Introducing Carlisa, our Online College student

Posted by Carlisa on November 18th, 2009

I'm a new "blogger" and like most people today, I had personal goals and dreams that changed as life happened around me. In this blog, I invite you to follow along in my journey of getting an online college degree through AIU (American Intercontinental University).

I graduated high school in Alabama in 1979 (OMG, I just realized, it’s been 30 years!).  To make long story short, "Life Happened".  I met a guy, got married, had children, became a gymnastics/ballet/girl scout/soccer mom, a Sunday school teacher, and worked in various radio stations.

Jump ahead 27 years.  I’m now divorced, my kids are grown and I have 2 grandchildren.  The state of the economy caused the group of radio stations that I worked with to downsize, so I lost my job.  I moved to Georgia to be near my parents and tried desperately to find another radio job.  In my attempt to find "work" I saw the same requirements, over and over.  It was quite apparent that to get a good job – a career – I needed to get a Bachelors Degree. All of a sudden I realized that the ringing in my ears was actually my dad’s voice in my head – something about having a "back-up plan"!

The thought of going back to school seemed crazy, but exciting!  I mean, I barely graduated high school (again, 30 years ago!).  I’m not a particularly "scholarly" person and just couldn’t imagine myself being able to follow through.  Plus, I'll be turning 50 on my next Birthday. "Is there really any sense in getting a college degree at this age", I asked myself.   Also "isn’t college expensive"?  But everywhere I looked, there were ads enticing me "Moms, Go Back to School"!  All the talk about getting government grants, student loans and scholarships to further my education peaked my interest.

My first step was to start researching all the possibilities.  I’m not one to make quick decisions.  I had to do a lot of investigating and compiling and comparing of information.  It turns out that I was indeed eligible for grants, scholarships and student loans.  I started calling area schools and researching the many online college and "brick and mortar" college options.  I took lots of notes as I asked loads of questions and compared the details for all the colleges that I was considering.  My phone was ringing off the hook as admission advisors were constantly calling me back trying to win my enrollment.

I weighed the pros and cons of being in an actual classroom with other students for classes, vs being at home alone with my computer for online classes.  There were many decisions to be made.  In my next blogs, I'll walk you through getting into AIU and my online college experiences.

• Facebook poll shows college students don't know VoIP
• Data Breach Alert: Student hacker puts 35,000 teachers and staff on alert
• Connecticut teens earn diplomas on the Internet
• Credit Cardholder's Bill of Rights includes special protections for college students
• Data Breach Alert: Massachusetts college exposes 20,000 personal identities

Money mules facilitate identity theft and fraud

Posted by Robert Siciliano on November 18th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Mules are relatively unaware people who get hooked into a "small business" or employment that is a function of a criminal enterprise. The mules often respond to "help wanted" ads from online job placement sites. Shipping scams are a common tactic criminals use in which they employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

An RSA study revealed laptops, iPods, iPhones, Nokia smartphones, digital cameras, Sony PlayStation 3 devices, and DJ equipment were among the items shipped to addresses in Russia and Belarus. RSA estimates that more than $36,000 worth of merchandise was cashed out every month before one scam ended earlier this year.

These scams generally have a virtual store front posing as a shipping company, giving the ruse a legitimate appearance. The efficiency of money mule operations has increased due to the amount of money being generated from data breaches and scams.

There have been dozens of significant data breaches over the past few years, in which millions of credit card numbers have been compromised. Once the data is in the hands of a criminal, they scheme to turn it into cash.

Credit card numbers are often bought and sold by "carders" who sell thousands of cards numbers for pennies each. In many cases when a PIN is present the criminal hacker will use the card number as a debit card at any ATM.

But when turning the data into cash isn’t so easy, they will burn the data to a white card and make in store purchases using mules. That can sometimes be a slow and riskier process. Recently, fake shipping scams have proven to be a profitable model that involves leveraging hundreds of naive people.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule to avoid detection and generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end the mule is often bilked and ends up with an empty bank account.

These scams hurt a lot of people. The banks and retailers lose because money and goods go out the door. The mules often end up losing thousands. And worse, many organized criminals are associated with terrorists groups who use the money to fund violence.

If the credit card companies and banks would adopt widely available technologies that make the data useless to the thief in the form of effective authentication of the user, then none of this would be happening. But until the industry changes its ways, they will keep tossing fuel on the fire.

