Home security: People are being very disappointing

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I don't mean to be Debbie Downer here, I just need to point out some things and hope people will shake up their fellow man and gather some perspective. As a person of planet earth, I can tell you straight out that I often get disappointed in my fellow humans. For example, a bunch of smart people who know how to suck oil out of the ocean floor are in the process of polluting that same ocean. Very disappointing.

In Boston, a 10 foot diameter water pipe broke and another pipe had to be used to divert water.  So while the water was in the temporary pipe officials suggested people boil their water for a minute to kill any potential bacteria. In response, people flocked to all the supermarkets and cleaned out all the water off the shelves. Some people punched each other and wrestled over the last case of water. Someone paid $100.00 for a case of water. Then the National Guard brought in cases of water to distribute and people lined up in their cars for miles to get a free case of water and chastised officials when it ran out.  I boiled water. It was easy. What did people do before water came in a bottle? Very disappointing.

In Georgia, more people seem to be fabricating tales of assaults and robberies these days. According to the article, "police have become more aggressive in proving the lies and bringing the pretenders to justice… People invent crimes for lots of reasons, like to hide spending from spouses or to keep embarrassing secrets."

Police across Western Washington are searching for four suspects wanted in a fatal home invasion robbery in Pierce County that started with a Craigslist posting. "The homeowner was shot and killed, and his wife and sons were assaulted." Beyond very disappointing.

I’ve stopped using Craigslist for this reason. There are too many whackos and too many risks.

No matter what you are selling or buying you must know who you are dealing with on Craigslist. When we were young, our parents told us not to talk to strangers. Strangers are people not yet part of our trusted circle. So don’t trust them!

Whenever possible, deal locally and meet in a populated area or even in front of the police department! People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

Home security tips: If you have to meet someone at your home consider keeping the meeting outside. If you have to meet inside then have someone standing next to the home security alarm ready to press the panic button or have a remote control for your wireless security alarm that will also ring the panic button.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.

• Tweet

Want privacy? On Facebook? Seriously?

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

There seems to be a groundswell of people who are anti-Facebook today.

Google “Facebook” and “Privacy” and 761,000,000—that’s seven hundred and sixty-one million—results come up in a quarter second. WHY? BECAUSE THERE IS AN OBVIOUS ISSUE WITH FACEBOOK AND PRIVACY. The major issue here is not that Facebook isn’t private, it’s that some people want it to be private and it's not and they can’t have their cake and eat it too. Privacy has always been a hotbed media grabbing issue that sells news too, so the few privacy pundits that there are, get all this attention by pointing the finger.

Mark Zuckerberg, Facebooks head dude said, "people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people." Then he went on to say "that social norm is just something that has evolved over time."

Nick Bilton a New York Times writer interviewed a Facebook employee and shortly after tweeted “Off record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn't believe in it.”

So if the head of an organization is telling you straight out, privacy isn’t really a concern, then why expect anything different? If you are about to book a cruise and you are told the captain of the ship likes to drink ALOT and he has a habit of hitting icebergs, would you get on the ship? If you don’t like the way things are done at Facebook either shut up or delete your profile.

I personally have no hard feelings towards Facebook; I also don’t share intimate details of my life and I understand the implications of the service. My angst is towards its users who say and do things that make themselves vulnerable to crime and online reputational disasters. Like Howard Stern’s dad used to say to him “I told you not to be stupid, you moron.”

And now that politicians are stepping in and making a fuss, Facebook is now the new privacy battle ground. These same politicians won’t do anything or accomplish anything. They just love the attention. And with 400 million people on board, I think privacy is deader than dead, a rotting corpse that just smells bad and we will complain as long as the stink lingers. Openness and transparency along with sharing too much information is the norm. But that doesn’t exclude you from at least understanding the risks, taking some responsibility and being smart about how to use it.

Protect yourself:

Use URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave your networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Why everyone should learn to be a hacker

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I know enough about hacking to make all of my software un-usable, mess up my operating system, and crash my PC. I also know enough about hacking to re-install my operating system, re-install all my software and get my PC running fresh and relatively secure. I’m no criminal hacker. And I am not suggesting that. Nor can I program; I don’t know code but I do know enough to hack in a way that keeps me running, and again, secure.

"Hacker" isn’t a bad word and "hacking" isn’t a bad thing to do. It’s something that if everyone who plugs into a PC every day did, they’d be a heck of a lot more versed in the functionality and security of a computer.

The beauty of becoming a “do it yourself” (DIY) hacker is you don’t need to pay a dude to come to your home or office to fix your computer when it’s not working. Three hundred and twenty five years ago I used to pay someone to fix me. Now I can do most of it myself, and when I don’t know how to do it, I look it up on Google. Chances are if you have had this problem, then thousands of others have too. There are a bazillion forums that you can go to and solve annoyances and real technology issues.

