hacker was able to turn a compromised phone on and off, use the phone's camera to take pictures, and use the speakerphone as a bug. Ever since the program featuring the Kuykendalls' story aired and continues to repeat, I've received dozens of emails from people around the world who have experienced the same thing. Many of these people seem totally overwhelmed by what has happened to them, and some are beginning to suffer financial losses.

If history is any indication of the future, mobile phones, just like computers, will soon be regularly hacked for financial gain. Some Internet security software providers are beginning to offer software specifically for mobile phones. In the meantime, identity theft protection services are one line of defense against the latest cybercrime techniques.

Robert Siciliano, identity theft speaker, discusses hacked cell phones.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Typosquatting on Twitter and other social networks

• Tweet

May 21st, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter. This can lead to financial or social media identity theft. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Scammers recently created a website imitating Twitter.com, and have been sending phishing emails to millions of users, many of whom click on the link contained within the emails, which sends them to the phishing site, where they enter their user names and passwords in order to log in.

The site is Tvviter.com, spelled with two V's instead of a W. This website is currently live. Assuming that your browser is up to date, it should alert you to the fact that Tvviter.com is a suspected phishing site.  Tweet.ro is another phishing website, which my up to date browser did not warn me about. Notice that neither web address is hyperlinked here. I would not suggest playing around on these sites. At any time, the creators can easily introduce malware to these sites, and then onto your outdated operating system or browser in the form of a "drive by" hack, which ultimately leads us back to identity theft and fraud.

If you decide to play in the devil's den, you are bound to get burnt.

Forward this blog post to your contacts. Let people know, so that they won't be fooled. This scam may stick if the site isn't taken down by the time this warning is read. Don't get hooked. And protect yourself with Internet security software and identity theft protection.

Robert Siciliano, identity theft speaker, discusses phishing.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

A lost purse or wallet could land you in jail

• Tweet

May 21st, 2009 - Posted by Joe

Wheat Ridge, Colorado authorities ordered the arrest of a Northern California woman, Margot Somerville, on 19 felony charges. Police alleged that Sommerville was the mastermind behind a nationwide identity theft ring that had stolen over $60,000 using stolen identification and forged deposit slips.

But rather than being the mastermind of this identity theft ring, Somerville was actual one of its unsuspecting victims.

While on a day trip to San Francisco with members of her bridge team, Somerville's wallet was lifted from her purse by a pick pocket. Shortly thereafter, she began to realize that money was missing from her bank accounts. Authorities would later discover that her driver's license was used at two separate bank branches in Colorado to withdraw about $20,000.

Colorado authorities inexplicably keyed in on Somerville as a likely suspect for the crimes despite being a victim herself. Many months of struggling with Colorado authorities, which included an arrest where authorities forcibly extracted her from her Northern California home, eventually led to a full exoneration and recuperation of her stolen funds.

While this may seem like an extreme case, a stolen identity leads to criminal trouble for the victim more frequently then you may think. Just this week a popular musician, Little Joe Hernandez, was arrested in Austin, TX as a result of what appears to be a case of mistaken identity related to a stolen identity.

There is no one solution to preventing these types of crimes but we do believe that a proactive identity theft protection service can make it more difficult for identity thieves to victimize you. Additionally, many of the services we have reviewed offer extensive recovery assistance that can make reclaiming your identity much less painless.

To learn more, read our reviews and comparison of identity theft protection services.

Free credit reports at AnnualCreditReport.com

• Tweet

May 21st, 2009 - Posted by Caitlin

Here at NextAdvisor.com, we often receive emails from readers who know that they are entitled to one free credit report per credit bureau, per year, but who aren't sure where or how to access their free credit reports.

Those legally mandated free credit reports are available at AnnualCreditReport.com. This site allows you to request one report from Equifax, one from Experian, and one from TransUnion once every 12 months. You can choose to request all three reports at once, or you can space them out over the year. If you request your reports online, you will be able to view them on your computer as soon as AnnualCreditReport.com has verified your identity by asking a few personal questions. If you request your reports by phone or mail, they will be sent to your address within 15 days.