Generally my readers don’t need to be told the following, but maybe someone you know is naive enough to fall for one of these ruses. So keep in mind, if you are looking for a job online and see “shipping manager” or “buy and sell products on eBay with no inventory or money” or anything involving virtual transactions that involves shipping any thing overseas, then chances are it’s a scam. Also, never be suckered into opening a bank account that you don’t control. That’s just plain dumb.

And protect your identity by investing in identity theft protection. While not all forms of identity theft can be prevented, identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses money mules on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• LifeLock… Now with frequent flier protection!
• Shop safely this holiday season
• Data Breach Alert: Millions at risk for identity theft due to supermarket chain data breach
• 150,000 social security numbers exposed due to misplaced backup tape

Used ATM contains thousands of credit card numbers

Posted by Robert Siciliano on November 16th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

After the DefCon ATM debacle, in which hackers hacked hackers by setting up a fake ATM in front of the facility's security office, I needed to find out how stupidly easy it is to buy and install an ATM. So my search began.

I found plenty of new and used ATMs at prices ranging from $500 to $2500 on eBay, but quickly decided that I didn’t want to pay another $300 for shipping. Next was Craigslist, where anyone can rent an apartment, buy a boat, get an erotic massage, or buy an ATM.

I quickly found an ad from a bar north of Boston. They were selling pool tables, neon Budweiser signs, and an ATM. I took my hacker friend with me to meet Bob, who lived above the bar and was taking care of the sale on the owner's behalf. The bar was closing and liquidating its assets. The ATM was sitting right next to the bar, sticky with beer. Fortunately, the keypad was protected by clear plastic. While Bob was giving us the history of the ATM and explaining how to operate it, he farted.

Needless to say, I wanted to unbolt this thing as quickly as possible, get out of there, and douse myself in hand sanitizer. After my hacker friend played with the manual, got it working, and determined that it was worth the financial risk, we loaded it on my trailer, paid $750 (negotiated down from a grand), and brought it back to my garage.

There’s something about having an ATM in your garage that makes for a restless night of sleep, as if the next day is Christmas. Around 5 AM the next morning, I used an entire bottle of Windex, a whole roll of paper towels, and four pairs of rubber gloves to give this thing an enema.

My hacker friend came over to my garage, manual in hand, all giggly, and says, “Watch this.” He punched in the master codes to access the machine's stored data, and hundreds of credit and debit card numbers began falling all over the floor. A few days later, another friend and I devised an evil plan to scam millions of dollars from unsuspecting suckers and then spend the rest of our lives island hopping and buying a villa in Sicily. But my wife said no.

Here's the first of a few upcoming videos of what happened next. I'll share more of my ATM adventures as they occur. There's a lot more to this story, so stay tuned!

To protect yourself from these types of scams, pay attention to your bank and credit card statements, and refute any unauthorized charges within 60 days. You might consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details and look for anything that seems out of place. If your card gets stuck or you notice anything odd about the machine's appearance, such as wires, tape, error messages, or a missing security camera, or if the machine seems unusually old and run down, don’t use it. Try to use ATMs in more secure locations. Cover your PIN as you enter it.

And invest in identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses ATM scams on Fox.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• If I install Identity Guard, will it automatically uninstall Norton?
• Data Breach Alert: City website exposes firefighters personal information
• Google "G Drive" online backup service rumored to be launching soon
• Vonage iPhone App Coming Soon?

The latest Twitter phishing scam

Posted by Robert Siciliano on November 13th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I've been getting the same "direct message" from several of my Twitter followers. Apparently, their accounts have been hacked, because it's a phishing message that says, "ROFL this you?" and contains a shortened URL.

The link leads to a page that resembles Twitter's log in page. The web address is /videos.twitter.zoltykatalogfirm/. Don't go there.

Your account will only get hacked if you enter your account information on this spoofed page. Warn your friends. Retweet this.

Protect yourself from this and similar scams. Don't mindlessly click on links, even if they appear to be coming from someone you know and trust. Attackers understand that you are more likely to click on a link if it appears to be coming from someone within your network. If you receive a direct message from a friend, urging you to click on a mysterious link, the account may be controlled by a criminal. Before clicking on any shortened URL, find out where it leads by pasting it into a URL lengthening service like TinyURL Decoder or Untiny.

Install Internet security software and set it to update automatically. Vary your passwords. Don't use the same password for Twitter or other social networking sites that you use for email or financial accounts.

Consider getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses hacked accounts on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Facebook phishing scams increase risk of identity theft on the popular social network
• Data Breach Alert: Eye center patients may see identity theft in their future
• LifeLock receives 5 star rating from NextAdvisor.com
• 25 million identities left unprotected in the UK

Why is child pornography on your PC?

