Insider identity theft can be most damaging

Posted by Robert Siciliano on November 6th, 2009

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Company networks are like candy bars, hard on the outside, soft and chewy on the inside.

Earlier this week, an IT employee was indicted for stealing the identities of 150 of his coworkers at Bank of New York Mellon, to the tune of 1.1 million bucks. He bilked almost $140,000 a year over an eight year period by compromising the online bank accounts of numerous employees and wiring money to fraudulent accounts outside the bank.

This is a classic case of the fox watching the hen house. This guy was an insider terrorist, looking his colleagues straight in the eye and lying to them. I rank him with pedophiles and serial killers.

As much as 70% of all identity theft is committed by someone with inside access to organizations such as corporations, banks, or government agencies, or by someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it’s just too easy not to.

An identity thief begins by acquiring a target’s personal identifying information: name, Social Security number, birth date and address, account information etc. If the thief has regular access to a database, this data is right there for the taking. Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim’s current address as “previous” and plugs in a new address, usually a P.O. box or the thief’s own address, where the new credit card or statement will be sent. I’m amazed that a lender or credit card company can be careless enough to send a new credit card to a relatively anonymous P.O. box. The lender just checks the victim’s credit and, since everything matches, no red flags pop up. The card is issued, the account is opened and the fun begins.

In the Bank of New York Mellon case, investigators found dozens of bank and credit statements in the names of the victims at the thief's home address.

Think for a moment about your house or apartment, and how you might break in if you lost your keys. If a burglar knew what you know about where you hide and store your stuff, how much damage could he do? Insiders pose the same problem. They know the ins and outs of all systems in place, and can wreak havoc on your operation as long as they are employed, and sometimes even after they are let go.

The problems begin when we are forced to trust people with complete access in order to allow them to perform their required duties. Ultimately, this is a people problem and needs to be addressed as such.

It is human nature to trust each other. We are raised to be civil towards one another and to respect those in authoritative positions. It takes a significant amount of trust in your fellow human beings to drive down the street while cars are heading toward you, separated only by a thin painted line. Without trust, we couldn’t get out of bed in the morning.

To protect your business and your data, limit sources as much as possible. Minimize the personnel with access to essential systems. Supervise the supervisors. Even your good apples can eventually go bad, so limit access, even for those who are in a trusted position. And require checks and balances, with multiple layers of authorization. If one person is always watching over another person's shoulder, bad apples can't hide or execute scams. Perform due diligence. In the information age, our lives are an open book. Background checks from information brokers are crucial. Failing to do background checks increases your liability. Someone who has been previously convicted of a crime just might do it again. And if a breach of trust does occur, prosecute the guilty. Make an example that other's won't forget. Public hangings are a strong deterrent.

When it comes to protecting your own identity, get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Data Breach Alert: 100 million possible victims in what may be the largest data breach ever
• 25 million identities left unprotected in the UK
• Data Breach Alert: Eye center patients may see identity theft in their future
• Texas company uses shredded checks as packing material
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com

Congress breached via P2P filesharing…AGAIN!

Posted by Robert Siciliano on November 4th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Congress is still considering the Informed P2P User Act, a law that would supposedly make it safer to use peer-to-peer file sharing software, an effort that is similar to banning mosquitoes from sucking blood. It just isn't happening. The only foolproof way to prevent accidental data leaks via file sharing programs is for IT administrators to lock down networks and prevent the installation of rogue software.

Congress suffered another embarrassing P2P breach last week, after a confidential memo regarding an ethics investigation into the conduct of thirty House members was leaked, thanks to file sharing software installed by a junior staff member. This follows similar leaks that occurred earlier this year, which revealed sensitive details regarding the security of the First Family. House leaders have ordered an "immediate and comprehensive assessment" of congressional cybersecurity policies. Rep. Zoe Lofgren, chairman of the ethics committee, pointed out that "individual error and sloppiness is always the Trojan horse of cybersecurity."

