Stop Credit Card Thieves in the Act

, ,

Setting Up Account Alerts Can Help Protect You From Fraud.

Did you realize that you can have your credit card company and bank notify you anytime there is activity on your account? This tool makes it very easy to catch fraud before it stings your wallet.

Chip and PIN Credit Cards Finally Explained

, ,

Chip and Pin Credit Cards Lower Fraud by 700%

Chip and Pin Credit Cards

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • It will take at least 5 years for Chip and PIN (or EMV) transactions to make up the majority of retail card processing in the U.S.
  • Most large retailers are likely to implement Chip and PIN technology over the next two years
  • Other technologies, like mobile or electronic wallets (e.g. Apple Pay), could become the preferred payment method over Chip and PIN card technology due to their ease and advanced security.
  • Although Phase 1 (Chip and Signature) will prevent credit card fraud by making credit cards harder to clone, it WILL NOT make them harder to use if they get into the wrong hands. Therefore, continuing to closely monitor our accounts and personal information will help you avoid becoming a victim of fraud.
  • Phase 2 (Chip and PIN) WILL make credit cards harder for thieves to use, which is even more reason to support the transition to the new technology.

John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Cyber Security Expert Sileo on Check Fraud Scams

A new check fraud scam has reached the Front Range.

It involves a sizable check that arrives in the mail that, once cashed, can make you an accomplice in a money laundering scheme.

I recently appeared on 9 News to address the concern of a suspicious viewer, Martha, who had received such a check in the mail for $2,240.00. It was drawn on the Brown-Forman Employees Credit Union of Louisville, Ky.

The check came with a set of instructions:

No. 1: Have the check cashed at your bank.

No. 2: Pay yourself $300 after cashing the check.

No. 3: Take the rest of the funds to the nearest Western Union and transfer that balance to an address in San Diego.

Incredibly, the check is not a fake.  These are actually real checks, with real money attached to them, and you do get money in payment at the end. But you do have to do a little work for the cash. Martha was told that while making the transfer at Western Union, she was to observe how long it took to get service and if the customer service was professional. This is a ploy to make her believe she was actually doing some sort of job. In fact, had Martha followed through, she would have been committing a crime.

What they are doing is laundering illegal stolen money. They’ve gotten it through another breach like the Home Depot breach or the Target breach. They’ve gained all of this money, but they don’t want it to be tracked. So they send you a legitimate check, and they have you cash it because they don’t want to be traced to that money.  You then get to keep a part of the proceeds, say $300 of the $2,500, and you send off the remainder to them. They now have laundered money in a legitimate check that you have given them.  But you would be the one that’s held for the crime.  

Keep your “Hogwash” radar on high alert if someone wants to give you money out of the blue.  As always, if it seems to good to be true, it probably is!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Mark K 9 News

8th Day: What to Give the Person Who has Everything (and Wants to Keep it!)

,

Holiday Security Tips: On the eighth day of Christmas, the experts gave to me, 8 scam detectors

Most of us are too busy to monitor every form of identity that is at risk. Unfortunately, victims usually get hit when they take their eye off the ball.

 Solution: Purchase a comprehensive identity monitoring service

While a partridge in a pear tree may have been appreciated in 18th century England, it’s not a very coveted item these days!  Instead, help out the ones you love (and yourself!) by giving the gift of identity theft monitoring.

Traditional credit monitoring (which you can do for free at AnnualCreditReport.com) only detects a portion of identity theft. The remaining theft occurs as a by-product of non-credit loan activities (pay-day loans, etc), shared public records (court cases, real estate transactions, government filings, etc.), Internet trading sites (bought and sold on rogue websites), or in relation to medical or criminal records. It is important to monitor these forms of potential identity theft as well as your credit file. The key here is convenience; if you don’t have to do much to monitor a large portion of your identity, the work goes down while peace of mind increases. Make sure that your monitoring service has at least the following features:

  • 3-in-1 Credit Monitoring from each of the bureaus (Experian, Equifax, TransUnion)
  • Court & Public Record Monitoring
  • Non-credit loan monitoring like pay-day loans
  • Internet Surveillance for the buying and selling of your data
  • Sex Offender Reports to make sure crimes aren’t being committed in your name
  • Identity theft insurance to cover costs if you are affected
  • Identity theft restoration services to save you time

Forget the fruitcake; buy them something they’ll truly appreciate and remember long after the holidays! On the ninth day of Christmas…

To review our tips from previous days, click here.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Is Home Depot Data Breach an Example of the “New Normal”?