AnnualCreditReport.com is not a credit monitoring service, and they do not provide free credit scores of any kind. It is possible to purchase a credit score from one or more of the bureaus when you request your free credit report or reports. If you wish to request a fraud alert or correct erroneous information on your report, you will need to contact the credit bureaus directly, as AnnualCreditReport.com will be unable to assist you.

While one free credit report per year from each of the 3 bureaus may be useful in a few select situations, in general we do not believe that this is sufficient. If you request all 3 reports at once, you will not be able to access any free reports again for the next 12 months. That leaves an entire year open in which identity thieves could be opening new accounts in your name without your knowledge. And if you space the reports out over the course of the year, you will have no way of knowing whether there is fraudulent or incorrect account information appearing on the other 2 bureaus' reports at any given time. When new information appears on your reports, it is crucial to be aware of this as soon as possible, since time is of the essence when it comes to preventing fraud and ensuring that your credit reports and scores reflect the best possible impression of your overall credit history.

If you'd like to learn more about credit report monitoring services, see our reviews and comparison chart.

NextAdvisor.com featured in Fortune Magazine

• Tweet

May 21st, 2009 - Posted by Joe

Fortune Magazine's Anne Fisher featured our Facebook Identity Theft Protection Guide as part of her newest "Ask Annie" column that highlighted the recent trend of identity thieves victimizing job seekers.

Job seekers are typically willing to provide detailed personal information to a potential employer as part of the interview process since, as Fisher points out in her column, this person could very well offer them a job. However, this makes the job seekers a potentially ripe target for scammers who pose as hiring managers in an attempt to perpetrate identity theft.

So how can you protect yourself? Fisher provides a series of tips, including the following advice on how to deal with a request on a phone interview for very personal information such as social security number or date of birth:

Instead of blurting out the data, politely ask for the person's phone number or e-mail address and say you'll get back to him or her shortly. Then call the company's HR department, ask whether the person works there, and inquire if they customarily request these vital stats when scheduling an interview. Most likely, the answers to both questions will be "no."

This alarming trend in job seeker identity theft also highlights the depths that identity thieves will go to in order to find victims. As always, we recommend that readers consider and identity theft protection service. You can read our identity theft protection service reviews and comparisons to learn more.

Win $1,000 in NextAdvisor.com's Credit Crisis Relief Sweepstakes!

• Tweet

May 20th, 2009 - Posted by Caitlin

NextAdvisor.com is tired of banks taking away or limiting your credit, so we've decided to create our own relief plan. We're giving away $2,000 while educating our readers about credit. Considering the current state of the United States economy, it has never been more crucial to understand your own credit health and its implications.

Test your credit IQ by completing our brief credit report and score quiz, and you'll be entered to win a $1,000 cash prize from NextAdvisor.com. Once you've completed the quiz, you'll be given a personal referral link back to our sweepstakes, which you can share with friends and family. On July 9, 2009, we will randomly select a winner. And if that winner clicked on your personal referral link in order to access our sweepstakes, you'll also win $1,000!

Test your credit IQ and be entered to win $1,000!

Preventing social networking identity theft

• Tweet

May 19th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Two words: you can't. However, there are several things you can and should do in order to manage your social media identity, which may prevent social media identity theft. What exactly is social media identity theft? It's a form of cybersquatting using social media sites.

If you've ever attempted to join a social media, more commonly known as a social networking site, or applied for an email account, and found that your first and last name were already taken, that may or may not have been social media identity theft, or cybersquatting.

There may be someone out there who shares your exact name and happened to register first, or else there is someone out there who took your name so that you can't have it, or who wants to sell it back to you, or wants to pose as you and disrupt your life. These are all possibilities.

The most damaging possibility occurs when someone wants to pose as you in order to disrupt your life. This disruption can take on many forms. They may pose as you in order to harass and stalk you, or to harass and stalk people you know. Or they may steal your social media identity for financial gain. Throughout my years working in the field of financial crimes and identity theft, I've seen plenty of social media identity theft that led to financial loss. The thieves use a combination of email and social media to extract funds from others, or to open new accounts.