Peer-to-peer file sharing allows users to access each other's computers in order to share music, movies, software, and other files. Unfortunately, many people don’t set up their P2P programs correctly, and they unintentionally end up sharing their most important and sensitive files, including bank records, tax files, health records, and passwords. (This is the same P2P software that allows users to download pirated music, movies and software.) This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers, and others discovering P2P software on their networks after sensitive data was leaked.

Savvy users lock down their file sharing software to prevent others from tooling around with their settings. If your IT abilities are scant, you should take the following precautions:

• Don’t install P2P software on your computer.
• If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is.
• Set administrative privileges to prevent the installation of new software without your knowledge.
• If you must use P2P software, be sure that you don’t share your entire hard drive. When you install and configure the software, don’t let the P2P program select data for you.
• Make sure your PC has recently updated Internet security software. P2P networks are riddled with viruses.
• Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
• Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Will Carbonite also backup programs and applications in a form that would allow them to be installed and run without the hassle of rebuilding ones pc in a crash?
• Is online data storage the secret to eliminating many data breaches?
• Facebook exposes personal information of up to 80 million members
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed

10 ways to prevent social media scams

Posted by Robert Siciliano on November 3rd, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

For the past year, I’ve been screaming about the trouble with social media as it relates to identity theft, brand hijacking, privacy issues, and the opportunity social media creates for criminals to "friend" their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams. I predicted long ago that the problem will get a lot worse before it gets better and there’s no question about it, criminal hackers have taken hold and are in full force.

We hear about a new Twitter phishing scam almost daily, whether it’s via direct messaging or a shortened URL. My spam folder is filled with emails from Facebook phishers, requesting new login credentials, or a "friend" who’s sending me a video that’s actually a virus.

Not too long ago, it was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and begging for a money wire. Lately, I see another story about another victim every week.

Last time I checked, Facebook had more than 400 million users and Twitter has more than 50 million. These numbers jump exponentially every month, and old and new users are still being victimized.

James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance, says, “Social media cybersquatting is where domain name cybersquatting was ten years ago”.

Scammers aren’t just stealing identities and spreading malware. They are brand jacking in ways that are hurting companies' bottom lines. While many may not have sympathy for the bottoms lines of billion dollar corporations, this hurts the little guy, too. Knock off software, hardware, merchandise, and movies ultimately cost legitimate taxpayers jobs and hurt the economy when the money is heading to criminal hackers elsewhere in the world. Liz Miller, vice president of the Chief Marketing Officer Council, says, "Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy."

MarkMonitor, a company that tracks online threats for its clients, determined that phishing attacks on social networking sites increased by 164% over the past year. And in a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names. These statistics undeniably point to organized crime syndicates.

Protect yourself from social media identity theft.

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday. You can do this manually or by using a very cost effective service called Knowem.com.
2. Register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting.
3. Get free alerts. Set up Google alerts for your name and get an email every time your name pops up online. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google does of fetching your name on the web.
4. Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do to.
5. Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
6. Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.
7. Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
8. Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
9. Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
10. Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses social media identity theft on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Facebook security flaw exposes personal information
• Facebook phishing scams increase risk of identity theft on the popular social network
• Your new Facebook friend just stole your identity
• Facebook exposes personal information of up to 80 million members
• Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook

Protect Your Identity Week: Even more identity theft myths

Posted by Robert Siciliano on October 23rd, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths. To support their efforts, the Santa Fe Group Vendor Council Awareness and Education Subcommittee has helped to clarify some common misinformation with regards to this increasingly common crime. This is the third and final post on the subject.

Myth #8: I don’t use the Internet, so my personal information is not exposed online.

Your personal information appears in more places than you might realize, whether it’s your medical records, a job application, or a school emergency contact form. Many of these records are kept in electronic databases and transmitted online. Social networking sites are another good source of personal information for identity thieves. Even if you do not use them yourself, your friends or members of your family may be sharing personal information about you. Not using the Internet may offer some protection, but it won’t keep you safe from online criminals.