,

Home Depot Data Breach Exposes Our Growing Complacency

When Target suffered a data breach back in December of 2013, you couldn’t look at a news source without seeing a new story about it.  Yet when the Home Depot data breach was revealed recently, it received almost a ho-hum reception in the news.  This, even though, it was the biggest data breach in retailing history and has compromised 56 million of its customers’ credit cards!  It seems we have come to expect these data breaches to the point where we have become almost complacent.

Consumers, like the companies that breach our data, have become apocalyptic zombies, staring unquestioningly forward as we are attacked from all sides.

Even scarier is that it appears the retailer itself had become complacent. Former members of Home Depot’s cyber security team said the company was slow to respond to early threats and only belatedly took action.  It used outdated Symantec antivirus software from 2007 and did not continuously monitor the network for unusual behavior, such as a strange server talking to its checkout registers. These are security oversights that most companies eliminated 5 years ago!

Another issue is that Home Depot performed vulnerability scans irregularly and often scanned only a small number of stores.  The former employees say that more than a dozen systems handling customer information were not assessed.  Home Depot has defended its actions saying that they have complied with industry standards since 2009 and those standards included an exception from scanning store systems that are separated from larger corporate networks.

This brings up a great point: Compliance with laws doesn’t equate to security for customers. And customers leave because of security breach – they could care less about compliance mumbo jumbo.

Yet another smudge on their record is they hired a security engineer, Ricky Joe Mitchell, who had been fired from his previous job.  In April, he was sentenced to four months in prison for disabling the computers for a month at that former employer.

After the Target breach, Home Depot brought experts in from Voltage Security, a data security company that introduced enhanced encryption that scrambled payment information the moment a card was swiped in some of its stores.  However, by that time it was too late; hackers had been stealing millions of customers’ card information and had gone unnoticed for months. The rollout of the company’s new encryption was not completed until last week.

Home Depot has just become a perfect case study of all of the ways that a corporation can fail to protect itself from breach. They make Target look like rocket scientists. In the meantime, those of us who are customers continue to pay their price for their ignorance and inability to take responsibility for their data.

John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Anti-SPAM Software

I mentioned anti-SPAM software on a 9News piece regarding email scams and ways to avoid them. The anti-SPAM software that I use (and get paid nothing to mention) is called SpamSieve for Apple devices. In the future, I will review anti-SPAM software more comprehensively.

Latest Tax Scams "Target" Data Breach Victims

,

irs scam alertIt’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014.  They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name.  Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.

KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each.  This data is being sold in hundreds of online “stores” advertised in cybercrime forums.  A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.

The twist this year is that telephone scams are being linked to the breaches as well.  There are many variations, but most involve criminals contacting a victim saying they are from the IRS and that money is owed.  They know the victim’s personal information such as Social Security numbers (from the stolen breach data), so it is very convincing.  They may demand payment be sent immediately, threatening anything from arrest to driver’s license revocation if non-compliant.

Then here’s the kicker, there is often a follow up call supposedly from the local police department or the state motor vehicle department (with realistic numbers on the caller ID using a “spoofing” technique) to scare the victim into action even more.  So far victims in nearly every state have fallen prey to this scheme to the cost of more than $1 million.

To read more about the characteristics of these scams and how to avoid them or get help if you think you’ve been a victim of this hoax, visit the IRS website.  In the mean time, remember what IRS Acting Commissioner Danny Werfel said in a press release: “Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer.”