Posted by Robert Siciliano on November 11th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Anti-virus protection, critical security patches and a secure wireless connection have always been essential processes on my networks. My main concern has always been to protect my bank account by keeping the bad guy out.

In my presentations, I’ve always stressed the importance of making sure your wireless connection is secured, to prevent skeevy sex offender neighbors or wackos parked in front of your business from surfing for child porn and downloading it to your PC.

Once a predator uses your Internet connection to go to into the bowels of the web, your Internet Protocol address, which is connected to your ISP billing address, is now considered one that is owned by a criminal. If law enforcement happens to be chatting with that person, who's using your Internet connection to trade lurid child porn, then someone may eventually knock on your door at 3 AM with a battering ram. And in another freakish and relatively new twist, hackers can use a virus to crack your network and gain remote control access, and then store child porn on your hard drive.

An AP investigation found plenty of people who have been victimized in this way. Maybe their PCs were being used as a virtual server, or maybe they were being framed by someone with a vendetta against them, but either way, they had child pornography planted on their computers. Once that porn is discovered by a friend, family member, or computer technician, the victim is arrested.

This is the kind of “breach” that can cost you thousands in legal fees, your marriage, relationships, your job, and your standing in society. In one case, a virus changed the default home page on a man's PC, and his seven year old daughter discovered it. The guy was arrested and eventually lost custody of his daughter. And you think you’ve got problems.

When you click a link in an email or a pop up advertisement in your browser, you may inadvertently download one of these viruses, which can then visit child pornography websites and download files onto your hard drive.

Make sure your Internet security software is up to date and set to run automatically. Update your web browser to the latest version. An out of date web browser is often riddled with holes that worms can crawl through. Update your operating systems critical security patches. Lock down your wireless internet connection with WPA security protocol.

And invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses viruses on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Can you use VoIP service with a wireless Internet connection?
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Is online data storage the secret to eliminating many data breaches?
• Kroll Identity Theft Shield identity theft protection service review
• Data Breach Alert: Poor website security puts untold number of Oklahomans at identity theft risk

Insider identity theft can be most damaging

Posted by Robert Siciliano on November 6th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Company networks are like candy bars, hard on the outside, soft and chewy on the inside.

Earlier this week, an IT employee was indicted for stealing the identities of 150 of his coworkers at Bank of New York Mellon, to the tune of 1.1 million bucks. He bilked almost $140,000 a year over an eight year period by compromising the online bank accounts of numerous employees and wiring money to fraudulent accounts outside the bank.

This is a classic case of the fox watching the hen house. This guy was an insider terrorist, looking his colleagues straight in the eye and lying to them. I rank him with pedophiles and serial killers.

As much as 70% of all identity theft is committed by someone with inside access to organizations such as corporations, banks, or government agencies, or by someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it’s just too easy not to.

An identity thief begins by acquiring a target’s personal identifying information: name, Social Security number, birth date and address, account information etc. If the thief has regular access to a database, this data is right there for the taking. Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim’s current address as “previous” and plugs in a new address, usually a P.O. box or the thief’s own address, where the new credit card or statement will be sent. I’m amazed that a lender or credit card company can be careless enough to send a new credit card to a relatively anonymous P.O. box. The lender just checks the victim’s credit and, since everything matches, no red flags pop up. The card is issued, the account is opened and the fun begins.

In the Bank of New York Mellon case, investigators found dozens of bank and credit statements in the names of the victims at the thief's home address.

Think for a moment about your house or apartment, and how you might break in if you lost your keys. If a burglar knew what you know about where you hide and store your stuff, how much damage could he do? Insiders pose the same problem. They know the ins and outs of all systems in place, and can wreak havoc on your operation as long as they are employed, and sometimes even after they are let go.

The problems begin when we are forced to trust people with complete access in order to allow them to perform their required duties. Ultimately, this is a people problem and needs to be addressed as such.

It is human nature to trust each other. We are raised to be civil towards one another and to respect those in authoritative positions. It takes a significant amount of trust in your fellow human beings to drive down the street while cars are heading toward you, separated only by a thin painted line. Without trust, we couldn’t get out of bed in the morning.

