Beware Cyber Security Grinches & Holiday Scams

[youtube https://www.youtube.com/watch?v=gERBwp1o-yE&rel=0]

‘Tis the season to receive holiday scams in your email, on your Facebook page and via text. But you won’t be singing tra la la la la if you click on links that install malware on your computer! More and more of us seem to be conducting our holiday shopping online, and the cyber security Grinches are taking advantage of this new-found holiday convenience. There are several varieties of holiday scams that seem to come around each year.

The first red flag might be the Subject line of the email: “Order Confirmation”, “Acknowledgement of Order”, “Order Status”, “Thanks for Your Order”, “Problem With Your Order”, “Delivery Failure”, “Canceling Your Scheduled Delivery”, etc. It may tell you that an order is ready for you and you just need to click on the link to get the information about how to redeem it. Or, it may play on your fear of not getting a package out before Christmas and say you haven’t provided a correct address – this is a fear-based holiday scam.

Holiday scams usually appear to come from well-known companies, are VERY realistic looking and even use actual logos.

Once you click on the link, however, malware is installed on your computer that may gather email credentials, credit card data, logins and passwords in addition to making your computer a magnet for junk mail. It can also deploy a scanning technology that uses your computer to scan websites for vulnerabilities and then hack them!

Cyber Grinch or Real Deal? How to Tell the Difference…

If you do receive an email, scammy or otherwise, even if you did indeed order from that store, follow these steps:

  1. DO NOT CLICK ON ANY LINKS IN THE EMAIL!
  2. Instead, open your web browser and type in the merchant site and log in to your account (which you had to establish to order from them).
  3. If it the email you received was about a legitimate order, they will provide you with an order or reference number which you can type into their website to verify activity.

In other words, verify that the email is legitimate by going directly to the site; don’t depend on the email. If for some reason you did click on a link that brought you to a website, make sure that you don’t click any more times on that site, and don’t fill out any information that they might be requesting.

(For more solutions to common scams related to the holidays, or really, all year long, check out our entire 12 Days to a Safe Christmas blog series.)

When not protecting readers around the holidays, John Sileo is an an award-winning author and keynote speaker on identity theft, cyber security, internet privacy & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
[youtube https://www.youtube.com/watch?v=B1st4gzcdLs&rel=0]

Android Flashlight App Shines Light on Your Data

Android flashlight apps harvesting your data for marketing & cyber crime.

You LOVE that flashlight app you have on your smartphone, right?  Whether you’re in that dark restaurant with a size 2.5 font or wanting to share your love at a concert or finding your keys in your purse…you wonder, how did you ever live without it?

Well, it turns out the creators of that wonderful app love it, too, because it has become a way for them to get ahold of your personal data to use or sell.

Android devices seem to be especially vulnerable.  Snoopbit studied the top ten Android flashlight apps and discovered that every one of them collects unnecessary user data and accesses areas of the device completely unrelated to the purpose of the app.  This includes having the ability to read phone status and identity, view Wi-Fi connections, modify system settings, obtain full network access, and determine your precise location via your phone’s GPS, among other permissions.

Snoopbit tested these flashlight apps: Super Bright LED flashlight, Brightest Flashlight Free, Tiny Flashlight + LED, Flashlight, Brightest LED Flashlight, Color Flashlight, High Powered Flashlight, Flashlight HD LED and Flashlight: LED Torchlight.

If you have any of these apps on your phone, uninstall them immediately.  You can also investigate “permissions groups” to learn more about what an app will be able to access on your device (see below). With permissions groups, you can quickly see what capabilities or information an app may use before downloading it. Also, you can review individual permissions at any time using the Play Store app.

It’s a good idea to review permissions groups before downloading an app. Once you’ve allowed an app to access a permissions group, the app may use any of the individual permissions that are part of that group. You won’t need to manually approve individual permissions updates that belong to a permissions group you’ve already accepted.

To review individual permissions and groups used by the latest version of an app available on the Play Store:

  1. Open the  Play Store app.
  2. Go to an app’s detail page.
  3. Scroll down to “Additional Information.”
  4. Select View details.

After you’ve installed an app, you can review the permissions it can use on your Settings menu.

  1. Open your main Settings menu.
  2. Select Apps or Application Manager.
  3. Select an app.
  4. Scroll down to “Permissions.”

The pre-installed iPhone flashlight app seems safe, and those apps using iOS and Windows Phone OS are not as dangerous, but third-party apps on Windows Phone and at the iTunes store are also accessing unnecessary sensitive user data and location information, and unnecessarily using the internet, collecting data and building user profiles.  Apple Users can find more information on app privacy here: https://support.apple.com/en-us/HT6338

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

GameOver Zeus Virus Test

The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.

