Cell Phone Tapping Solutions

Last week at an identity theft speech for the Department of Defense, I met two soldiers who alerted me to the new security risk of Cell Phone Tapping. SigInt (or signal interception) has long been a part of warfare and espionage. But the possibilities erupt with the advent of cell phone tapping. Imagine the conversation of a soldier being overheard by the enemy – deployment details, troop locations, command structure, strategic and tactical information. The prospect is terrifying for our national security.

This week, I was asked to help with a case of domestic abuse: the husband had installed Cell Phone Tapping Software (like computer spyware or keyloggers) on his wife’s phone prior to their divorce. During the divorce proceedings, he listened to every conversation, read every email and text sent from her phone, and could even control her calendar and applications (thanks to iPhone Tapping Software). Because of GPS tracking, he always knew where she was. When she switched to a new phone number and iPhone, iTunes must have synced the malicious software to the new phone along with all of the legitimate programs – allowing the abusive husband access to the new phone and continue stalking her. Cell phone tapping software allows the user to perform all of these tasks without your ever knowing it:

  • Silently record the entire text of all SMS text messages (allowing them to read all of your incoming and outgoing text messages)
  • Log information about each call (so that they know who you called, when and for how long)
  • Provide actual GPS positions (so that they know where you are anytime your phone is on)
  • Receive a text message when someone uses the cell phone so that the spy can call in and listen to everything being said (every conversation you have can be overheard and recorded)
  • Turn the cell phone into a remote listening device, even when the phone is not open or in use (allowing the spy to listen in on conversations anytime your cell phone is near)

Shortly after the identity theft speech,  I ran into this video from WTHR Indianapolis about tapping cell phones that corroborates all that I had learned – make sure you watch through to the end (you may need to double click to play the file):

If you are having trouble viewing the video, or want to see it in the original, please view their entire news story on Cell Phone Tapping.

Tapping a cell phone is quite easy with the right software (which can be purchased very inexpensively and legally). You see, the software was designed for “legitimate” purposes:

  • parents who want to track their child’s usage and text messages
  • husbands & wives who want to determine if their spouse is cheating on them.
  • businesses that need to enforce Acceptable Use in Vehicle Policies on company-provided phones or track their employees by GPS
  • law enforcement officials use the software to catch child predators
  • You can also back up your own cell activity as a record of all important text conversations and travels.

And now cell phone tapping software is being used by stalkers, hackers and identity thieves for around the clock surveillance.

Cell Phone Tapping Solutions

Until there is a better solution, your options are minimal:

  1. Password protect your cell phone so that only you have access (this isn’t as safe as it sounds, but it’s a start).
  2. Don’t allow anyone to have physical access to your cell phone if you think they have a reason to tap your communications (competitors, angry spouses, ex-partners, etc.).
  3. Consider turning off the GPS function when you don’t need it. This makes it harder for someone to track your location.
  4. Consider pulling the battery out of the phone if you are in a conversation where you do not want to be heard.
  5. Keep your eye open for software that detects spyware on your phone.
  6. If you have a cell phone issued by your company, they probably reserve the right to monitor your location and potentially to intercept your communications. Watch what you say.
  7. If you are in the military and feel like your phone is tapped, alert your S2 or InfoSec contact.
  8. Check back here frequently so that I can keep you posted on the latest developments.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Operation Get Rich or Die Tryin’ Still Lives

Operation Get Rich or Die Tryin is the name that Albert Gonzalez gave to his scheme of stealing more than 130 million credit and debit card numbers from you and me. Today, Gonzalez, along with two unnamed Russian conspirators, was indicted in the state of New Jersey. Gonzalez, known by his alias of Segvec, was part of a cyber-crime ring that hacked into the computer systems of at least five major companies, including Heartland Payment Systems, 7-Eleven, TJMAXX, Hannaford Bros. Super Markets and Dave & Busters.

This is likely the largest case of identity theft ever prosecuted, comprising more that 130 million card numbers

Tactics: Gonzalez and his conspirators reviewed Fortune 500 Companies, performed reconnaissance on their retail stores, determined weaknesses in their payment systems and then utilized malware (malicious software) to intercept credit card numbers, expiration dates and names as they were transmitted from company to company

The crimes occurred between 2006-2008

In the strangest twist, it turns out that Albert Gonzalez was an informant for the Secret Service… on a card theft case. He took part in an undercover operation dubbed “Operation Firewall” that netted the arrest of 28 criminals (excluding himself) in 2004. After the operation was completed, Gonzalez took on the nick (nickname) of Segvec, moved to Miami, and took up his criminal ways once again.

Lesson #1: IDENTITY THEFT IS TOO EASY and too profitable to give up. Lesson #2: The Secret Service just got socially engineered! They allowed an enemy inside the gates and gave him intimate knowledge of an operation that taught him how to up the stakes and go undetected for years.