To protect your business and your data, limit sources as much as possible. Minimize the personnel with access to essential systems. Supervise the supervisors. Even your good apples can eventually go bad, so limit access, even for those who are in a trusted position. And require checks and balances, with multiple layers of authorization. If one person is always watching over another person's shoulder, bad apples can't hide or execute scams. Perform due diligence. In the information age, our lives are an open book. Background checks from information brokers are crucial. Failing to do background checks increases your liability. Someone who has been previously convicted of a crime just might do it again. And if a breach of trust does occur, prosecute the guilty. Make an example that other's won't forget. Public hangings are a strong deterrent.

When it comes to protecting your own identity, get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Data Breach Alert: 100 million possible victims in what may be the largest data breach ever
• 25 million identities left unprotected in the UK
• Data Breach Alert: Eye center patients may see identity theft in their future
• Texas company uses shredded checks as packing material
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com

Congress breached via P2P filesharing…AGAIN!

Posted by Robert Siciliano on November 4th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Congress is still considering the Informed P2P User Act, a law that would supposedly make it safer to use peer-to-peer file sharing software, an effort that is similar to banning mosquitoes from sucking blood. It just isn't happening. The only foolproof way to prevent accidental data leaks via file sharing programs is for IT administrators to lock down networks and prevent the installation of rogue software.

Congress suffered another embarrassing P2P breach last week, after a confidential memo regarding an ethics investigation into the conduct of thirty House members was leaked, thanks to file sharing software installed by a junior staff member. This follows similar leaks that occurred earlier this year, which revealed sensitive details regarding the security of the First Family. House leaders have ordered an "immediate and comprehensive assessment" of congressional cybersecurity policies. Rep. Zoe Lofgren, chairman of the ethics committee, pointed out that "individual error and sloppiness is always the Trojan horse of cybersecurity."

Peer-to-peer file sharing allows users to access each other's computers in order to share music, movies, software, and other files. Unfortunately, many people don’t set up their P2P programs correctly, and they unintentionally end up sharing their most important and sensitive files, including bank records, tax files, health records, and passwords. (This is the same P2P software that allows users to download pirated music, movies and software.) This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers, and others discovering P2P software on their networks after sensitive data was leaked.

Savvy users lock down their file sharing software to prevent others from tooling around with their settings. If your IT abilities are scant, you should take the following precautions:

• Don’t install P2P software on your computer.
• If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is.
• Set administrative privileges to prevent the installation of new software without your knowledge.
• If you must use P2P software, be sure that you don’t share your entire hard drive. When you install and configure the software, don’t let the P2P program select data for you.
• Make sure your PC has recently updated Internet security software. P2P networks are riddled with viruses.
• Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
• Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Will Carbonite also backup programs and applications in a form that would allow them to be installed and run without the hassle of rebuilding ones pc in a crash?
• Is online data storage the secret to eliminating many data breaches?
• Facebook exposes personal information of up to 80 million members
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed

10 ways to prevent social media scams

Posted by Robert Siciliano on November 3rd, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

For the past year, I’ve been screaming about the trouble with social media as it relates to identity theft, brand hijacking, privacy issues, and the opportunity social media creates for criminals to "friend" their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams. I predicted long ago that the problem will get a lot worse before it gets better and there’s no question about it, criminal hackers have taken hold and are in full force.

We hear about a new Twitter phishing scam almost daily, whether it’s via direct messaging or a shortened URL. My spam folder is filled with emails from Facebook phishers, requesting new login credentials, or a "friend" who’s sending me a video that’s actually a virus.

Not too long ago, it was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and begging for a money wire. Lately, I see another story about another victim every week.

Last time I checked, Facebook had more than 400 million users and Twitter has more than 50 million. These numbers jump exponentially every month, and old and new users are still being victimized.

James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance, says, “Social media cybersquatting is where domain name cybersquatting was ten years ago”.

Scammers aren’t just stealing identities and spreading malware. They are brand jacking in ways that are hurting companies' bottom lines. While many may not have sympathy for the bottoms lines of billion dollar corporations, this hurts the little guy, too. Knock off software, hardware, merchandise, and movies ultimately cost legitimate taxpayers jobs and hurt the economy when the money is heading to criminal hackers elsewhere in the world. Liz Miller, vice president of the Chief Marketing Officer Council, says, "Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy."

MarkMonitor, a company that tracks online threats for its clients, determined that phishing attacks on social networking sites increased by 164% over the past year. And in a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names. These statistics undeniably point to organized crime syndicates.

Protect yourself from social media identity theft.