The identity theft resource center has compiled a list of high profile data breaches.
Get Safe Online offers tips on safe social networking.

Myth #9: Social networking is safe.

Social networking sites like Facebook, MySpace, and Twitter can be fun to use. But they can be dangerous when it comes to your identity. These sites are used by thieves and others to steal information, trick people and promote a variety of scams. To protect yourself, avoid making personal information available to large groups of “friends,” take advantage of the privacy controls offered by most of these sites, and use common sense.

I blogged about social networking websites for the Huffington Post.

Myth #10: It is not safe to shop or bank online.

Like social networking, shopping and banking online are safe as long as you use common sense and make good choices about where and how you do it. Most importantly, always take care to confirm a site is legitimate before you use it, watch out for copycat sites, and keep your computer safe from viruses.

Get Safe Online offers tips on safe online shopping.
The FDIC offers tips on safe Internet banking.

Invest in identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses hacked email on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• California identity theft protection guide: facts, trends and resources
• Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook
• Your new Facebook friend just stole your identity
• Dumpster diving remains a major identity theft risk

Protect Your Identity Week: More identity theft myths

Posted by Robert Siciliano on October 21st, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths. To support their efforts, the Santa Fe Group Vendor Council Awareness and Education Subcommittee has helped to clarify some common misinformation with regards to this increasingly common crime. We've already discussed a few of these myths, and will continue to do so throughout this week.

Myth #5: Checking your credit report periodically or using a credit monitoring service is all you need to do to protect yourself from identity theft.

There are many useful and effective credit monitoring services available. However, no monitoring service is 100% effective, and many do little to protect your identity. If you want to be vigilant about identity theft, you should check your credit report periodically, but you should also keep accurate financial records, review your bank and credit card statements frequently for unauthorized charges, and follow the FTC's tips for minimizing your risk.

You can obtain one free credit report per year from each of the three credit bureaus from AnnualCreditReport.com. Many consumer groups suggest that you stagger your free reports throughout the year, rather than ordering all three at once.

The FTC offers facts for consumers regarding identity theft protection services, which take additional steps beyond the level of protection offered by credit monitoring services.

The FDIC offers tips for safe Internet banking.

Myth #6: My personal contact information (mailing address, telephone number, email address, etc.) is not valuable to an identity thief.

Any information that could be used by a thief to impersonate you should be protected. For example, many people use their email address as a user ID for online accounts. Consider making your information available on a need-to-know basis only. Often, businesses ask for personal information they really don’t need, and will simply omit information you’re not willing to give.

The U.S. Department of Justice answers the question, "What should I do to avoid becoming a victim of identity theft?"

Myth #7: Shredding my mail and other personal documents will keep me safe.

Shredding documents that contain personal information before you throw them away is a great way to protect yourself from “dumpster diving,” which occurs when thieves search the trash for personal information. But relying on your shredder alone to protect you is like locking one window while leaving the rest of your house wide open. Think defensively: secure your personal information in your home, your car, and at work, and always use safe online security practices.

Get Safe Online offers tips on safe social networking.

The FTC answers the question, "How do thieves steal an identity?"

Robert Siciliano, identity theft speaker, discusses data theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• How do I cancel FreeCreditReport.com?
• Identity Theft Shield from Kroll and Pre-Paid Legal Review
• Identity Guard provides extensive identity theft protection and detection
• NextAdvisor reviews Identity Truth

Protect Your Identity Week: Identity theft myths

Posted by Robert Siciliano on October 20th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths. To support their efforts, the Santa Fe Group Vendor Council Awareness and Education Subcommittee has helped to clarify some common misinformation with regards to this increasingly common crime.

Myth #1: There's no way to protect yourself from identity theft.

Identity theft is preventable. As with any other crime, the risk will always be there. But there are many things people can do to minimize that risk, both online and offline. Preventative measures include keeping financial records protected and private, shredding junk mail, and tracking who sees your personal information. An identity theft protection service uses a variety of techniques to prevent, detect, and, if necessary, resolve identity theft.

http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/deter.html
http://www.onguardonline.gov/topics/computer-security.aspx

Myth #2: Identity theft is only a financial crime.