His Russian counterparts will likely never be caught or prosecuted, and will make use of everything they have learned from the latest indictments. Somewhere in the case, there is a weakness they will exploit. Operation Get Rich or Die Tryin isn’t exactly dead.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, learn more about John Sileo.

Traveling Safety: Identity Theft Takes a Trip

Identity Theft Speaker John Sileo on Traveling Safety.

Traveling Safety has become a study of its own ever since the advent of identity theft. Your biggest concern may no longer be physical in nature (pickpockets, hotel theft, muggings); the value of the personal identity you carry as you travel is worth far more than the cash in your wallet.

We all love to plan the vacation of our dreams. I can almost taste the pasta Bolognese as I read about that out-of-the way trattoria half way down the ancient narrow vicolo (blind alley) in Tuscany. But there’s one area we often overlook that can turn that long-anticipated dinner into a nightmare – the theft of our most-valuable asset, our identity. Let’s fast forward – we’ve savored the last bite of pasta and drained our pitcher of the vino rosso locale before presenting our credit card.   Our friendly waiter looks concerned as he walks back to our table to tell us that our credit card has been declined. It doesn’t take us long to discover a thief has maxed out our credit and there is nothing left to pay for our dream. If we’re lucky, we’ll have a backup plan and pay by cash or another credit card. If we are less lucky, the thief has cashed out our bank account as well, has stolen our passport numbers to set up new accounts, or has gained access to a laptop computer full of sensitive personal and workplace data. What were we thinking (or not thinking) by neglecting traveling safety?

Traveling safely and preventing identity theft go hand in hand. Because we carry so much identity with us when we travel, because we are much less organized when on the road, and because thieves target travelers, the likelihood of identity theft while on vacation or business travel increases.

Traveling Safety 101

Traveling Safety – Before You Leave Home

  1. Travel light! Simplify and minimize what to bring with you. Take as little identity with you as necessary. If possible, leave the following items at home when you travel:

Checks and Checkbooks. Resist the temptation to carry checks or take only one or two for an emergency, carrying them with your cash in your money belt. Checking account takeover is one of the simplest crimes to commit and one of the most devastating types of financial fraud from which to recover. The easy alternative? Use a credit card or cash.
Debit Cards. You can reduce your vulnerability to having your checking account emptied while on vacation by leaving all debit cards (check cards) at home. Don’t be lulled into thinking that Debit/ATM cards are safe just because they have a PIN or password. In fact, the only time a PIN is needed to use the card is when it is being used at an ATM. No PIN is required when it is used at a store as a debit or credit card. Be aware, too, that debit cards don’t have the same financial fraud protections as most credit cards. The Solution? Ask your bank for an ATM-Only debit card (it won’t work in stores, only at an ATM) and make sure your password isn’t overseen when you are at the ATM. Better yet, use a credit card or cash.  The exception to this is when you are traveling in a foreign country and your debit card is the most economical method of obtaining cash from an ATM.
Extra Credit Cards. Every piece of identity you take with you creates more sources of potential fraud to which you are exposed. I recommend that if you are traveling with another adult, you each take one credit card (and if possible, take cards from two separate credit card companies. That way, you each carry only one card that can be lost or stolen, but you have a backup card if the other person’s card is lost, stolen or shut down because of fraud).  Make sure that your credit card company knows the dates and places you are traveling so that they don’t shut it down when charges are made out of town. Also, make sure you have a large enough credit line to cover your purchases while traveling.
Social Security Cards. You do not need your Social Security Card while traveling (or at any time other than your first day of work with a new employer), so leave it locked up at home.
Bills. Don’t try to take bills to pay while traveling.
Identity Documents. Leave birth certificates, passports (unless travelling internationally), library cards, receipts, etc. at home while you travel. Anything you don’t absolutely need should be left at home locked in a fire safe. If you can travel with only a credit card, driver’s license and health insurance card (as long as it doesn’t have your SSN on it), you will be much safer.

  • Photocopy the contents of your wallet/documents.Or make a list of all the contents and all your travel documents to carry with you in a secure place as you travel. It’s also a good idea to leave a copy at home with a trusted person whom you can contact. It will save you hours of frustration if anything is lost or stolen.
  • Hold the Mail. Your mailbox is an identity bonanza. Before you leave, place a “postal hold” on your mail so that your mailbox isn’t vulnerable while you are gone. Arrange with your post office that you (or your spouse) are the only people allowed to pick up your mail. Don’t have it “mass-delivered” the day after you return, as this puts everything at risk all at once. Instead, pick it up at the post office once you return.
  • Social Networking Sites.Don’t put an “Away on Vacation” note on your social networking sites just as you wouldn’t tack one to your front door. Broadcasting this information opens the door to criminals using that information while you are away.Think twice about any information you share on social networking sites.