There are hundreds, or maybe even thousands, of social media sites (Facebook, MySpace, Twitter, YouTube), web-based email providers (hotmail.com, gmail.com, yahoo.com) and domain extensions (.com, .net, .biz). Then there are all the blog portals, such as WordPress and Blogspot. Even your local online newspaper has a place for user comments, and most people would want to register their own names before someone else comments on their behalf.

Social media websites offer the option to provide your real name as well as a user name. The user name may be a fun chat handle or an abbreviation of your real name. The key is to give your real name where requested and also to use your real name as your user name. Even if you don't plan on spending any time on the site, or to use the domain or email, you want to establish control over it.

The goal is to obtain your real first and last name without periods, underscores, hyphens, abbreviations or extra numbers or letters. Your ideal name, for example would be twitter.com/RobertSiciliano, RobertSiciliano.com, or RobertSiciliano@anymail.com. This strategy won't prevent someone else from registering with your name and adding a dot or a dash, but it trims down the options for a thief.

Some names are very common, or are also owned by someone famous. If that applies to your name, you can still take actions to manage your online reputation. If there is any uniqueness to your name or the spelling of your name, it's still a good idea to claim your name in social media and work toward managing your online reputation.

Understand that your name is your brand. Your name is front and center on every document you sign and every website that shows up when your name is searched. The phrase, "All I have is my good name," has never rung truer than today. If you are a writer, blogger, personality of any sort, or anyone who "puts it out there," you probably already know enough to do these things. But there is more to do.

If someone, perhaps a potential employer or mate or client, searches your name on Google Web, Google Blogs or Google News, what will they find? Will it be someone else posing as you? Will it be a picture of you doing a keg stand? Or will it be you in your nicest outfit, accepting an award for an accomplishment? Either way, you need to manage your online identity and work toward preventing social media identity theft.

This isn't an easy task. Nor is it fun. It can be time consuming and almost overwhelming. But I believe that the long term rewards are worth it.

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It's up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.
2. Set up a free Google Alerts for your name and get an email every time your name pops up online.
3. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.
4. Consider dropping $65 on Knowem.com. This is an online portal that goes out and registers your name at what they consider the top 120 social media sites. Their top 120 is debatable, but a great start. The user experience with Knowem is relatively painless. There is still labor involved in setting things up and with some of the 120. And no matter what you do, you will still find it difficult to complete the registration with all 120 sites. Some of the social media sites just aren't agreeable. This can save you lots of time, but is only one part of solving the social media identity theft problem.
5. Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. This is a combination of online reputation management and search engine optimization for your brand: YOU.
6. If you ever stumble upon someone using your likeness in the social media, be very persistent in contacting the site's administrators. They too have reputations to manage and if they see someone using your photo or likeness they would be smart to delete the stolen profile.
7. Or do nothing and don't worry about it. But when some other John Doe does something stupid or uses your name in a disparaging way or for identity theft, and people assume that it's you, remember that I told you so.
8. Despite all the work you may do to protect yourself, you still need identity theft protection and Internet security software.

Robert Siciliano, identity theft speaker, discusses social media privacy.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Diet plans for diabetics

• Tweet

May 14th, 2009 - Posted by Caitlin

Nutrisystem's meal delivery program includes variations specificially designed for women, men, seniors, vegetarians, and diabetics. Nutrisystem recently introduced Nutrisystem D, a new diabetic plan. In a 3-month clinical study at Temple University School of Medicine, Nutrisystem D was shown to help control type 2 diabetes, lower blood sugar levels, cholesterol, A1C and triglycerides. Participants with type 2 diabetes who followed the Nutrisystem D plan lost 16 times more weight than those following a hospital-based diet and education plan.

In addition to Nutrisystem,  Medifast also offers a meal plan specifically designed for those with type 2 diabetes. To learn more about Nutrisystem, Medifast and other meal delivery diet services, see our reviews and comparison chart.