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday. You can do this manually or by using a very cost effective service called Knowem.com.
2. Register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting.
3. Get free alerts. Set up Google alerts for your name and get an email every time your name pops up online. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google does of fetching your name on the web.
4. Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do to.
5. Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
6. Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.
7. Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
8. Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
9. Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
10. Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses social media identity theft on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Facebook security flaw exposes personal information
• Facebook phishing scams increase risk of identity theft on the popular social network
• Your new Facebook friend just stole your identity
• Facebook exposes personal information of up to 80 million members
• Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook

Protect Your Identity Week: Even more identity theft myths

Posted by Robert Siciliano on October 23rd, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths. To support their efforts, the Santa Fe Group Vendor Council Awareness and Education Subcommittee has helped to clarify some common misinformation with regards to this increasingly common crime. This is the third and final post on the subject.

Myth #8: I don’t use the Internet, so my personal information is not exposed online.

Your personal information appears in more places than you might realize, whether it’s your medical records, a job application, or a school emergency contact form. Many of these records are kept in electronic databases and transmitted online. Social networking sites are another good source of personal information for identity thieves. Even if you do not use them yourself, your friends or members of your family may be sharing personal information about you. Not using the Internet may offer some protection, but it won’t keep you safe from online criminals.

The identity theft resource center has compiled a list of high profile data breaches.
Get Safe Online offers tips on safe social networking.

Myth #9: Social networking is safe.

Social networking sites like Facebook, MySpace, and Twitter can be fun to use. But they can be dangerous when it comes to your identity. These sites are used by thieves and others to steal information, trick people and promote a variety of scams. To protect yourself, avoid making personal information available to large groups of “friends,” take advantage of the privacy controls offered by most of these sites, and use common sense.

I blogged about social networking websites for the Huffington Post.

Myth #10: It is not safe to shop or bank online.

Like social networking, shopping and banking online are safe as long as you use common sense and make good choices about where and how you do it. Most importantly, always take care to confirm a site is legitimate before you use it, watch out for copycat sites, and keep your computer safe from viruses.

Get Safe Online offers tips on safe online shopping.
The FDIC offers tips on safe Internet banking.

Invest in identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses hacked email on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• California identity theft protection guide: facts, trends and resources
• Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook
• Your new Facebook friend just stole your identity
• Dumpster diving remains a major identity theft risk

Protect Your Identity Week: More identity theft myths

Posted by Robert Siciliano on October 21st, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths. To support their efforts, the Santa Fe Group Vendor Council Awareness and Education Subcommittee has helped to clarify some common misinformation with regards to this increasingly common crime. We've already discussed a few of these myths, and will continue to do so throughout this week.

Myth #5: Checking your credit report periodically or using a credit monitoring service is all you need to do to protect yourself from identity theft.

There are many useful and effective credit monitoring services available. However, no monitoring service is 100% effective, and many do little to protect your identity. If you want to be vigilant about identity theft, you should check your credit report periodically, but you should also keep accurate financial records, review your bank and credit card statements frequently for unauthorized charges, and follow the FTC's tips for minimizing your risk.

You can obtain one free credit report per year from each of the three credit bureaus from AnnualCreditReport.com. Many consumer groups suggest that you stagger your free reports throughout the year, rather than ordering all three at once.

The FTC offers facts for consumers regarding identity theft protection services, which take additional steps beyond the level of protection offered by credit monitoring services.

The FDIC offers tips for safe Internet banking.

Myth #6: My personal contact information (mailing address, telephone number, email address, etc.) is not valuable to an identity thief.

Any information that could be used by a thief to impersonate you should be protected. For example, many people use their email address as a user ID for online accounts. Consider making your information available on a need-to-know basis only. Often, businesses ask for personal information they really don’t need, and will simply omit information you’re not willing to give.

The U.S. Department of Justice answers the question, "What should I do to avoid becoming a victim of identity theft?"

Myth #7: Shredding my mail and other personal documents will keep me safe.

Shredding documents that contain personal information before you throw them away is a great way to protect yourself from “dumpster diving,” which occurs when thieves search the trash for personal information. But relying on your shredder alone to protect you is like locking one window while leaving the rest of your house wide open. Think defensively: secure your personal information in your home, your car, and at work, and always use safe online security practices.

Get Safe Online offers tips on safe social networking.

The FTC answers the question, "How do thieves steal an identity?"

Robert Siciliano, identity theft speaker, discusses data theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• How do I cancel FreeCreditReport.com?
• Identity Theft Shield from Kroll and Pre-Paid Legal Review
• NextAdvisor reviews Identity Truth
• Identity Guard provides extensive identity theft protection and detection