 

Traveling Safety – During Travel

  1. Lock it Up. I can’t stress enough the importance of using the in-room safes that are now a part of almost every hotel room. They are simple to use and drastically increase traveling safety (decreasing theft by cleaning staff and other travelers). Lock up the following items: 

    Laptop Computers. Only carry your laptop with you when absolutely necessary. The rest of the time, place your laptop (or just the hard drive if your laptop is too big) in the safe while you aren’t using it.  While using your laptop to access online banking or other password-protected services from Wi-Fi networks, be sure the Wi-Fi hotspots are secure.
    Public Access Internet Facilities. If you’re using a public computer in hotel business centers or cyber-cafes, never access any sensitive information.  Keyloggers (software that can track your keystrokes) may be tracking you.
    Cell Phones/PDAs. While you go down to the pool or off shopping and don’t need your cell phone or other electronic device, store it in the safe along with jewelry, extra cash, your iPod, thumb drive or other valuables.
    Passports. Unless you are traveling in a country where you are required to keep your passport with you at all times, lock it up in the safe the entire time you are staying at the hotel.
    Other Identity Documents. Store your plane tickets, receipts, and any other identity documents (birth certificates, extra credit cards, visa, etc.) in the safe when not in use.

  2. Carry it Safely. I recommend carrying all of your identity documents (passport, credit card, driver’s license, tickets, etc.) in a travel pouch that fits around your neck or your waste (and inside of your clothing). It is a minor inconvenience, but it lowers instances of pick pocketing and unintentional misplacement. Thieves have unbelievably nimble fingers that can slip into your pocket or purse undetected so here’s an essential habit to cultivate: just before you leave your hotel room (especially in cities), verify that your money pouch is securely fastened around your waist or neck, under your clothes. 

    Use a Backpack. When possible, carry laptops and other large identity-storing items in a backpack that stays zipped and on your back at all times. It is easy to set down a purse, book bag or piece of luggage while at a ticket counter or retail store. Backpacks, on the other hand, are easy to keep on our person at all times, and are harder to break into without alerting the wearer.
    Watch Your Cards. When paying with a credit card in a restaurant, try to keep your eye on the card. If the server removes it from sight, they may be able to create a “clone” by using a portable card skimmer that will copy the information from the card’s magnetic strip. Many restaurants are now able to process the card at your table or you can take it to the register and observe the transaction.

  3. ATM Machines. Use your “ATM Only” card (one that requires a PIN and does not contain a Visa or MasterCard logo) at ATM machines found at banks or credit unions that are in well-lit areas. Be sure to examine the ATM machine carefully for signs of tampering. Be on the lookout for anything that looks suspicious. Save all transaction receipts in a specific envelope to make it easy to reconcile your bank statement when you arrive home.

Traveling Safety – Upon Your Return Home

  1. Monitor Your Accounts. Shortly after you return from your travels, pay special attention to your account statements to make sure that nothing out of the ordinary appears. If a credit card number or bank account number was stolen during your trip, this is how you will catch it early and keep it from becoming a major nightmare. Contact your provider and alert them to the breach immediately.
  2. Rotate Your Account Numbers . If you feel like your identity might have been compromised (e.g., your credit card number stolen), call your financial institution and have them issue a new card. This makes the old number obsolete, should anyone try to use it in the future.
  3. Pick Up the Mail! Don’t leave it in anyone else’s hands any longer than necessary. Make sure you shred any mail that you no longer need.

Think about Traveling Safety before you leave so that you can fully enjoy your trip instead of being preoccupied with identity theft. Safe travels!

Identity Theft Speaker John Sileo is America’s top identity theft expert. His clients include the Department of Defense, FDIC, Federal Reserve Bank, Pfizer and organizations around the world.

Data Breach Security: TJX is Our Fault!

The TJX security data breach is our fault.

TJX Cos. has been ordered to pay $9.75M in a data breach security lawsuit. The data breach settlement will be awarded to 41 states because TJX failed to protect customers’ financial information from a massive computer breach announced in 2007 that exposed millions of customers’ personal and credit card data to hackers.

The settlement amount is probably the largest ever, and it is comically low.

TJX lost somewhere between 40 and 90 million customer records, and there is a good chance yours was one of them if you shop at T.J. Maxx, Marshalls, HomeGoods or A.J. Wright. If only 10% of those breached records were ever used to commit identity fraud (let’s say 7.5 million records, to be conservative), at the average cost of identity theft recovery ($700), the damage to you and me is approximately $490 Million. So TJX paid about a 2% penalty for failing to protect our data. They value the safety of our being a customer at about 2%. They care about their own profits about 98%.

And it’s our fault! Why? Because even after their lax data breach security (they didn’t encrypt their wireless routers in the store, letting our information float, unprotected, in the airwaves), even after their loss of 40-90 million records; even after an expose on 60 Minutes, we continue to do business with TJX Cos! If the guy mowing your lawn stole from you, would you continue to hire him? No! And yet when a $300,000 identity is at stake, we shrug and let apathy take over. Because it is virtual, digital and seemingly unreal. But when it happens to you, and you spend your time and money repairing it, it quickly becomes real. Shame on us for going so quickly back to those who erode our trust. Until we take our role in data breach security seriously, organizations will continue to get off lightly.

