Detection-Fraud: 15 Signs You’re a Victim of Identity Theft!

Detection: Fraud and Identity Theft.

“Consumers are spending considerably more time on fraud Resolution, up to an average of 30 hours in 2008. This increase may be attributed to the increased sophistication of fraud schemes.”
–    2009 Identity Fraud Survey Report, Javelin Strategy & Research

Most cases of identity theft are discovered by the victim, which reinforces the importance of monitoring your various accounts for suspicious behavior. Here are a few of the most common warning signs for the detection of fraud, identity theft or data breach:

The Top 15 Ways Victims Detect Identity Theft

  1. You receive a data breach notice in the mail from a company you do business with.
  2. Your bills or statements are not arriving in your mail (or email) on time.
  3. You notice unauthorized charges on your credit card bill or debit card statement.
  4. You notice new accounts or erroneous information on your credit report.
  5. You are denied credit for a purchase.
  6. You receive credit card bills for cards you don’t own.
  7. You are contacted by a collection agency about an item you didn’t purchase.
  8. You receive bills for unknown purchases, rental agreements or services.
  9. Businesses won’t accept your check or credit card.
  10. You are unable to set up new banking, loan or brokerage accounts.
  11. You notice withdrawals on your checking, savings or brokerage account that you didn’t make.
  12. The checks listed on your bank statements don’t reconcile with those listed in your check register. Many times these checks are made out to “Cash.”
  13. You notice a downward trend in benefits on your Annual Social Security Statement.
  14. The police show up at your door.
  15. A subpoena to appear in court arrives in the mail.

According to Javelin Strategy & Research, over the past 3 years, stolen data being used in less than one week jumped from 33% to 71%.  Identity thieves count on our lackadaisical attitude toward monitoring our wealth. Remember, actively monitoring your accounts, credit reports, and other identity documents is the best strategy to catch identity theft in its earliest stages, before it becomes a problem.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Electronic Information Privacy – Securing Your Job: Part II

Picture 6As we discussed in Electronic Information Privacy – Securing Your Job Part I, if you are an employee at a corporation, association, university or small business, you must realize that protecting electronic information and organizational data is vital not only to your company’s profitability, but for your job security.

Here is a crash course on how to promote information security within your company. The most effective way to build a Culture of Privacy is to break it down into 3 simple steps (most corporations skip the first step, dooming them to failure):

1.    Motivate the Individual. Train yourself, your employees and executives on how to protect identity and company information first. Learning the basic principles of privacy at an individual level is a pre-requisite for all subsequent forms of data security, and supplies the necessary motivation to apply the same habits at work. Each employee needs to overcome their own apathy, ignorance and inaction before they are equipped to protect corporate assets.  By making it personal, your executives and employees are acquiring the building blocks necessary to construct a corporate Culture of Privacy. Electronic information privacy training is good for their wellness, and is a means to a safer and more profitable end.

2.    Empower the Team.  One employee alone does not have the authority or resources to act. By empowering cross-departmental teams (who already understand privacy at a personal level) with the authority and resources to focus on low-hanging security fruit (e.g., laptop computers, document shredding, wireless surfing), you make immediate progress and win crucial organizational buy-in. In contrast, organizations with a Regime of Privacy tend to force data security into a silo (e.g., “It’s the I.T. Department’s responsibility” – see statistics in Part I), never taking into account the vital role played by legal counsel, compliance officers, the CFO, human resources and even facilities maintenance. In a Culture of Privacy, the team is integrated, and the results are more enduring.

3.    Lead by Example. There is nothing that undermines a Culture of Privacy faster than an employee or executive team that doesn’t practice what they preach. A CEO who surfs unprotected in the airport or refuses to invest in desk-side shredders will send a hypocritical message echoing throughout the corporation: “privacy doesn’t really matter, we’re just going through the motions.” In the same manner, a CEO who appoints some form of Chief Data Protection Officer but doesn’t supply the vision, budget or authority to make it happen, is the same CEO whose data breach catastrophe shows up on the front page of the Wall Street Journal.

For example, once you have learned to properly shred sensitive documents at home, it is much easier to apply a more sophisticated form of shredding at work. Individuals and business leaders who know how to protect themselves from identity theft on a personal level, will be more knowledgeable and prepared to protect their company’s electronic information from data breach on a business level.