Overview of GameOver Zeus

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Systems Affected by GameOver Zeus Virus

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Impact of GameOver Zeus

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

Solutions to GameOver Zeus

Users are recommended to take the following actions to remediate GOZ infections:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date.
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

F-Secure      

https://www.f-secure.com/en/web/home_global/online-scanner(link is external) (Windows Vista, 7 and 8)

https://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142(link is external) (Windows XP)

Heimdal

https://goz.heimdalsecurity.com/(link is external) (Microsoft Windows XP, Vista, 7, 8 and 8.1)   

McAfee

www.mcafee.com/stinger(link is external) (Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8)

Microsoft

https://www.microsoft.com/security/scanner/en-us/default.aspx(link is external) (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

https://www.sophos.com/VirusRemoval(link is external) (Windows XP (SP2) and above) 

Symantec

https://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network(link is external) (Windows XP, Windows Vista and Windows 7)

Trend Micro

https://www.trendmicro.com/threatdetector(link is external) (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

FireEye and Fox-IT

www.decryptcryptolocker.com(link is external) FireEye and Fox-IT have created a web portal claiming to restore/decrypt files of CryptoLocker victims. US-CERT has performed no evaluation of this claim, but is providing a link to enable individuals to make their own determination of suitability for their needs. At present, US-CERT is not aware of any other product that claims similar functionality.

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Revisions

  • Initial Publication – June 2, 2014
  • Added McAfee – June 6, 2014
  • Added FireEye and Fox-IT web portal to Solutions section – August 15, 2014

 

John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

A Smarter Solution for Thief-Proof Passwords

Product Review on Password Manager Software

It often amazes me to find out how many people shy away from implementing ideas that they KNOW will make them safer. There are a multitude of reasons I know:

  • Ignorance: “I didn’t know there was a helmet law in this state.”
  • Fear: “But if I put my money in a bank, there could be a run on it.  It’s safer under my mattress.”
  • Misunderstanding:  “Well, I thought that sign meant I could park here for free on Sunday.”
  • Laziness: “It’ll be okay to leave my laptop on the table while I run to the bathroom real quick.”

I could reel off ideas for literally hours, and every one of these reasons relate directly to not safeguarding your passwords as well. But I want to assure you that it may be THE most important thing you do to secure your data. One of the easiest things anyone can do is utilize a password manager program. There are a lot to choose from but the one I personally recommend is the award-winning 1Password, which remembers and securely encrypts all of your passwords so you don’t have to. You merely come up with one secure master password and then train 1Password to log in to sites for you.

So what exactly are the features of 1password?  There are a LOT!  The best:

  • Strong password generator— a single click gives you a random, extremely strong new password using combinations of hyphens, digits, symbols and mixed cases letters.  No more having to think of (and try to remember!) catchy, unhackable passwords for each account.
  • All these strong passwords are saved within 1Password in a highly protected way, and are ready to be automatically accessed when needed by simply typing one master password that only you know.
  • Ease of use– one click can open your browser, take you to a site, fill in your username and password, and log you in.
  • 1Password can sync your data across all your devices automatically through iCloud and Dropbox, or locally over Wi-Fi where your data never leaves your network.
  • The vault will store your credit cards, reward programs, membership cards, bank accounts, passports, wills, investments, private notes and more.  It has been compared to a 21st-century digital wallet.  (But no one can pickpocket you.)
  • 1Password is one of the few password manager options to allow file attachments, so you can safely store related receipts and images, and it will also keep track of your software licenses.
  • 1Password can show all your items with weak, duplicate, and old passwords so you can decide which ones to fortify and update.  No more using five variations of your childhood dog’s name.  It will look at the strength of each password as well as find duplicate passwords and replace them with strong, unique ones.
  • 1Password is fluent in multiple platforms and browsers, including Mac, Windows, iPhone, iPad, Android, and Windows Phone.
  • If your 1Password vault is in Dropbox or a USB thumb drive, you can decrypt and use it from any traditional computer in the world with a modern browser including Safari, Chrome, Firefox and Opera. This has security implications of its own, which I’ll address in a later post.

The prices vary based on the platform used and license purchased, but the prices are reasonable and worth it!

Fully 50% of the corporations that I work with and speak to have had data breaches due to poor password habits. Surprising, given how many of those would have been avoided had they simply used password manager software like 1Password.

[youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

5 Steps to Stop Lost Wallet Identity Theft

How to Protect Your Lost Wallet or Purse against Identity Theft

In a panic that your lost wallet or stolen purse might lead to identity theft?  Take a deep breath and then take the First 5 Steps to Stop ID theft. First, you need to understand that a lost wallet or purse is one of the most concentrated sources of identifying documents. For now, assume that your lost or stolen wallet or purse will be used to exploit your identity. Sometimes, even when your missing item shows up unexpectedly, the damage has already been done by a clever thief who is simply returning your valuables so that you don’t suspect further theft and shut down your accounts. Don’t take any changes. Instead, take these first five steps (adapted from my Identity Theft Recovery Guide):

1. Inventory Your Lost Wallet or Stolen Purse from Memory

Want us to walk you through the entire recovery process with quick videos, easy forms and expert advice as you go? Click on the Recovery Guide and get started before your wealth evaporates.