The next time an organization makes you part of a privacy breach, penalize them by ending your relationship. That will send a message loud and clear.

Identity Theft Expert John Sileo is America’s top identity theft speaker. His clients include the Department of Defense, FDIC, Federal Reserve Bank, Pfizer and organizations around the world.

Laptop Anti-Theft: 7 Tips for Travelers

Laptop anti-theft, or protecting your mobile data, is a MUST for corporations and consumers. Almost half of workplace identity theft takes place because of mobile data. And the average value of the data on your laptop can be worth hundreds of thousands of dollars to a corporate spy or experienced identity thief. At the higher end of the scale, the value of the 26 million Veteran identities on a laptop lost over a year ago was estimated to be worth more than $100 million. Those are the types of computer security risks that can make your business unprofitable. But there are solutions.

Broken Window Theory: By removing graffiti and repairing broken windows in crime hot-spots throughout New York City, the NYPD was able to drastically reduce the entire city’s overall crime rate (not just the quantity of graffiti and broken windows), including thefts, burglaries, muggings and murders. In other words, certain actions that we take (e.g., focusing on crime hot-spots rather than on every type of crime) can have a disproportionately positive effect on achieving our goal (e.g., lower crime rates). Business translation: you get a far higher return on investment for certain well-planned tactical strikes than you do for far more expensive strategic initiatives.

My point? In the world of workplace identity theft and corporate data breach, laptop computers are the biggest broken window. Not only do laptops account for a disproportionate amount of data theft, but training the organization to properly protect mobile computers has a radiant effect on all other types of identity protection. Good habits in one area breed good habits in others.

Stop the theft of corporate laptops (or personal laptops with corporate data on them) and you have eliminated approximately 50% of the entire data breach problem at a fraction of the security cost.

Laptop theft generally occurs in transit: airports, hotels,  cars, commuter trains, conferences, off-site meetings, vacations, coffee shops, etc. Build laptop anti-theft training into your organizational culture of privacy:

7 Laptop Anti-Theft Tips for Travelers
Technorati Profile

  1. Laptop Anti-Theft Tip #1: Leave it at home. Okay, I know most of us won’t leave our laptops at home when traveling because we would be leaving our digital identity behind. But data theft goes through the roof on the road, so consider using your password protected iPhone or BlackBerry to keep in touch. If it is critical that you travel with your laptop, then…
  2. Laptop Anti-Theft Tip #2: Carry less data. Stop carrying data on your laptop computer that you don’t absolutely need. If you don’t need to have client information on the hard drive, don’t put it there in the first place. If you have an encrypted VPN connection with your company, pull the files off of your corporate network once you are at your destination (e.g., work, hotel, meeting). Many executives that have hired me to speak to their organizations (and take computer data security seriously) have an inexpensive netbook (very small laptop) that they take on the road. Its only purpose is for travel. Instead of carrying all of their sensitive files on the netbook hard drive, they take only what they need for the trip, and still have the ability to access the web, email and any cloud computing software (Salesforce.com, WordPress, etc.) during their travels.
  3. Laptop Anti-Theft Tip #3: Use strong passwords. Passwords are the primary locks on our laptops. Make sure that you create an alpha-numeric-symbol-upper-lower-case password, like P@55w0rd! (do you see the hidden word that makes this easy to remember? By the way, don’t use this password). The longer the password, the better. I recommend passwords greater than 8 characters. I use a password protection program that I love called 1Password (available for the Mac, which I use because I find it to be a safer computing platform). It allows me to use highly-secure passwords that I don’t have to keep track of in an unsafe way (a spreadsheet, in my phone, in Outlook).
  4. Laptop Anti-Theft Tip #4: Use the hotel safe (see the video above). Most hotels have safes in the room that let you determine the combination. I feel that these are relatively safe. Sometimes your laptop won’t fit, so I suggest that you pull the hard drive out of the laptop (which is where all of the identity lives) and place that in the safe. In a pinch, place the DO NOT DISTURB sign on your door when you leave for the day to lower the chances of someone entering your room during the day. True, your room won’t get cleaned, but you are keeping potential thieves not just from your laptop, but from any client documents, passports or intellectual capital that might be in the room. No matter how clever we are, hiding valuables is a poor option. Can’t you just picture a person who appears to be a hotel employee leisurely searching the few hiding places in your room?  A thief will know every one of those spots by heart. See the video above.
  5. Laptop Anti-Theft Tip #5: Encrypt your hard drive. The data on your hard drive is no good if the thief can’t make any sense of it. For a very small investment, you can install software on your laptop that makes it exceptionally difficult for a thief to get to your private information. Encryption turns your data into a puzzle that only your password unlocks. If you are using a company laptop, check with your I.T. department before installing encryption. They may have already done it for you. Apple laptops come standard with encryption, but you have to turn it on and understand the implications for your network sharing.
  6. Laptop Anti-Theft Tip #6: Lock it up. Even when you are not traveling, the best policy is to physically lock up your laptop. More laptops are stolen out of the back of cars while you are shopping, out of your laptop bag while buying coffee, out of your office while it is unattended and out of homes while you are on vacation. Take an extra minute to lock it up in a locking filing cabinet, a fire safe or behind a locked door. Even if it only makes it less convenient for the thief, it improves your chances that they will move on to a less prepared victim.
  7. Laptop Anti-Theft Tip #7: Destroy it. Remember, your data has a whole lot longer life than your laptop! When you are through with it, make sure that you digitally shred the hard drive before you donate it, give it back to the HR department or throw it away. Just because the laptop is out of date doesn’t mean that the data on it is too.