While financial identity theft (theft of information for financial gain) is most prevalent, other types of identity theft can be equally dangerous, potentially costly, and time consuming to resolve. For example, with medical identity theft, personal medical records are used to access medical treatment or drugs, or to make false insurance claims. With criminal identity theft, a person uses faulty or stolen identification to avoid prosecution by law enforcement.

Medical identity theft: http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf
Criminal identity theft: http://www.privacyrights.org/fs/fs17g-CrimIdTheft.htm
Employment fraud: http://www.idtheftcenter.org/artman2/publish/v_art_solutions/Solution_27_-_Someone_Working_as_You.shtml

Myth #3: It’s my bank’s fault if I became a victim of identity theft.

Some identity crime does originate with the theft of bank records or is perpetuated by lax security practices. However, the majority of identity theft begins elsewhere. Personal information may be stolen with low tech tools such as a lost or stolen wallet, checkbook, or a debit or credit card, or more high tech methods, such as skimming, phishing, and hacking.

http://www.onguardonline.gov/topics/computer-security.aspx
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identitytheft.html#whatdothievesdowithastolenidentity

Myth #4: It is safe to give your personal information over the phone if your caller ID confirms that it is your bank.

It is never safe to give personal information to unsolicited callers, no matter who they say they are. Caller IDs are easily spoofed. If you believe the caller is legitimate, hang up and call the bank back at its listed phone number.

http://www.ncpc.org/programs/catalyst-newsletter/catalyst-newsletter-
2009/volume-30-number-1/vishing-a-new-twist-on-identity-theft-threatensconsumers
http://www.onguardonline.gov/topics/computer-security.aspx

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Data Breach Alert: Seven years of government medical data exposed
• LifeLock CEO addresses lawsuits and critics head on
• Identity Theft Shield from Kroll and Pre-Paid Legal Review
• LifeLock selected as exclusive id theft prevention service for a variety financial firms

12 awful reasons why impostors commit social media identity theft

Posted by Robert Siciliano on October 16th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Imagine if someone used your name and image, or the name and logo of a business you own, to create a profile on Facebook, Twitter, or any other social networking website. Then they start posting blogs and sending out links while pretending to be you. They may contact your acquaintances, colleagues, or clients, or they may simply show up when others search for your name. Either way, their intentions are fraudulent. Establishing an online presence using someone else's identity creates unlimited opportunities for a scammer.

Traditional phishing, in which scammers send a fake email that appears to come from a trusted entity, is no longer as successful as it used to be. So identity thieves are taking advantage of social networking sites to build a home base. Once established, they seem as legitimate as any other user. There are few, if any, checks and balances to prevent this.

Social media identity theft occurs for a number of reasons:

1. An impersonator may be attempting to steal your clients or potential clients.
2. He or she could be squatting on your name or brand, hoping to profit by selling it back to you or preventing you from using it.
3. They could be criminal hackers posting infected links that, if clicked on, will infect the victim's PC or network with a virus that gives hackers backdoor access.
4. An impersonator may intentionally pose as you, and even blog as you, in order to damage your name or brand. Anything they say to the world that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.
5. He or she may be using your identity to harass someone you nkow.
6. The impersonator may wish to harass you, perhaps as revenge over a percieved slight or because you sold them a defective product or service.
7. They may wish to use a name or brand that has leverage, such as a celebrity or Fortune 500 company, as a form of social engineering, to obtain priveledged access.
8. If you or your business sell products or services, identity thieves might pose as you and offer deals with links to spoofed websites, in order to extract credit cards numbers.
9. They may pose as a government entity for the purpose of extracting data and committing new account fraud.
10. An impostor may be obsessed with you or your brand, and simply want to be associated with you. Posing as you could yield attention and satisfaction.
11. They could be parodying you or your brand, by creating a tongue in cheek website that might be funny and obvious, but will most likely not be funny to you.
12. They could be posing as you to elicit contact from others for the purposes of a relationship, sexual or otherwise, either in person or virtually. A young man was recently caught posing as an attractive girl in his school. He contacted guys in his class through a fake Facebook account and requested naked photos of them. When he revealed who he was, he used the incriminating photos to extort sex from them.

Social media is just a baby. All of the above stems from real world examples over the past few years. Unfortunately, this list is going to keep growing. Varieties of fraud that can occur via social media are only up to the imagination of the thief. Submit your own findings. Let's hear what other whacked out social media identity thieves are doing.

To prevent social media identity theft, register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

And invest in identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses social media identity theft on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Data Breach Alert: Hundreds of financial records exposed in Michigan
• Data Breach Alert: Medicade computers stolen in Texas
• California identity theft protection guide: facts, trends and resources
• Reader Question: What should I do if I think I have been a victim of identity theft?

Cybersecurity and identity theft protection starts at home

Posted by Robert Siciliano on October 14th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: “Think before you click. Know who's on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful and not particularly secure. It is powerful enough to bring people together, to educating, inform, and make life easier. But it’s also used to hurt, scam, and debilitate in so many ways.

The Pentagon's computer systems are probed 360 million times per day, and one prominent power company has acknowledged that its networks see up to 70,000 scans per day. Every single day, utilities, banks, retailers and just about every computer network are faced with attacks. Many of these hacks are insignificant. Many are conducted with intent to commit crimes such as espionage, financial data theft, or the destruction of crucial information. The criminal hackers could be cyber-terrorists attempting to destroy the U.S. or its economy, malcontents simply wreaking havoc for its own sake, or opportunists looking for a profit.

The U.S. is a prime target for a number of reasons. The most obvious is that we’ve made mistakes that have many in the world hating us. Then there's our financial system, which offers instant credit to anyone with a Social Security number. And of course, credit card security is an oxymoron, since anyone can use any credit card at any time. We have a bullseye on us and we put it there.

"Weapons of Mass Disruption" are a growing concern. The U.S. and many other countries are electrically and digitally dependent. Our critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack we’d be back to the dark ages instantly. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about when the power goes out in your house for a few hours. We’re stymied.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read blogs and articles to stay on top of what's next in technology and the new security measures necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Use Internet security software that includes virus and spyware protection, parental controls, and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web, especially when using unsecured public networks.

Protect your identity, too. The most valuable resource you have is your good name. Allowing anyone to pose as you and damage your reputation is almost facilitating a crime. Nobody will protect you, except you. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discussing data security on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• California identity theft protection guide: facts, trends and resources
• Data Breach Alert: MTV exposes personal data of 5,000 employees
• Arizona identity theft protection guide: facts, trends and resources
• Data Breach Alert: Thousands of California students at risk for identity theft

"Identity theft is really no big deal." Really?

Posted by Robert Siciliano on October 13th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I make a portion of my living talking about identity theft. Admittedly, I profit from the crime. I don’t steal identities of course, but I get paid because others steal. I’m not FBI, CIA, Secret Service or a cop. But you wouldn’t disparage any of those entities for doing their jobs to protect you from bad guys.

I talk about this issue all day, every day to whoever will listen. I’m obsessed with this and all issues regarding personal security. It’s what I do, and it seems to be “my purpose.” I may sometimes go a bit overboard in my take on these issues and what people need to do to protect themselves, but sometimes that's what it takes for people who think it can't happen to them get off their duff and be proactive.

All that said, it bothers the heck out of me when someone looks me straight in the eye and tells me that identity theft is no big deal, that I should get over it. That’s exactly Julia Angwin does in this Wall Street Journal article. And she uses a prominent industry professional as the anchor of her article, to confirm her beliefs and trivialize this heinous crime.

The fact is, crime happens all day, every day. Some crimes are more or less common. Some are more or less invasive. All crimes have victims and all victims suffer the consequences of others actions. To trivialize those victims and make little of their burden is a completely incomprehensible act.