Once you start asking questions you begin to find people who know the answers. Next thing you know you are the person with the answers. Along the way you connect with people that are smarter than you are who actually do know code and how to really hack a system. Keep this stable of experts on your contact list so when you are in a pinch, you reach out. But do your best to figure it out on your own first so you aren’t constantly bugging them. You’d be amazed at how capable you are once you invest the necessary time to learn this stuff.

Another great way to learn how to be a DIY hacker is through tech support of your new PC. Most computers come with a one year guarantee that includes phone support. Now, many people complain about lousy support, but the hundred or so hours I’ve spent over the years with these people from all over the world has definitely upped my hacking abilities. Even when the tech support guy is wrong, you learn something.

Recently I got rid of all my old five-, six-, eight-year-old PCs and upgraded all but one to Windows 7 boxes and couldn’t be happier. In the process, I had to go through a litany of changes that were always frustrating, but made me a better, smarter, faster DIY hacker. I’ve spent about 20 hours with tech support on the phone getting everything to work like it should and now I know how to do it myself when things go wrong.

"Why I want my daughter to be a hacker" is the title of a post that's been making waves in the blogosphere. It doesn’t exactly make my point, but worth a read.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing the identity theft on CNBC.

• Tweet

Secret Service: ATM card skimming five times higher this year

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight. Skimming devices have been found recently at ATMs at a Bank of America in Daytona Beach and outside a Chase Bank in Escondido, California. Customers slipped in their cards, took their money and left.

In Boston, police uncovered an international ATM skimming ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals. Apparently, more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe.

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

Don’t expect the banks employees to protect you. At a bank in NY an alert customer pulled a skimmer off the ATM and brought it into the bank manager who had never seen a skimmer.  She thanked him. He came back in moments later with the small wireless camera. She thanked him again then she shut down the ATM.

Generally, if you can pull something off the face of the ATM where you’d slide your card through, it's probably an ATM skimming device. Banks are investing in new technologies, such as internal hardware that can jam the signal of skimming devices. But customers need to be aware of the problem and keep an eye out for devices affixed to the front of ATMs or cameras mounted near small mirrors or on brochure holders. See more skimming demonstrations on Extra TV.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

You can protect yourself from these types of scams first by covering your pin! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations.

Ultimately, you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston.

• Tweet

Scammers bait 40,000 Facebook victims with Ikea gift card

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

PC World reports:

In the past months, fan pages have popped up all over the social networking site, offering too-good-to-be-true gift cards. There's the $500 Whole Foods card, the $10 Walmart offer, and the $1,000 Ikea gift card. The Ikea page put these gift card scams on the map last month, when it quickly racked up more than 70,000 fans before being snuffed. Facebook has also taken down Target and iTunes gift card scam pages in the past few months.

To get the gift card the users must enter names, address and email address. They are then pointed to other pages where real products and services are offered. From there they enter credit card details if the offer appeals to them.

The root of this scam is believed to be perpetrated by affiliate marketers who make money on click throughs and create a ruse to gather data on potential customers also known as a “sucker list.”

In general, there shouldn’t be any traditional identity theft as it relates to new account fraud as long as requests aren’t being made for Social Security numbers, and the “victim” isn’t giving one out. Otherwise I don’t see this scam as harmful, but is certainly deceptive.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

• Tweet

1.5 million Americans have been victims of medical identity theft

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The Smartcard Alliance has released an in-depth report called "Medical Identity Theft in Healthcare."

While identity theft is a global issue that garners much media attention, most do not realize that medical identity theft is a serious and growing threat. Many authorities consider medical identity theft one of the fastest growing crimes in America. With the digital age of healthcare upon us, the risks are expected to increase as electronic medical records become more prevalent and the exchange of this data over expanding networks becomes more pervasive. Heightened concern over personal data security and privacy highlight the importance of having secure electronic medical identities.

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim. [1] Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services Department budget. [2] In 2009, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk of exposure.

Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.

Identity theft prevention services generally will not protect you from medical identity theft. However, if your information is out there on the Net and being scanned constantly by the identity theft protection service, then your risk is lowered. Furthermore, I’m all about layers of protection. If your identity is protected from new account fraud via credit monitoring or credit freezes then the thief may use another identity that has less restrictions.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing Medical Identity Theft on the CBS Early Show

References:

1. Survey conducted by The Ponemon Institute in February 2010
2. "HHS Budget Makes Smart Investments, Protects the Health and Safety of America’s Families," February 1, 2010

• Tweet

ID-theft ring gleaned socials from medical records

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Medical identity theft occurs when the perpetrator uses your name and in some cases other aspects of your identity, such as insurance information, to obtain medical treatment or medication, or to make false claims for treatment or medication. As a result, erroneous or fraudulent entries wind up on your medical records, or sometimes entirely fictional medical records are created in your name. Financial identity theft as it relates to new account fraud is when an identity thief gets the victim's Social Security number and opens new financial accounts under the victim's name. There’s very little protection from this due to a flawed system of open credit and lack of authenticating the actual “owner” of the SSN.