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.” – Lao Tzu

John Sileo became America’s leading Information Privacy and Identity Theft Speaker after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, contact John directly on 800.258.8076.

Electronic Information Privacy – Securing Your Job: Part I

Electronic information privacy will eventually be one of the criteria on your job performance review. In fact, it’s not just electronic data that you should be concerned about, but all data. If you are an employee or executive at a corporation, association, university or small business, you must realize that protecting organizational data is vital not only to your company’s profitability, but to your job security. If it isn’t right now, it will be soon.

As a company employee or business leader, it is essential that you clearly understand the relationship between identity theft, data breach and your bottom line.  One of the costliest data security mistakes I see executives make is that they initially approach data privacy from the perspective of the company. They don’t recognize the following reality: All privacy is personal. It’s not electronic information privacy. It’s not physical data privacy. It’s personal.

In other words, many people in your organization won’t care about data security, privacy policies, intellectual property protection or data breach until they understand what it has to do with them. If employees and executives don’t care about protecting their own identities (to prevent identity theft), how can you expect them to care about protecting corporate identity (to prevent data breach)? Like the emergency oxygen masks on a de-pressurized airplane, you’d better put your own on first or you’ll be worthless to those around you. Protecting yourself first isn’t self-centered; it’s effective and educational. Information Privacy Training begins at the human level and expands outwards to the group level. And it is not technical by nature.

This foundation of belief, despite and possibly contrary to the onslaught of information privacy acts, is clearly lacking among C-Level corporate executives. Look at the key findings of the Ponemon Institute/Ounce Labs study, Business Case for Data Protection, which surveyed C-Level executives about information privacy inside of their corporations (emphasis mine):

•    82% of the C-Level executives surveyed said that their organizations had experienced a data breach and many of them are positive they cannot prevent a repeat performance
•    53% of the CEOs surveyed said that the CIO is responsible for data protection, yet only 24% of the other C-Levels would point to the CIO as the one responsible for data protection overall
•    85% of those who are said to be in charge of data protection don’t believe that a failure to stop a data breach would impact their job

In other words, C-level executives know that a breach has already happened, are fairly certain it will happen again, know that they are unprepared to stop a recurrence, and yet they can’t clearly identify who will be held responsible, nor do they feel that they will be held accountable when the inevitable happens. At this stage, building a Culture of Privacy is mostly bluster, as is electronic information privacy.

According to Ponemon, the average organizational cost of one data breach to a company was almost $6.7 million in 2008. The negative effects on our bottom lines is what will give this topic traction, not any one privacy information act. The question is, how many data breaches can one company sustain, and how many does it take to get them to respond? Information privacy, electronic and otherwise, is vital to your company and in turn, your job security.

My next post will discuss some of the steps to take to make sure your company isn’t one of the victims in 2010.

John Sileo became America’s leading Information Privacy and Identity Theft Speaker after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, contact John directly on 800.258.8076.

Discover and Recover Quickly from Identity Theft in 2010

Picture 16

Since you can’t protect yourself 100% from identity theft, make sure that you Monitor the Signs! Heading into a new year people make many resolutions that they may or make not stick with, but protecting your identity should always be a top priority. Here are 3 effective tips to help discover and recover quickly if you become the victim of identity theft:

