Today, copy machines, fax machines and many printers are just like computers; they’re smart and they have hard drives or flash drives and can store data that can be extracted. Peripherals in the olden days, just like dot-com-heavy stock portfolios, were dumb.

Because of the increased demand of networked technologies, manufacturers of all these peripherals met the demand and built them so they can be easily accessed by everyone in the office.  These same peripherals are often wireless too. They also have memories, or caches, which allow them to store printing jobs when the copier is busy. This kind of memory has a consequence.

The issue here is that these devices are not always treated with the same security considerations as a computer. After all, PCs are often locked down, access is limited and the data might be encrypted. When someone upgrades to a new PC, the old PC’s data is supposed to be removed, reformatted, etc. This procedure is often overlooked on a copier/printer/fax.

Consider what kind of data is copied (and therefore stored) at your doctor's, bank's, mortgage broker's and accountant's offices. There might be personally identifiable information that someone could use to create new accounts or take over existing accounts.

Where do old peripherals go? Many of them head to warehouses to be resold. Others end up on eBay. A quick search on eBay results in 13,314 copiers for sale, 1,874 of them are used . If I can buy an ATM off Craigslist with over 1,000 credit and debit card numbers on it, how much data do you think we can get from used copiers?

All the more reason to protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing copy machine scams on CBS Boston

Skimming data off of debit and credit cards has been happening at ATMs, gas pumps and electronic funds transfer point of sale terminals for quite some time.

When criminals plant skimming devices, they have to physically attach a skimming device that fits over the face of the ATM’s card slot. Then they install a small camera that shoots video of the pinpad which allows them to extract user PIN codes. The camera is often housed inside of a brochure holder or little box that may have a mirror glued to its face. The mirror is made to loom like a security feature preventing shoulder surfing.

Once the criminals attach the devices, they have to wait it out for someone to then use the ATM or gas pump before they can remove the device and download the data. It is in the best interest of the criminal to leave the skimmer on the machine for as long as possible to skim as many cards as possible. Because every time the skimmer is removed and replaced it becomes another opportunity for the thief to get caught or for something to go wrong.

In Utah, a group of criminals one-upped other ATM scammers by installing Bluetooth enabled skimming devices that broadcast the skimmed data to a nearby storage devise, probably a laptop. Bluetooth’s range can be just a few feet to as much as a city block. So the criminals had to be in a car nearby.

What makes these devices even more sophisticated is that they skim the card data and grab the PIN code via the all-in-one combo skimmer and PIN pad device affixed to the face of the pump.

This entire process allows the criminal to steal data on demand and immediately turn it into cash. Further, it provides the criminal with the freedom to decide whether or not they want to retrieve the skimming device, thereby lessening their chances of being caught.

You can’t protect yourself from this kind of skimmer by covering your PIN entry due to the fact that the device is the PIN pad. So if you use a device like this you may be screwed. Ultimately, you must pay close attention to your statements. Also, pay close attention to details, and look for anything that seems out of place. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing Pay-at-the-Pump skimming on Fox News.

Naiveté: A lack of sophistication or worldliness. That sums up a lot of people I know. "There's a sucker born every minute" is a phrase often credited to P.T. Barnum (1810 – 1891), an American showman. It is generally taken to mean that there are (and always will be) a lot of gullible people in the world.

Predator: A predator is an organism that feeds on another organism. That also sums up a lot of people I know. I observe them in person and in the news daily.

There are many ways how, and motivations why, a predator stalks their prey. Often it is just their nature to do so. Control and money top the list of motivations.

In the world of Information Security the “how” is “social engineering”.

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to be aware of and resist the most common attempts to trick them into letting down their guard.

The Register reports that pentesters, a.k.a ethical hackers, "regularly send client employees emails informing them that the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 per cent."

As the article points out, humans have a tendency to trust one another. It's a survival instinct built on millions of years of evolution. "When one person saw that a group of his peers ate a particular berry and didn't die, he ate the same fruit – and survived as a result." That's trust, and it's exploitable.

This is where we throw around words like “naïve” and “sucker.” You don’t really need to be naïve, a sucker or stupid to respond to emails like this. Really, you just need to be nice, helpful and trusting.

I found a website called “Hacks4Sale” (a site which Norton Internet Security deems unsafe, so go there at your own peril) which employs similar tactics, but they claim are for different reasons:

A very large portion of our clients are the victims of spousal infidelity, nowadays the primary means people employ to communicate with their lover are e-mails and social networking websites, both of witch we can help you gain access to through our software. Our software solutions enable our clients to retrieve (no physical access to the user's computer is required) the login credentials to accounts at all the major e-mail and social networking providers (Yahoo,Gmail,Hotmail,Myspace,Facebook and many others).