Also remember to guard well your personal information.  This tax scheme is just one example of how obtaining your personal information from one source makes it easier to socially engineer you in another way.  Be wary to be on the safe side!

John Sileo   [ Expert in the Art of Human Hacking ]

At The Sileo Group we make security sticky, so that it works.
We specialize in humorously-interactive keynotes that inspire human
 responsibility around privacy, technology and business risk. Interested?
Watch John engage and change an audience at the Pentagon, discuss
ID theft on the Rachael Ray Show or just listen to our satisfied clients.

303.777.3221 | Social Engineering | Identity Theft | Mobile Technology | Internet Privacy

“Jaw dropping content laced with laughter.”  – Homeland Security

Target Data Breach Touches 40 Million In-Store Shoppers

, ,

If you are one of the 40 million customers who have used a credit or debit card at Target stores in the United States between November 27 and December 15, you’d better start checking your accounts for fraudulent activity.  Target confirmed that the data stored on the magnetic strip of cards (customer names, debit or credit card numbers, and card expiration dates) were taken, along with the three-digit security codes  (CVVs) often imprinted on the backs of cards.

The type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines.  Only in store purchases are at risk, so online shoppers need not worry.

Target spokeswoman Molly Snyder would not comment on how customers’ data were stored or encrypted prior to the attack, saying that would be part of the ongoing investigation.  Target immediately notified law enforcement authorities and financial institutions, and the issue is being investigated by the Secret Service and a third-party forensics firm.

This breach is one of the largest ever of American consumer data, nearly matching that of TJX (TJ Maxx and Marshalls stores), which experienced a data breach in 2007 that affected more than 45 million customers.  2013 has been a particularly bad year for breaches overall.  Overall, one in four Americans have been told that some personally identifiable information has been lost or compromised because of data breaches, according to a recent report from Experian, and the pace of attacks is expected to continue rising through 2014.

In a letter sent to Target customers, Target officials say those who have noticed irregular activity on their accounts should call the firm at 866-852-8680.  In addition, all Target shoppers should:

  1. Review their credit card activity online on a daily basis to monitor for suspicious activity.
  2. Set up automatic account alerts with your credit card provider to quickly detect any misuse of cards.
  3. Visit AnnualCreditReport.com to see if there are any newly established, fraudulent accounts set up.
  4. Cancel your credit card if they notice any suspicious behavior. If it’s a debit card, I would cancel it no matter what given that it connects directly to your bank account. Make sure to transfer balances, miles and to switch any auto-pay accounts to the new card.
  5. Freeze your credit with the 3 credit scoring bureaus.
  6. Consider ID Theft monitoring services to help you keep track of abusive behavior of your information online.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

10 Times NOT To Use Your Debit Cards this Holiday Season!

,

do not use debit cardAs you head into the holiday season, one of the best steps you can take to protect your bank account is to eliminate the use of your debit card. While delivering a keynote speech in Washington DC last week, someone asked me if I could name ten times when you should NOT use a debit card.  I replied, “It’s a trick question because the answer is NEVER!” I seriously do feel that way, but I know there are people who either need to or prefer to use a debit card rather than a credit card or cash, so I want you to be informed about how to use it wisely.

First, make sure you understand the difference between a credit and debit card.  While they appear identical and can often be used interchangeably, remember that a debit card is a direct line to your bank account.  If a thief gets ahold of your debit card information, they essentially have access to your account.  One of the biggest differences comes to light when fraud occurs.  Credit card users can simply decline the charges and not pay the bill.  Debit card fraud comes straight out of your bank account and is much harder to fight or reclaim the money that as been debited. In the meantime, while you prove it was fraud, you’re out the cash.

Here is a Top Ten List of times to choose credit over debit.

10. Booking future travel

If you book your travel with a debit card, they debit your account immediately,. So if you’re buying travel or making a reservation that you won’t use for several months, you’ll be out the money immediately.  Also consider that many large hotels have suffered data breaches.