  1. Create a Dossier – A dossier is a collection of documents that are stored in a fire-safe and that you regularly review and update. It is a paper summary of your identity as the outside world sees it (businesses, organizations and governments). It is made up of several key documents: your credit report, bank and credit card statements, Social Security statement, wallet photocopies and your password list. Virtually any of your vital documents could be included in your dossier as well (birth certificates, marriage licenses, etc.). A dossier is a place where you can quickly access a complete record of your vital information in case your identity is stolen and you will have the necessary account and phone numbers at hand to cancel credit cards, bank accounts and to file credit disputes. And you can do it quickly.
  2. Order and Monitor Your Credit Report and Set up regular calendar reminders every 4 months for your next Credit Report. A credit report is a historical record of how you pay off money you borrow from others. There are currently three main credit bureaus in the United States—Equifax, Experian and TransUnion. Credit bureaus track your credit history, generate credit scores and produce credit reports—all for sale to other businesses. If you own a home, have a credit card, lease a car, or apply for or use credit of any sort, this information is reported to one, two or all three of these credit bureaus. In addition, they collect information on how timely you pay your bills, how often you are tardy, how frequently your credit is checked by companies and any changes of address, employment, or personal information. By monitoring these reports closely, you will know when someone else is using your credit file to their benefit. If an identity thief opens a new credit card or loan on your Social Security number, you will see it on your report. The quicker you spot the problem, the less trouble it will cause. You can also sign up for an Identity Monitoring Service and Identity Theft Insurance.
  3. Set up Account Alerts bank, credit card and investment accounts and make sure you check your monthly statements for any suspicious activity. Account alerts automatically notify you by email or text message (to your cell phone) when a transaction is made on your account. For example, if you make a purchase on your credit card, it will automatically send you an alert detailing how much was spent, where you spent it, and on what date. They will also alert you when a payment is due or is not received on time or when private information is changed on the account (often a sign of fraud). Alerts are a simple way to keep track of credit card usage, bank transfers, low account balances, investment moves and a handful of other helpful tasks without doing any extra work.

These 3 simple changes make a world of difference when it comes to protecting your Identity. Early detection will save you time and money in the long run. Make it a priority to protect your identity in 2010 for a safe, successful and headache free year!

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Facebook Privacy Settings Update

During a time when rules, laws and privacy settings are having trouble keeping up with technology, Facebook is having trouble keeping up with their ever growing population. Recently topping 350 million users, Facebook is scrambling to satisfy them all. Recently, Mark Zuckerberg, the CEO of Facebook, posted an open letter on the website discussing changes to the Facebook privacy setting that they are implementing to help make their users data less public. Take a minute to read the full article and protect your profile.

Order your copy of the Facebook Safety Survival Guide to make sure you and your children are protected online.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by [intlink id=”15″ type=”page” anchor=”Contact John Sileo”]email[/intlink] or on 800.258.8076.

Protect Yourself Against Mail Fraud

The reality is that unsecured, curbside mailboxes are prime targets for people who are intent on committing the crime of identity theft. Although I would suggest to stop using the mail to send and receive identity documents, this is not always possible. Therefore, here are alternative suggestions:

Lock Box. Install a locking mailbox that can be accessed only by you. These generally have a mail slot that allows the postal service to put mail into the box. Many newer neighborhoods already have some form of locking mailboxes.
P.O. Box. If a locking mailbox is not possible, get a P.O. box at your local post office and have sensitive documents sent there. It is a little bit more work, but gives you much more privacy.
In Person. When mailing sensitive documents, walk them into the post office and hand them to a postal worker. If it is after hours, drop the mail through an internal slot in the building. If there is no internal mailing slot, mail it the following day. This cuts out the most vulnerable stages of mailing.
UPS/FedEx. Have identity documents sent by UPS or FedEx and make sure that you require a signature for delivery. This makes the information harder to steal and you can track its location at anytime, which will alert you if the document isn’t delivered in a timely manner or is diverted somewhere else.
Send Checks to the Bank. Have sensitive documents (like new checks or credit cards) sent to your bank rather than to your home address. Pick them up there.
Watch for Cards. When new credit cards are coming through the mail, watch for them and call the credit card company if they don’t arrive in 7 to 10 days.
Quick Retrieval. If you are unable to install a locking mailbox and don’t have access to P.O. boxes, retrieve any mail within an hour or two of delivery. This lowers the exposure time of your mail.

According to the Identity Fraud Survey Report by Javelin Strategy & Research, 8% of all known identity theft is committed by mail fraud and the misuse can last for up to 175 days. But mail fraud is very difficult to catch, which means that the numbers are probably significantly higher. Just by protecting your mail against Identity Theft you can reduce your chances of becoming a victim by at least 8%.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by [intlink id=”15″ type=”page” anchor=”Contact John Sileo”]email[/intlink] or on 800.258.8076.

Google Dashboard Calms Privacy Critics

Google introduced the Google Dashboard on November 5th to help calm privacy critics. This provides a summary of the application data associated with your Google account.