I responded to this article with the following comment:

"The author hides under the guise of The Decoder and will not give her name in this article. In another article she is Julia Angwin at julia.angwin@wsj.com. Why not sign your name here?? [Angwin's name now appears under the article.]

A person is more likely to be a victim of some form of identity theft than to be injured in a motor vehicle accident. But I'll bet she wears a seat belt and doesn't trivialize that. A person is more likely to be a victim of identity theft than have their home broken into or car stolen. But I'll bet she locks up. A person is more likely to be victim of identity theft than be sexually assaulted. But she dare not trivialize that. A person is more likely to be a victim of identity theft than have their child abducted. But I'll bet she watches her kids close at the park. Sister, just because you don't understand something doesn't give you the right to make little of it. Identity theft victims suffer the consequences of fraud every day. Some much more than others. For the victims, identity theft is a living hell. I wouldn't wish any of the above on anyone and hope identity theft never happens to you. If it does you will sing a different tune and be appropriately empathetic to the victims of this heinous crime.

And Bruce, really, the contrarian thing is very obvious. To say you're not worried and don't do anything is a slap in the face to everyone who has been victimized and everyone who cares to prevent it. Your credibility just slipped a notch in this fan's opinion.”

And because I care and because I’m being paid and because I believe in the following, I’m going to make a couple suggestions to you as to how you should protect yourself. But really, identity theft is no big deal.

Get a credit freeze. Go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes your Social Security number useless to a thief. And invest in identity theft protection. While not all forms of identity theft can be prevented, these services provide several additional layers of defense.

Robert Siciliano, identity theft speaker, discusses identity theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• LifeLock launches grassroots campaign to increase consumer awareness of identity theft
• Identity theft finds a new target – your kids!
• 8 tips to protect your children from identity theft
• NextAdvisor.com featured in Fortune Magazine

High tech harassment in social media

Posted by Robert Siciliano on October 9th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Technology keeps providing new opportunities for harassment: social media identity theft, cell phone abuse, online bullying, the list goes on.

Over a year ago, I appeared on The Tyra Show to discuss high tech harassment. I met a family from Washington, who found that several of their phones had been hacked and were being used to spy on and harass them. The hacker was able to turn a compromised phone on and off, use the phone's camera to take pictures, and use the speakerphone to record their private conversations. Every time they rerun the episode, I get emails from more victims.

In an even more shocking instance of high tech harassment, a hacker took over a woman's Facebook account while she was on a camping trip, with no Internet and no cell phone service. The hacker impersonated this woman, but instead of attempting to scam her family and friends out of cash, he used her Facebook profile to post suicidal messages, including, "My only friend is the handgun in the back of my closet," and, "I don’t want a funeral or memorial, I want it to be like I never existed." After two and a half hours of Facebook drama, the victim happened to regain cell phone reception and discovered twenty voicemail messages begging her not to do "anything drastic." By the time her son was able to get in touch with her, there were police gathered outside her home, preparing to break down the door.

In this incident, the victim was the mother of a Navy Seal who died in Iraq. It's believed that she was targeted because of her charity work celebrating the lives of deceased military personnel.

But this can happen to anybody. To protect yourself, strengthen your passwords. Use a combination of upper and lowercase letters as well as numbers, and avoid easily guessed words that can be found in the dictionary, names of pets or children, or birth dates. Make sure that your computer has updated Internet security software. Don't access social networking websites from public computers that could contain spyware. Don't click on links in messages "friends" encouraging you to download a video or view pictures, as this is becoming a common ruse in social media. Avoid all the third party applications, which are risky and can be fronts for malicious software.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses hacked email on Fox & Friends.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Facebook phishing scams increase risk of identity theft on the popular social network
• Facebook security flaw exposes personal information
• Facebook exposes personal information of up to 80 million members
• Fake Facebook profile page victim awarded $43,000 in damages
• Facebook moves to protect users in partnership with 49 states