John Sileo lost his business and two years of his life to identity theft and data breach. Today he uses his gripping story, first-hand experiences and humorous interaction to inspire audiences around the world to protect corporate data. His clients include the Department of Defense, FDIC and Pfizer. To bring identity theft expert John Sileo to speak at your next conference or meeting, contact him on 800.258.8076.

Follow John on: Twitter, YouTube, LinkedIn, Privacy Project Newsletter

The 7 Deadly Sins of Privacy Leadership: How CEOs Enable Data Breach

Technology is not the root cause of identity theft, data breach or cyber crime.

We are.

Too often, technology is our scapegoat, providing a convenient excuse to sit apathetically in our corner offices, unwilling to put our money where our profits are. Unwilling, in this case, to even gaze over at the enormous profit-sucking sound that is mass data theft. The deeper cause of this crisis festers in the boardrooms of corporate America. Like an overflowing river, poor privacy leadership flows inexorably downhill from the CEO, until at last, it undermines the very banks that contain it.

The identity theft and data breach bottom line?

Corporate boardrooms across America care about the loss of people’s personal data about as much as Ford cared about recalling the Pinto when they began exploding on rear impact. Hey, it was cheaper to fight the lawsuits from the surviving relatives than re-engineer the gas tank. And it’s cheaper to take a tax write-off on fraud-loss line items than to dig this weed up by the roots. We fail to see the connection between privacy breaches and larger profit hits — liability lawsuits, brand damage, customer flight, stock depreciation, loss of trust in the company, bad press, etc. Just ask TJX, who has spent well over $500 million recovering from their data breach – a breach that could have been prevented with only tens of thousands of dollars.

In clearer terms, poor leadership (not technology) is the primary factor leading to data breach. And we stand by, you and me both, mostly silent and submissive, as corporation after corporation loses our private data. We suffer the consequences. It is our credit that is destroyed; our time wasted dealing with law enforcement, credit bureaus, collection agencies, bankruptcy courts, criminal charges and the deep and personal violation of being the victim of a crime that no one really cares about. It makes a great news story, but only because we can deny that it will ever reach us.

Millions of years ago we evolved from the primordial slime with a backbone built for standing up to our challenges. Why, all of a sudden, has our backbone disappeared? We’ve built the Great Wall of China, landed on the moon, eradicated polio and elected the first African American, Barack Obama, to be President of the United States. But we can’t protect the customer data, employee records and intellectual capital that gives our corporations their value? That underlies our capitalist economy? Information is our most valuable asset, but god forbid we invest in a privacy strategy to protect that asset.

The 7 Deadly Sins of Prviacy Leadership: How CEOs (and other Executives) Enable Data Breach

As an identity theft speaker who travels the country speaking on this topic, I’ve noticed that a majority of corporations experiencing data breach and workplace identity theft share similar weaknesses in their overall privacy fabric. You have an opportunity to learn from their mistakes before they become yours. Begin by asking yourself whether you (as a leader) or your organization suffers from any of the 7 Deadly Sins:

  1. Apathy – a disturbing lack of care for and attention to a crime you incorrectly believe will never seriously impact your bottom line. If you have never had a corporate-wide privacy education initiative, you are a prime candidate for this weakness.
  2. Ignorance – many leaders refuse to admit that they don’t know what they don’t know. For example, do you know the value, location and confidentiality of your sensitive data?  Do you know how it is protected, how long it is maintained and why you keep it in the first place?
  3. Arrogance – some executives see themselves as champions of data privacy because they have a strong IT department, but fail to see that privacy doesn’t exist in a silo. Does your organization tend to believe that data privacy is the realm of the I.T. Department? If so, you are overlooking other critical functions (human resources, sales, intellectual property, legal compliance) that are touched by privacy concerns on a daily basis.
  4. Greed – many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
  5. Hypocrisy – many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
  6. Paralysis – some companies and executives have difficulty breaking old habits and, by default, choose to perpetuate high-risk data practices. Do you collect certain private information simply because you always have? Have you ever re-evaluated your hiring policies to take corporate espionage, workplace identity theft and insider fraud into account?
  7. Procrastination – Even executives who care about, educate themselves on, admit to, have the budget to invest in and personally practice data safety… never get around to doing something about it at the corporate level. When you are finished with this article, how will your behavior change? Will you get to it later?

This is not an easy topic, but running an organization isn’t an easy task. Leaders that guide their corporations to develop a privacy strategy that avoids these security sins will achieve a long-term competitive advantage in the marketplace. And in the marketplace of ideas, in the oft-proclaimed information economy, what better asset to protect than our private information?

John Sileo is a victim of The 7 Deadly Sins of Data Privacy. After losing his business to data breach and his reputation to identity theft, John became America’s leading identity theft speaker. He uses his gripping story, first-hand experiences and humorous interaction to inspire audiences around the world to protect corporate data as if it were their own. His clients include the Department of Defense, FDIC, AARP and Pfizer. Learn more at www.ThinkLikeASpy.com.

An Identity Theft Lesson for Christmas Retailers (and shoppers)!

I just returned from a Kohl’s store where I was picking up a gift card for our annual Christmas Eve gift card swap with my wife’s family. Instead of giving everyone presents and going to all that work, we simply each buy a gift card for $10 that we think others would like to receive, and then we do a white-elephant lottery where the second person to draw out of the bag gets to take away the gift card from the first person (or blindly draw out a new card out of the hat) and so on down the line. At the very end, the first person gets to choose to take any one of the gift cards. It is low cost, low conflict and an absolute blast. You can probably already tell that my wife came up with the idea, not me.

So I was standing at the cash register at Kohl’s and the clerk asked the woman in front of me (who was paying) to see her ID in addition to her credit card. The woman complained and the clerk explained that it was for her safety, not his. “That’s Inconvenient!”, she roared, and stormed out of the store.

Grumpy Holiday Lady, listen to me:

  1. The Kohl’s clerk didn’t do it to be a pain in the proverbial arse, he did it because there is an amazingly high incidence of identity theft during the holiday season, especially at discount retailers such as Kohl’s.
  2. If someone were illegally using the credit card you distractedly left at the gas station just hours before, he would have stopped the crime.
  3. I can almost guarantee you that the clerks at most major retailers are not trained to ask for your identification before they let you use a credit card. As nice as it would be, the industry isn’t that far along yet. If Kohl’s is, then I salute them. But as I was saying, Scott (the checker I had), actually took it upon himself to protect YOUR interests, and you thank him by yelling at him and embarrassing him? He wasn’t required to do it, paid to do it or even aware that he should do it. But he did it. He deserved a big thank you (I should know, I’ve lost $300,000 to this crime and have now had my identity stolen for a fourth time – thanks Countrywide Mortgage).
  4. A report just cam out in the past few days showing that retail identity theft and crime is increasing thanks in part to the declining economy. So the problem is only getting worse, and clerks like Scott are only making it better.

Wake up out of whatever stupor allows you to treat poorly the people who are trying to help you, and buy that 17 year old kid a gift card.

John Sileo
Retail Identity Theft Expert

Military Identity Theft Protection & Prevention Kit

Military personnel have unique and pressing reasons to pay extra attention to protecting themselves from military identity theft, as well as guarding the private data of their loved ones. For example:

  • Historically, the armed forces have used pieces of identity (including Social Security Numbers) to openly identify personal items, including: dog tags, military IDs, commission papers, pay checks and duffel bags. While this practice is being fazed out, it still increases the risk of identity theft among military personnel.
  • If a member of the military has their identity stolen while deployed (especially overseas), it is exceptionally difficult to recover from the crime in a timely and effective manner. Can you imagine trying to repair your credit rating from the streets of Iraq or prove your innocence to a collection agency while crouched in the bunkers of Afghanistan? To add insult to injury, returning from a tour to find that your credit has been destroyed and that you are wanted for crimes you didn’t commit can be overwhelming.
  • Our airmen, soldiers, sailors and marines can be called to duty in an instant. If financially unprepared, this leaves their families vulnerable to attack. It is imperative that we proactively protect not only ourselves, but our loved ones as well.
  • Protecting the privacy of our military is a national security concern. In the age of cyber-attacks and digital warfare, we cannot leave our fighting and peace-keeping personnel open to attack.

Because of these additional risks, it is imperative for our military personnel to implement the steps below to prevent military identity theft. For those who have heard enough and are ready to act, I have summarized the steps in a simple list. Beneath the list, I give more complete explanations of each recommendation (not necessarily in the same order as in the list).

Summary

  1. Opt out of financial junk mail by registering at www.OptOutPreScreen.com.
  2. Shred any paper documents that would go in the trash with a durable and safe confetti document shredder.
  3. Freeze your credit with Experian, Equifax, and TransUnion or enable active duty alerts with those bureaus.
  4. Use Identity Monitoring to track your data.
  5. Lock your identity documents in a bolted-down, fire-resistant document safe.
  6. Protect your computer with security software, a firewall, secure Wi-Fi, encryption and strong passwords.
  7. Track your credit report 3 times per year for FREE at www.AnnualCreditReport.com. (No further explanation necessary, just do it!)
  8. Visit Army Knowledge Online (AKO) for military-specific identity theft prevention tools.
  9. For further tools, purchase a copy of Privacy Means Profit.

Detailed Explanations

1. Opt Out of Financial Junk Mail

Problem: Your private data is bought and sold by junk-mailers without your knowledge.
Solution: Opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.

There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”. Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-Approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies. But it is your right to stop the sale of your information. To opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com. There is no cost to you for opting out.

Once you’ve completed this step, begin opting out of ALL information sharing on every account you have (bank, brokerage, mortgage, utilities, phone, etc.) as well as with the Direct Marketing Association.

2. Shred Your Paper Trash

Problem: We throw away private information every day. This is where dumpster divers begin.
Solution: Buy a high-quality document shredder.

Assume that any document you throw out will end up in the hands of an identity thief. Get in the habit of either chopping or locking documents and disks that contain identity (name, phone number, address, social security number, account numbers, passwords, PIN numbers, phone numbers, client information, childrens’ information, etc.).
When buying a paper shredder, I recommend the following features:

  • Cross-cut confetti shredding
  • 10+ pages of simultaneous feeding capacity
  • Allows shredding of stapled documents, credit cards and CDs

The shredders I like best are made by Fellowes. I like Fellowes because of their SafeSense technology, which turns the shredder off if your fingers (or your kids’ fingers) get too close to the shredding device. This adds a great deal of peace-of-mind to an already effective product. They also have anti-jamming technology that makes them less frustrating than other brands and they don’t seem to break down as frequently. Convenience is key! Make sure you place a confetti shredder next to ALL of the places that you handle identity (where you open your mail, your home office, your desk at work) and shred everything possible. Don’t skimp here – if you don’t make it convenient for yourself and your employees, it won’t get done. If a document has identity of any sort on it, shred it, even if it isn’t your information. Don’t forget to destroy digital files as well, like those that live on a hard disk when you donate your computer. If you can’t shred it, lock it up in a fire-safe (see below).

3. Freeze Your Credit File

Problem: If a thief gains access to your credit file, they can spend everything you’re worth.
Solution: Freeze your credit with Experian, Equifax, and TransUnion.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion. The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.
Don’t let anyone talk you out of freezing your credit. It is the number one thing you can do to prevent credit fraud. To learn more about freezing your credit, visit the three credit bureau credit-freeze sites here: Experian, Equifax, and TransUnion.

4. Use Surveillance to Monitor Your Online Identity

Problem: Your private information is floating around on the internet and exposing you to risk.
Solution: Monitor your online identity conveniently with sophisticated identity surveillance.

When my audiences learn that only about 25% of identity theft can be caught by monitoring their credit report, they often ask me to evaluate the more sophisticated identity theft monitoring and protection services in the market place. Not all identity monitoring services are created equal. I recommend an identity surveillance service that monitors the following aspects of your identity:

  • 24/7 monitoring of your credit file (most services provide only this – nothing more)
  • Non-credit loans (pay-day loans, etc)
  • Government records
  • Public records disclosure (court cases, real estate transactions, etc.)
  • Nation-wide criminal databases
  • Cyber-trafficking of your private information over the internet
  • The better services will also offer recovery services and identity theft insurance

I choose a particular identity theft monitoring company because of the quality and volume of monitoring they provide, the convenience of their service, and the safety of their data centers. Here’s how it works. Rather than waste hours monitoring all of the potential sources of identity theft myself, the product does it for me, automatically. Every month, a report shows up in my email inbox letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial – if we make it easy to be safe, we will be safe! You should expect to spend approximately $200 per year for a good service (far less than you probably spend to insure your car and home, which are worth far less than your identity).

5. Lock Up Identity Documents

Problem: Identity documents that are left unlocked in our homes and offices open up profitable opportunities for identity thieves.
Solution: Purchase a fire-resistant document safe to securely store all of your identity documents.

A majority of our most valuable identity documents (passports, birth and death certificates, wills, trusts, deeds, brokerage information, passwords, health records, customer data, employee records, etc.) are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, bankers boxes, office drawers or out in the open, on our desks. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.

To store them securely, purchase a fire-resistant safe. Think of it this way. Your identity is probably worth something close to $300,000 (even if your credit is poor), not to mention the value of any business data for which you are responsible (customer records, employee information, intellectual capital). Spending a few hundred dollars to lock up the keys to your identity is simple.
Look for a fire safe that meets these requirements:

  • Able to withstand 1500° F for 30 minutes
  • Lockable by key or combination
  • Able to be secured to the foundation of your home (to prevent safe theft)
  • Preferably waterproof (where there’s fire, there’s water)

I recommend fire-resistant stackable filing cabinets because they are nearly indestructible, inexpensive and protect your data from both fires and theft. They also allow you to expand your storage capacity as you protect more and more of your identity.