Users are able to see what sites they visit, how many Docs they have created and share, how many iGoogle gadgets they are using, Google Reader info, Profile info, Tasks and YouTube history. This is great way for users to be able to see and control their data. It makes people more aware of what they put out there and allows them to set certain privacy settings. The Google Dashboard is currently available in 17 languages and you can Click Here to Read More.

John Sileo provides identity theft training to human resource departments and organizations around the country. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Fraud Report: SMiShing Identity Theft

Identity Theft Expert John Sileo’s Latest Fraud Report

Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.

According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:

Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.

In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.

Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.

To minimize your risk:

  • Approach all text messages asking for your personal information with a great deal of skepticism (Hogwash, to those in the know).
  • Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
  • If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).

John Sileo became America’s Top Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about bringing John to your next meeting or event, contact him directly on 800.258.8076.

Uncovering Business Identity Theft

While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.

Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses.  Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.

Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.

Most commonly criminals assume the name of a business, rent out office space in the same building and order everything from corporate credit cards to hundreds of computers and equipment. In one instance the culprit billed a law firm for $70,000 in purchased equipment, hired a moving truck and disappeared from the building before the fraud was ever detected.  This has been not only costly, but timely. If businesses had the same protection as individuals this would have been quickly resolved and the victims would have moved on. Credit card companies have also followed suit and began to remove the distinction between business identity theft and individual identity theft.

The lack of publicity on this type of Identity theft is solely due to a lack of reporting by companies. Businesses are required by federal law to notify consumers who’s personal information has been hijacked, but not if their businesses identity has been stolen. In order to save face, most business owners would rather not own up to such a breach to avoid looking like the pawn in a criminals scheme. Without incentives and assistance to a company who has experienced this type of transgression there is little reason for them to come forward.

Until businesses and their owners come forward to help uncover business identity theft there will be less laws in place to deter criminals and small businesses will remain vulnerable.

For more information on this issue check out BusinessWeek.

John Sileo provides identity theft training to human resource departments and organizations around the country. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.



Biometric Identity Theft: Stolen Fingerprints

Identity Theft is a huge and growing problem. According to the recent 2009 Identity Theft Fraud report by Javelin Strategy & Research, victims increased 22% in 2008 to 9.9 million. When businesses are involved, the companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.

The large impact that identity theft has on individuals lives and corporations’ bottom lines has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. The most recent debate is on whether the pros outweigh the cons. (To see some of the materials that influenced this article, please visit George Tillmann’s excellent article in Computerworld).

Biometrics uses physical characteristics, such as fingerprints, DNA, or retinal patterns to positively verify individuals. These biological identifiers are electronically converted to a string of ones and zeros and stored on file in the authenticator database.

The downside or weakness of biometrics is that the risk of data breach remains relatively the same. Just as a credit card number can be stolen, the numbers that make up your biometrics and are stored in a database can be stolen.  It may take longer for thieves to understand how to use these new pieces of information, but they will eventually be used.

Ultimately, this could be more dangerous than having your ATM PIN, credit card number, or Social Security Number stolen, and it will take longer to clear up.  In a worst-case-scenario, someone inside of the biometric database company could attach their fingerprint to your record — and suddenly they are you. The reverse is also true, where they put your fingerprint in their profile so that if they are convicted of a crime, the proof of criminality is attached to your finger.

What will stop thieves from electronically sending your stolen fingerprints to your bank to confirm that you really do want to clean out your bank account through an ATM in Islamabad? Fingerprints, when stored in a database, are nothing more than long strings of numbers. What will you do when your digitized fingerprints wind up on a government No-Fly list? If you think it takes forever to board a plane now, wait until every law enforcement agency in the free world has your fingerprints on file as a suspected thief or, worse, a terrorist.

The reality is that biometrics could be a great alternative to securing one’s identity – and they are quickly becoming a part of every day identification.  But we can’t go forward into the new world of biometrics thinking that it solves all of our problems. Like the “security codes” on the back of our credit cards, like the two forms of authentication required for most banks, like wireless encryption standards – thieves eventually find work-arounds. And so too will they work around biometrics. If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history — and our thumbprint will become just another Social Security Number.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 800.258.8076.

Follow John on: Twitter, YouTube, Facebook.