9. Hotels

Many hotels follow the practice of using your debit card to place a hold on your money (sometimes hundreds of dollars) to make sure you don’t run up a long distance bill, empty the mini bar or trash the room. The practice is almost unnoticeable if you’re using credit, but can be problematic if you’re using a debit card and have just enough in the account to cover what you need.  Be sure to ask about their “holding” policy if you are using a debit card.

8. Expensive purchases

This one is simple.  If something goes wrong with the merchandise or the purchase, a credit card offers rights to dispute and stop payments much easier than a debit card. You have a much shorter window for reporting and resolving an issue and may even be responsible for all charges if you wait too long.

7. Rental or security deposits.

Say you want to rent a car or borrow a Bobcat from your local home improvement store.  Remember that when you use a debit card to put down a deposit, that money is temporarily unavailable to you.  Of course, you’ll get the money back when you return the car or equipment, so this is no big deal if you have the money to spare until that time. But with a credit card, the money is just “frozen” and not actually charged so you won’t ever notice it’s gone.

6. Regular/recurring payments

You’ve heard about someone who quit a gym or discontinued a magazine subscription only to find that they kept getting billed. If you used a debit card for those payments, they’ll just keep coming right out of your bank account.  (Using a credit card is also a good way to ensure you don’t forget to make that monthly debit in your check register!)

5. Wi-Fi hot spots

Never use your debit card for an online purchase while at a coffee shop or other business that offers free wi-fi access.  Many of those businesses have unsecured wireless connections, so it’s much easier for hackers and scammers to log on and steal your data.

4. Restaurants

Anytime the card leaves your sight, you should NOT use your debit card. The waiter coming to your table has alone time with your card, giving them the opportunity to copy your card information.

This also applies to ordering food for delivery.  Restaurants that deliver tend to keep customer payment information on file in order to make future orders more convenient.

Another problem with using a debit card at restaurants is that some establishments will approve the card for more than your purchase amount because, presumably, you intend to leave a tip. So the amount of money frozen for the transaction could be quite a bit more than the amount of your tab. And it could be a few days before you get the cash back in your account.

3. Outdoor ATMs

Outdoor ATM machines provide the perfect opportunity for thieves to skim users’ debit cards.  Skimming is the practice of capturing a bank customer’s card information by running it through a machine that reads the card’s magnetic strip. Criminals place these machines over the real card slots at ATMs and other card terminals.  If the public has access to it, so do data criminals.  Use the ATM just inside the bank where it is under constant surveillance. And no matter what, look for devices or cameras on the ATM machine that aren’t normally there.

2. Gas stations

Every gas pump asks, “Credit or Debit?” these days.  Don’t choose the debit option!  Go inside and pay cash if you choose not to use your credit card!  There are three reasons.  One, it’s fairly easy for a thief to insert a skimmer and then sit nearby with a laptop accessing your information.  Even if the thief doesn’t manage to get your debit card personal identification number, or PIN, from such a device, he still may be able to duplicate the card’s magnetic strip and use it for “sign and swipe” Visa or MasterCard transactions.

Thieves can also sit nearby using small cameras to capture footage of debit card users entering their PINs. Finally, similar to the hotel example above, your debit card may be used to place a hold for an amount larger than your actual purchase.   So, even though you only bought $10 in gas, you could have a temporary bank hold for $50 to $100, says Susan Tiffany, director of consumer periodicals for the Credit Union National Association.

1. Online

Using you debit card online is like asking for your bank account to be emptied. There is just way too much potential for hacking at many different points in a transaction.  It could occur due to malware on the computer, someone could be “eavesdropping” via a wireless network, or it could happen once in the hands of the merchant due to a data breach.  If you have a problem with the purchase or your debit card number is stolen, it’s a huge hassle to get the money restored to your account and make your card number safe and secure again.

Keep it simple and just always use a credit card. I realize that it is easier to spend more money when it’s not coming directly out of your account, but it’s better to resist the temptation to spend for the added security provided. 

John Sileo is an author and highly engaging keynote speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.