One important note: increasingly, thieves are breaking into homes and businesses in order to steal identity documents. By placing them all in a central location (such as a fire safe), you are making it easier for them to steal everything at once. I suggest that you have your fire safe bolted into the foundation of your home or business. This small expense could save you hundreds of thousands of dollars. It’s no more expensive than putting dead-bolt locks on your doors.

6. Protect Your PC

Problem: The information stored on your computer can be compromised if left unprotected.
Solution: Follow the 7 Steps to a System Lock-down listed below.

In order to protect all of the identity documents stored on our home and work computers, it is important to close all of the potential data leaks. The following suggestions will get you started, but please hire a computer security professionally to help you protect this very valuable asset in the fight against identity theft.

  1. Create strong, alphanumeric passwords. Read your copy of Privacy Means Profit for further details.
  2. Employ a highly-rated security software suite on every computer you own. It should include: anti-virus and anti-spyware scanners; password protection, phishing and pharming filters and a firewall.
  3. Configure your Windows systems for automatic security updates.
  4. Utilize encryption software (for professional-level protection). Encryption is more complicated than I can explain in a bullet-point, so please check back for a more detailed article on encryption.
  5. Physically lock-down your computers (especially if you use a laptop or hand-held). Desktop computers and workstations should be locked in your office, both at work and at home. More private data disappears because of stolen laptops than any other source.
  6. Secure your wireless network. Make sure that the connection is not open to anyone with a wireless device and that you use WPA encryption, NOT WEP.
  7. Secure your Mobile Data Devices (iPhones, BlackBerrys, Treos, Palms, Thumb Drives, Laptop Computers) using all of the tools above. Just because they are small doesn’t mean that the data on them isn’t worth a mint.

Naturally, these steps will get you started down the road to protecting yourself from military identity theft. But there are many more suggestions than the ones above to continue protecting your identity.

John Sileo
Professional Identity Theft Speaker

Identity Theft Prevention in a Hotel

I just finished giving an identity theft prevention and data privacy speech for Pfizer and one of the questions I received was how to protect your laptop, passports, client files, etc. when you leave them behind in your hotel room. I’ve blogged on this before, but thought that I would post a quick video reminder on protecting your identity in a hotel room. We are at such a greater risk of identity theft when we are traveling that it is worth taking a second look at your habits.

For more tips of this type, please visit my YouTube Identity Theft Expert Video Channel at www.YouTube.com/JohnSileo. It is relatively new, but my office is working diligently to add content every week. Some people like to read, some like to watch, so I will continue to add blogs of both types. Travel wisely this summer.

John Sileo
Motivational Identity Theft Speaker

Top Tips to Stop Tax Time Identity Theft

If you receive my newsletter, you’ve already seen this article on identity theft during tax season, but I thought I would re-post it here.

Tax time is like Christmas for identity thieves. Our personal information sits out on desks (ours and our tax preparer’s), is mailed improperly, emailed incorrectly and stored unsafely. And to top it all off, we are used to giving our personal data away during tax time, and therefore preconditioned not to give the risks much thought. It’s time to think about it.

Top Tips for Tax Time Identity Theft Protection

Safe Preparation. If you use a tax preparer, understand how they protect your privacy. Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the second tip below? How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Asking professional tax preparers these questions directly sets an excellent standard for your relationship. They should be able to answer them without pause. If they know that you are aware that tax documents attract identity thieves, they will probably be more careful with your information. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.

Secure Computers. Last year, more than 77 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Have a trusted computer security professional help you implement the 7 steps to a system lock-down (Passwords, Anti-virus/Anti-spyware, Encryption, Automatic Operating System Updates, Secure Wireless Networks, Firewalls and Mobile Computing Devices) and make sure that your tax preparer does the same. Also, make sure that all peer-to-peer networking is turned off or configured to disable the sharing of your personal folders (so that the identity thief can’t download your tax return). Lock all PDF printouts of tax documents with a password (a feature available in Adobe PDF products).

Don’t Buy it! If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). Anytime someone is promising too much (bigger refunds, faster service), or threatens you (e.g., “the IRS will come after you if you don’t do this”), your instincts should warn you that they are probably trying to get information out of you by playing on your desire to get something for nothing, and your desire to avoid confrontation. This is especially apparent with the new economic stimulus tax-time checks that go into effect this May. If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)!

Mail Safely. If you are sending your tax return through the mail, make sure to carry it inside of the post office and send it by certified mail so that you know it has arrived safely. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else. Don’t email any private information to your tax preparer or spouse unless you are very comfortable with how to encrypt email. If you don’t know how to encrypt, don’t count on email as a secure form of communication. If you don’t want it published in the newspaper, don’t put it in an email.

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your Sentry Safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well.

Your tax records are one of the most comprehensive and complete collections of your identity. Don’t take the threat of them disappearing too lightly.

John Sileo
Identity Theft Speaker