Recognize that the predator uses these tactics to get what they seek. They will stop at nothing and consider you their natural prey.

Always question authority or those who claim authority.

Don’t automatically trust or give the benefit of the doubt.

When the phone rings, an email comes in or you are approached, proceed with caution.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

When I was 17, my friend “Baldo,” as he was known by all, was the Fake ID Master. He also fixed TV’s and still does today. But he didn’t actually create “fake IDs,” he altered real ones. The technology he used back then is still used today. It’s called Crayola Crayons. He would take a Massachusetts ID and heat the laminate over the stove and peel it back. Then he’d dab a premixed batch of liquid aqua green/blue crayon on the left side of an 8 to make it a 3. He’d bust out his heating iron and some wax paper and seal up the laminate. Then a 17-year-old became 22, using the same technology my 1 year old eats. Packy run, anyone?

Today is a little different. It’s not so easy to peel back the laminate. Most cards today are treated plastics: PVC, styrene, polypropylene, direct thermal, and teslin hybrids. However, while all that sounds technically challenging, it’s really not. Some of the do-it-yourself ID making machines are the size of a shoebox. It is however a tad more complicated than that. Sure you can go to your local office supply and buy ID making materials or simply buy fake IDs online, but will they pass the muster when put in front of numerous technologies that look for tampering?

That’s where the $10,000 fake ID comes in. In New York, authorities busted an identity theft ring and charged 22 people with selling driver's licenses and other identification documents.

Among those implicated in the ring are two New York State Department of Motor Vehicles employees, who are believed to have earned over a $1 million dollars issuing more than 200 licenses and other documents over the past three years. The alleged ring leader of the group was identified as Wilch Dewalt, also known as "Sharrief Sabazz" Muhammad' and "License Man." Authorities say he acted as a broker who, in exchange for a fee of between $7,000 and $10,000, served as a one-stop shop for fraudulent documents.

In this case, the clients who were dropping 10G on IDs were people who were hiding from the law in plain sight, including felons, a drug dealer whose claim to fame was once a cameo on "America’s Most Wanted," and someone from the government's No Fly List. These were people that: A) could afford it and, B) needed the best of the best in real fake identification.

In the meantime, identity theft is again the top 2009 consumer complaint, the FTC reports. The number of American identity fraud victims rose 12% last year to 11.1 million, with losses hitting $54 billion, according to an annual report from Javelin Strategy & Research.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Q:  Does Identity Guard accept prepaid credit cards for enrollment?

A: Currently, Identity Guard does not accept prepaid credit cards to enroll in their identity theft protection services.  They do, however, accept both debit cards and regular (non-prepaid) credit cards.  If you don't have a regular credit card, using your debit card would be the way to go.

As always, we highly recommend subscribing to a identity theft protection service such as Identity Guard.  It's a smart, proactive step to help protect your identity – one of your most valuable commodities.

The assassination of senior Hamas terrorist Mahmoud al-Mabhouh has made a little buzz in the States, but over in Dubai, as more details become available, it is becoming apparent to some (depending on which side of the wall you live on) that the real assassins stole the identities of several Israelis who carried foreign passports.

The purported identity theft stems from the accessibility of passport data from Israelis who hold dual citizenship from Israel, Britain, Australia and other countries. “Six more Britons had their passports cloned by the killers of a senior Hamas official," Dubai police said yesterday, as they revealed a total of 15 new suspects in the assassination. One of the victims/accused assassins stated, "I was in total shock. I don't know what's happening—I don't know how they got to me or my information. I haven't left the country in about two years, and I've never been to Dubai. I don't know who was behind this. It's just scary, because powerful forces are involved in this."

The Dubai police went ahead and released information on 26 suspects in the assassination. The pictures of the suspects were also released. One of the accused stated, “Even my mother asked if I'd been abroad.”

Freaky Stuff.

I was interviewed in a yet-to-be-released AP story from Jerusalem about how something like this can happen. It seems simple to me. If, in fact, the accused are what I would label as criminal identity theft victims, then we are all susceptible to this type of crime. I’ve always believed this to be the scariest of all identity theft and if the above story concludes as factual, then it’s a perfect example.

In the USA, we have as many as 200 forms of ID circulating, including passports from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. These are paper and plastic documents that can be recreated with a PC, scanner, printer and laminator. We use numerical identifiers that aren’t physically associated with us. Pictures are attached to some documents that may not look like the document holder, especially if there are changes to characteristics such as eye glasses, beards, hair coloring, hair removal, or weight change. Some identification documents are absent of a photo. This is not effective authentication. Worldwide, the system isn’t much more secure.

This is criminal identity theft waiting to happen.

At least you can protect your financial identity.