In Chicago, ABC News reports “Seven people have been arrested in an identity theft ring that allegedly used information stolen from victims' medical records to obtain credit cards. The identities of more than 200 patients of a Chicago hospital were stolen. The information was stolen from the offices of the Northwestern Medical Faculty Foundation. That information led to $300,000 worth of goods and services being racked up on fraudulently.The suspects are even accused of using Facebook to post photos of themselves posing with stolen clothing and jewelry.”

One of the alleged ring leaders is being held on $100,000 bond. Apparently her third run-in with the law.

Her mom said "That's really not her. She is a good person. She do have a heart." She "do," huh? She do like to steal identities too. And she do like to buy her nice stuff with those stolen identities. The victims have to spend many hours cleaning up their good names. They may be denied loans in the process or jobs or insurance due to bad credit.

You do need to protect yourself from new account fraud, and identity theft protection and a credit freeze is the best way. I did a spot on Good Morning America on this story.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Do you spy on your spouse?

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Generally, in a trusting relationship spying isn’t necessary. I’m sure Sandra Bullock, Kate Gosselin or Tiger Wood’s wife didn’t think they needed to spy on their husbands, until they did.

The fact is humans have a tendency to lie. Lying is generally done to protect people from the consequences of their actions or to protect others from the emotional hurt because of what they did.

Spying generally occurs when trust is broken or intuition kicks in and someone senses something is askew. Spying is easier today than it’s ever been. According to a recent survey polling 1,000 men and women of various ages, incomes, and locations in the United States, there's a 38 percent chance you would spy if you're 25 or younger.

Among respondents, 38 percent of those 25 years old or younger admitted to snooping on their boyfriend's or girlfriend's messages, and 36 percent of those who are married admitted to checking their spouse's e-mail or call history.

Spying can be accomplished by simply picking up a person’s phone and looking at the incoming and out going calls and text messages. Mobile phone spyware is readily available and can monitor almost every aspect of a phones use remotely.

Small wireless cameras installed in lighters, pens, clocks, smoke detectors and just about anything else are readily available. Commercially available spyware can easily be installed on a person’s computer. Undetectable hardware called “key catchers” can be installed in the PS2 or USB ports and the person’s keyboard is piggybacked and logs all their keystrokes.

Identity thieves are using the exact same technologies.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

• Tweet

Criminal hacker gets 20. Books, movies and Hollywood starlet next

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided "dumps," a term which refers to stolen credit card data, to "carders." "Carders" are the people who buy, sell, and trade stolen credit card data online.

“Gonzalez and his hacking buddies hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster's, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They used some of the stolen numbers to remove cash from ATM machines and sold many of the other numbers to other criminals, including those in Eastern Europe.”

Gonzalez provided "sniffer" software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or "malware" malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Wired reports "Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation."

It was reported that Gonzalez buried a million dollars in the backyard of his parents' Miami home. At one point he cracked and drew a map for investigators to find the money. WOW!

How many people in the course of history have actually dug a hole and buried a million bucks in it? I can’t wait to see the movie. I’d be happy playing a part in it. I’ll be the shovel.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Using Facebook to steal company data

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

There is a reason why computer users are called "users." Like crack addicts who are drug users, more is never enough. And when under the influence, people do stupid things. I find myself scanning the Dell catalog like it's the latest (or any) Victoria Secrets catalog. I'm amazed at how many people I know that are online all day long and digitally stoned. The bad guy knows you are obsessed and uses this against you. He sees that you are comfortably numb here. He understands that in the virtual world you're delirious and more apt to respond to his message then log your credentials.

Steve Stasiukonis is vice president and founder of Secure Network Technologies Inc. and publishes to Dark Reading. He tested his client's network using a bogus identity, and joined the company's Facebook site and started mining the names and email addresses of individuals who identified themselves as employees.

As he collected a database full of names for a penetration test in the phish, he secured a domain name similar to that of his client. This domain name took on the appearance of a human resources or benefits portal. When he emailed the employees as "human resources," they were redirected to a Web page, such as https://www.xyzcompany-benefits.com.

He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers' network.

Steve says:

– Officially sponsor the social networking site and assign an administrator who is responsible for permitting employees to join. This will help control somebody infiltrating the site for devious purposes.

– Establish a social networking policy. If your employees are participating in social networking sites (company sponsored or not) make sure company policies dictate what is and is not permissible. For example, divulging your corporate email account on social networking sites should not be permitted.

– Last but not least, if employees feel the need to gather and converse about their day-to-day work, personal lives, and hobbies, consider a corporate intranet. Maybe someday social networking vendors will launch a product that will provide the same features and benefits, but with the security tools needed to keep employees and company secrets safe. But in the meantime, it's up to you.

Sober up and protect your identity.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet