How to get a new Social Security Card

Posted by tasha on February 8th, 2010

The following post in our Reader Question series is an actual user submitted question:

Q: How do I get another social security card?

A: If you have lost your social security card and need another one, you can get a free replacement. The social security office limits the number of replacement cards they will issue to 3 a year and 10 in your lifetime, but this should be plenty for the majority of people.

To obtain a replacement card you need to complete the official government Application for a Social Security Card form and take it or mail it to your local social security office. This form requires you to provide personal information such as your name, your social security number and your parent's personal information. You will also have to show documents proving your identity and that you are a US citizen (or if you aren't a US citizen, proof of current employment). This can be a little tricky as the social security office will only accept original documents, or documents certified by the custodian of the original record. They won't accept photocopies or notarized copies of documents. If at all possible, it makes sense to visit a social security office rather than mailing one of these documents to them. That way you won't have these important documents out of your possession. Once all your documents have been verifying and your application is processed it takes approximately 10-14 days to get your replacement social security card.

Your social security card is a valuable piece of information, and it should be carefully guarded. If your card has been lost or stolen you may be at risk for identity theft. Someone can use your SSN to apply for everything from mortgages to bank accounts. We recommend protecting yourself by signing up for one of the identity theft services reviewed on our site.

419 scams double, over $9 billion in profits

Posted by Robert Siciliano on February 8th, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

A recent study by Dutch investigation firm Ultrascan shows we are half as smart (or twice as dumb) as we were in 2008, as advanced fee scams, a.k.a. 419 scams, doubled in losses to over $9 billion. 419 Advance Fee Fraud Statistics 2009 (PDF)

It is believed that while the scams are known to be Nigerian in nature, coined after the 419 Nigerian code making them illegal, scams were launched from 69 other countries in 2009.  The jump in the amount of victims is due to the broader reach of the scammer. Scammers aren’t just targeting English-speaking nations anymore. As people in developing countries get computers and Internet connections, they become susceptible to the same old scams that other countries got snagged by a decade ago.

Big targets have become China, India, South Korea, Vietnam, and others. Many of the scams of the past had an “insurance fee” pitch that required a percentage of money sent in order to ensure that so many millions made their way to another bank somewhere. This “investment” by the victim was supposed to get them a percentage of the big pot. Once the scammer got a hold of the victims, they would build a relationship with them, in many cases a romantic one, to get them emotionally involved in the ruse.

However, in China, the Chinese get hooked by lottery scams. And in India, a culture of hard workers, people fall for student visa and job placement scams. The hook in all these scams is that the victim believes an inbound communication to be legitimate. From there, the scammers will say and do anything to get the victims to wire money. But it usually doesn’t end there. Once they get a rube on the hook, they will come up with as many reasons as possible to completely drain the victim of all their money.

Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. They pull on emotional strings, they use greed, lust and many other human impulses to trigger us. It's up to everyone to just be a little smarter about the emails they receive. And tell those in your life who are less than cognizant, just hit delete.

Protect your identity:

1. If you think you're a victim of identity theft, get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated.

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Criminal hackers buying and selling hacked accounts

Posted by Robert Siciliano on February 5th, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger.

Malicious software, designed to gather usernames and passwords, has been a boon to the criminal hacking community. Spyware, as it’s commonly known, records almost everything a user does on their PC. The most damaging spyware records all electronic communications via a web browser. That’s where the most damage can be done and the money is made.

A recent study, by Internet security software firm Kaspersky, shows there are as many as 70,000 variations of these keystroke sniffing programs, which is double what was discovered in 2008. Criminals have become proficient at hacking databases containing millions of credit card numbers but now have such a glut of data, that they have to work hard to turn it into actual cash. IT security professionals have also become better at discovering a breach and those same credit card numbers become invalid soon after the discovery is made.

Cyber hackers have discovered great profits by stealing a user's online banking information. Fully accessing an individual or business bank account allows the criminal hacker more time to transfer funds and write checks to themselves. Even something as seemingly innocuous as a social networking site can reap huge rewards for the criminal hacker; scraping user names and passwords for Facebook, Twitter and other social media sites allows the hacker to spread more spyware to those in a trusted circle and gives the attacker an opportunity reach out to the friends or followers of the victims to scam money in many other ways.

These same hackers may also be enjoying access to a person's email account which may have a trove of data leading to even more usernames and passwords, either contained in an attachment or a cloud-based document. Having access to a hacked email account also allows the criminal hacker to reset of many of the victim's passwords on other accounts as well.

Here are ways you can protect your identity:

1) Invest in Internet security software and keep it auto-updated.

2) Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

3) Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discussing hacked Hotmail accounts on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Baby boomers guilty of oversharing on Facebook

Posted by kent on January 26th, 2010

A new study from Experian concludes that adults over the age of 45 share too much information online. The credit score reporting company completed a study of  1,052 men and women, analyzing their behavior on social networks. The study found that "14 percent of adults – and 20 percent of those age 60 and over – listed their full home addresses in their social media profiles."

The risks are the same that we've reported on before: posting vacation plans can lead to a burglary and a favorite pet's name can inadvertently disclose a the answer to a security question. None of this is new, but what's interesting is how this study focused on the habits of baby boomers. Experian did not provide any data on how it compares to the habits of younger users, so it's hard to say if this is particularly significant.

Age aside, it does point out problems with the confusing privacy settings on social networking sites. You don't have to be over the age of forty to be confused by Facebook's privacy settings. Founder Mark Zuckerberg was caught unaware by Facebook's confusing new privacy settings, which allowed his previously private photos to be viewed by any interested Facebook user. The photos have since been made private.

I use Facebook probably far more frequently than I should and I've gone through the various Facebook privacy changes myself, and not without a bit of confusion. It seems to me that Facebook could really help all its users understand the privacy settings by creating a simple interface that would allow them to view their own profiles from different relationship levels. Facebook users would understand the rules far better if they could directly see how another user would experience their profile.

Zuckerberg recently commented on Facebook's new privacy settings, saying that: "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people." While I agree with Zuckerberg in spirit, I think it's problematic to allow user comfort to drive privacy policy. As the Experian study shows, people become comfortable with a lot of behaviors that can leave them exposed.

All social networks need to do a better job of helping users understand how public their data is. Building those rules into intuitive, experiential tools could go a long way to doing that.

What protection is available once your identity has been stolen?

Posted by Caitlin on January 25th, 2010

The following post in our Reader Question series is an actual user submitted question:

Q: I would like to get information on what protection is available for a person who identity is already stolen and is being attempted to be used. I was wondering about instant alerts any time my name or credit is trying to be used or credit being extended. Please contact me with this information at your earliest convenience. Thank you!

A: What you have described in your question is called a fraud alert, and it is definitely a good idea to set these alerts with the credit bureaus if you believe that your identity has been stolen. Once you set a fraud alert with one credit bureau, that bureau will notify the other two. Fraud alerts expire after 90 days, so you'll need to reset them if you want to continue to be protected. LifeLock, one of our top-reviewed identity theft protection services, can help walk you through the process of setting fraud alerts and send you reminders when they need to be reset.

You may also want to consider a credit freeze, which would lock down your credit report to prevent any new accounts from being opened in your name. The details of setting a credit freeze vary depending on your state, but you would have to pay a small fee of $10.00 or so to set the freeze, and again when you are ready to unfreeze your account. You would have to set the credit freeze with each bureau individually, and pay the fee three times. You can learn more about freezing your credit and setting fraud alerts at ConsumersUnion.org.

It is a good idea to invest in an identity theft protection service, since in addition to taking measures to prevent and detect identity theft, most of these services will also help you restore your identity if you do become a victim. To learn more about LifeLock and other identity theft protection services, see our reviews and comparison chart.

The New York Times ponders the plight of the Internet user

Posted by Caitlin on January 25th, 2010

In this day and age, even the Fashion & Style section of The New York Times is worried about Internet security issues. This weekend, the Times recounted the experiences of Allan Goldstein, a 60 year old college professor who uses the Internet, but does so a bit nervously. He worries that NYU's online system will crash, and that he'll lose his syllabus and grades. He uses online banking, but draws the line at automated payments.

A few years ago, Mr. Goldstein was a victim of a rather low-tech variety of identity theft: dumpster diving. Mr. Goldstein believes the thief or thieves found discarded receipts and bank statements in his building's trash before changing the address associated with his credit card. Mr. Goldstein responded to the situation by purchasing a shredder.

In December, Mr. Goldstein opened a new American Express credit card account, but the first time he logged in to check his balance, he found himself in a different account, one belonging to a woman in Florida. He could see her purchase history and all of her personal information. His first move was to call American Express's customer service department and explain that he'd "hacked into someone's private account by mistake."

After a month of being brushed off by six American Express customer representatives who seemed less than concerned about the issue, Mr. Goldstein contacted The New York Times, which finally got American Express's attention. It turned out, there was no hacking or security failure going on. Mr. Goldstein's user name and password were nearly identical to those of another customer, and he had typed his own information incorrectly, which led him to accidentally sign into her account.

Sadly, the incident shook Mr. Goldstein's already tenuous faith in the Internet to such a degree that he responded by moving his savings from an online savings account to a standard account with a lower interest rate.

Clearly, American Express should have responded to Mr. Goldstein's concerns more quickly. But while Mr. Goldstein's trepidation about Internet services is understandable, he would be far safer if he did his research. While shredding sensitive documents is a good move, it is not an adequate defense against identity theft. And if Mr. Goldstein's banking user name and password were nearly identical to those of another customer, it is likely that both were using a popular and weak password.

Instead of avoiding Internet services, learn to use them safely. Protect yourself from identity thieves by investing in an identity theft protection service, or at least a credit monitoring service. Use strong passwords, with a combination of upper and lowercase letters and numbers. Be sure to install Internet security software on your PC, and set it to update automatically. Don't be afraid of online savings accounts, which generally earn higher interest rates than standard accounts. And if you're nervous about losing files, invest in an online backup service.

Connecticut sues Health Net for data breach

Posted by Caitlin on January 20th, 2010

Connecticut Attorney General Richard Blumenthal has filed a lawsuit against Health Net for HIPPA violations in the wake of a data breach. Last May, Health Net discovered that a portable disk drive containing confidential health information, Social Security numbers, and bank account numbers of nearly half a million past and present enrollees had disappeared. The data was not encrypted, and the company did not begin notifying those whose data had been compromised until November 30.

Blumenthal is civil penalties, which are limited to a maximum of $1.5 million per year, as well as a court order that would require Health Net to encrypt any personal health information contained on a portable electronic device. In a written statement, Blumenthal said, "The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable. Even more alarming than the breach, Health Net downplayed and dismissed the danger to patients and consumers."

Health Net has offered two years of free credit monitoring and $1 million of identity theft insurance to affected members, and has promised additional assistance to anyone who does become an identity theft victim as a result of the breach.

Medical identity theft is a growing concern. One way to protect yourself is to invest in an identity theft protection service like TrustedID, which monitors for medical identity theft as well as financial identity theft. To learn more about TrustedID and other identity theft protection services, see our reviews and comparison chart.

Chinese hackers target Google and Google users

Posted by Caitlin on January 13th, 2010

Yesterday, Google released information about a "highly sophisticated and targeted attack on [Google's] corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." The attack also targeted at least twenty other large companies, and the hackers seem to have been specifically interested in accessing the Gmail accounts of Chinese human rights activists.

But perhaps even more disturbing than the Google breach is the discovery that third parties have routinely accessed the Gmail accounts of dozens of human rights advocates throughout the world, probably via a combination of phishing scams and malware.

Google has responded to the attack by enhancing its own security, and advises users to take action to secure their own accounts and PCs:

"We would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online."

If you could use some help protection yourself online, take a look at NextAdvisor.com's reviews and comparison of Internet security software. And since most hackers are after your financial data, you should also consider investing in identity theft protection.

Data Breach Alert: Facebook application developer RockYou failed to protect data

Posted by Caitlin on January 11th, 2010

RockYou is a company that develops applications for Facebook, MySpace, and a number of other popular social networking websites. It's the second biggest application developer for Facebook after Zynga, which recently made headlines for its "scammy" offers. Last month, RockYou fell victim to an SQL injection attack, in which a hacker or hackers successfully accessed a database containing email addresses and passwords for over 30 million users. Last week, RockYou was hit with a class action lawsuit, alleging that RockYou "recklessly and knowingly failed to take even the most basic steps to protect its users' personally identifiable information by leaving data entirely unencrypted and available for any person with a basic set of hacking skills."

Login data for a social networking application may seem like a trivial data breach, but it becomes a more serious matter when one considers the frequency with which the same password is reused for several online accounts. If someone gets into your RockYou account, the consequences will probably be minimal, but that same stolen data could be used to access your personal email or online banking accounts.

We've said it before and we'll surely be compelled to say it many, many more times, but: don't use the same password for multiple online accounts! It's a terrible habit that compromises your security and identity. And think carefully about whether applications on Facebook and other social networking sites are really worth the risk of viruses and identity theft.

Be sure to install Internet security software, and set it to update automatically. And consider investing in identity theft protection.

International hacker pleads guilty

Posted by Caitlin on December 30th, 2009

In August, Albert Gonzalez was indicted for his role as ringleader of a massive hacking operation targeting Heartland Payment Systems, 7-11, and supermarket chain Hannaford Brothers. The hack resulted in the theft of data for more than 130 million credit and debit cards. Authorities have called it the largest identity fraud scam in U.S. history.

Gonzalez has already pleaded guilty to charges of computer fraud and identity theft for previous data breaches, and yesterday he pleaded guilty to similar charges related to the Heartland Payment Systems breach. His sentencing is set for March, and he will faces several sentences of up to 20 to 25 years in prison. Gonzalez has admitted to drug and alcohol abuse, and his lawyers have suggested that he may have Asperger's Disorder.

Albert Gonzalez may be the most infamous hacker and identity thief of the moment, but there are plenty more like him. One way to protect your credit and debit card numbers from hackers like him is to invest in an identity theft protection service.