1. Get a credit freeze if you think you've been a victim of identity theft. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated.

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Q:   How can I remove a fake profile of myself from Facebook?

A: What can you do if you find out someone has created a fake Facebook profile in your name?   This is actually a pretty easy situation to resolve.   If you already have a Facebook account, just go to the Facebook "Report a Fake Profile" page and enter the requested information.  If you don't have a Facebook account you can visit the Facebook "Imposter Profile" page and report the issue there.

You should be aware that someone setting up a fake profile in your name may be an indication of even more serious identity theft. To learn more about how to protect yourself, check out our Facebook identity theft protection guide.  To proactively protect yourself from identity theft, consider signing up for Trusted ID, our top-reviewed identity theft protection service.

Financial institutions have the most to gain by improving security education of their clients and employees—and the most to lose if they don't.

A while back I appeared on a local TV show talking about phishing. Amazingly, still, not everyone knows what phishing is. A good friend saw the show and was shocked by what she learned… about her bank.

She received a phishing email and didn’t know what it was. The email asked her to update her account. It was confusing so she called her bank. She spent 20 minutes on the phone with a bank rep discussing her account and the bank could find no record of the communication or any issues with her account. At the conclusion of the call the bank rep said, “I don’t know why you received this email; your account information is in order.” Click.

That night she saw my phishing clip and wondered why the bank never mentioned a single word about phishing. Her bank failed her. They failed to educate her and therefore failed to protect her. She is no longer a client of that bank.

The mindset of financial institutions needs to change drastically when it comes to educating their clients about identity theft and security issues. The old school don’t-discuss-it-because-it-will-scare-people school of thought is dead. People want, need and require information to protect themselves.

The game has changed. People are concerned for their personal security and are hungry to learn. The fact that you or anyone reads this blog is a testament to the fact that society as a whole wants to learn. Soccer moms are now security moms.  I’ve seen major industry players in the anti-virus space catering to these mommy bloggers and others because they understand the public is hungry for this. Banks, well, not so much.

Engage the public and they will respect you and want to do further business with you.

Linda McGlasson, Managing Editor at BankInfoSecurity.com interviewed me for a segment on this issue. Listen to the Podcast here. It requires a login but its worth your time.

Protect your identity.

1. Get a credit freeze if you think you're a victim of identity theft. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in antivirus software and keep it auto-updated.

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing the lack of security in online banking on CBS Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

The brouhaha has largely focused on moral issues, and while some have demanded Kerr be fired, it's also become a bit of a cause celbre—well at least one celeb, Miranda Kerr. Should Kiely be fired for looking at porn? That's an HR issue. What we're more concerned about is an IT issue. Dave Kiely should not be opening image attachments at work, no matter what they're of.

Email attachments are a favorite way of spreading viruses and other malware. Kiely is a bank employee, and his computer not only has pictures of Miranda Kerr on it, but also likely has personal financial information regarding the bank's customers. Now, there's no evidence that any breach occurred. In fact it seems to be a prank and the real damage is to Kiely's reputation. But the potential is still there.

According to the article, a bank spokesman has said, "Macquarie and the employee apologize for any offense that may have been caused." And Miranda Kerr hopes he doesn't lose his job over a little ogling. But all of this misses the point, because the real threat is not to morals, but to customer security.

In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks. SQL is abbreviation of Structured Query Language, pronounced ”Ess Que El” or ”Sequel.” The shift in strategy has switched to a focus on high-profile websites, concluded Websense's State of Internet Security report for the third and fourth quarter of 2009. SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data, the attack was reconfigured last summer to install viruses that contain a remote control component on a user's computer.

Matt Chambers with Corporate IT Solutions says, “Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected. Applications typically take input information and send it to a database for storage and processing. We interact with these kinds of applications every day, whether it’s a signup form or a login page for a favorite networking site.”

Patrik Runald, senior manager of security research at Websense, told SCMagazineUS.com “the bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into.” The report says attackers have increasingly launched targeted attacks, which often start with an email containing a malicious link. During the second half of 2009, 81% of emails contained a malicious link, the report states.

When an employee receives a spear phish (a.k.a., a targeted email attack with a malicious link), based on information gathered from the company’s website, and that employee clicks that link, the link may download a program that disables the company's antivirus and defeats all security measures. This is why one must never click on links in the body of an email. There are hardly ever links in emails that can’t be worked around, either via a user's favorites menu or by manually typing the address in the browser.

1. NEVER click links in email. It’s shear laziness, naiveté or stupidity when someone clicks links in the body of an email today.

2. Get yourself an ethical hacker to test your network and see what damage he can do before the bad guy does.

3. Invest in antivirus software and keep it auto-updated.

4. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.