The first step is to identify exactly what was in your purse or wallet.  If you haven’t photocopied everything, start making a list and add to it over the next few days as you remember more.  Here are some of the highest risk items:

Checks/checkbook*, Cell phone or smartphone, Keys, garage openers, Credit cards, debit cards, ATM cards, Drivers license, Student ID cards, Military ID cards, Medical ID cards, Auto insurance, Social Security card*, Loyalty cards, Bills to pay, Passport*, Library cards, Birth Certificates, Receipts, Passwords, PINs*, Child/Parent InfoWork ID…

* You should NEVER carry these items with you unless absolutely necessary for a certain occasion.

2. Make Immediate Calls & Log Conversations

The next step is to make calls regarding missing items and keep a log of all correspondence. The sooner you properly shut down these accounts, the less you will lose. (See Video or Identity Theft Recovery Guide)

3. Protect the Sensitive Data on Your Mobile Devices 

If you have taken any preventive steps to protect your mobile device, such as remote tracking and wiping, don’t hesitate to remotely erase your mobile device. It is a digital treasure trove of personal identifying information. If you haven’t already implemented remote tracking and wiping on your cellphone, do so now. (Step 4)

4. Change Passwords on Affected Online Accounts

If you carried any information regarding your online accounts in your lost wallet or bag (especially on a smartphone or tablet that was stolen too), immediately change passwords on all relevant online accounts. A single mobile phone can have multiple logins for banks, investment brokers and numerous financial institutions. I highly recommend utilizing a password protection software to encrypt and protect your numerous passwords.(Step 5)

5. File a Police Report

In order to draw a line in the sand (any crimes committed in your name or money taken out of your accounts that happens after the police report are easier to defend, should it be required.) As discussed in the Guide, filing a police report can be difficult, so attempt to submit it online before trying in person. (Step 8)

In total, there are 31 unique steps for you to consider during the recovery process, including filing victim and police reports, locking criminals out of your credit, taxes and medical benefits, as well as defending your online accounts, children’s identity and safeguarding your financial investments.

John Sileo is the award-winning author of four books on identity theft, including The Identity Theft Recovery Guide. John delivers keynote speeches to conferences and companies that don’t want to end up as the next data breach headline. His clients included the Department of Defense, Pfizer, Visa and Homeland Security. Watch John keynotingon Rachael Rayor through the eyes of his clients.

 

How do I Get Businesses to Ask For Photo ID?

You’ve probably heard that instead of signing the back of your credit card, you can protect yourself by putting the words “Photo ID required” or “See photo ID”.  So we went out to test this method to see if it actually gets people to do that.  I presented my card at various shops (sporting goods stores, frozen yogurt stands, fast food joints…) and filmed the transactions.  In this small sampling, I found five who did not ask for my ID and six that did.

I wonder if you can guess what the difference is between the people who didn’t ask for my ID and the ones who did.  The answer?  I had written “Photo ID Req’d.” on the FRONT of my card (in several places, in fact) in the cases where it was requested and only on the back where it was not.

When you ask for privacy—when you ask for it loudly—people start to pay attention.  Not only do they pay attention, but they start to ask you why you do that and you get to educate them!

Remember also that you can’t just put “Photo ID Req’d” on the signature line.  You need to SIGN YOUR CARD or it means you’ve never completed your contract with your credit card company and they can hold you liable for everything spent on that card once you’ve activated it.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Over 90% of Rachael Ray Show Audience Faces Identity Theft Risks

Recently, I was asked to do a segment for The Rachael Ray Show that demonstrated very visually how many audience members face immediate identity theft risks. Watching them move across the stage as we exposed two or three common sources of identity theft was remarkable. Once we had experienced the numbers, we ventured into the house of one of Rachael’s audience members to see how to mitigate the risk. Watch the video to see if you would have joined the “at risk” group, or read the transcript below:

Rachael: We had the audience stand back here because we all carry several items on any given day, EVERY given day, that put us at risk.  So John, you’re going to weed out our audience so we can all learn in how many areas we are seriously at risk if we have certain items on us, correct?

John: Perfect.

Rachael: Okay, how are we going to get them started?

John: The first one is your Social Security card. If you carry your Social Security card.

Rachael: If you have your actual your Social Security card, I’d like you to cross the room and come to this side of the studio.  (Audience members cross.)  A few people–not many.  I don’t carry mine, either.

John: A few have got it.  A lot of us do it.

Rachael: To me, Social Security numbers- they ask for them everywhere. The bank, the doctor–everywhere.  I know the number.  I don’t carry the card, but it is like your signature.

John: It is.  It’s your net worth.  It’s your future buying power, so a thief with a Social Security number–they can buy a home as you.  That’s what happened in my case.  They purchased a home.  They go bankrupt as you.

Rachael: A house?

John: Yes, she bought a house.  It was a woman.

Rachael: Just like in the movie! That is amazing.  And a woman took your Social Security number and it didn’t even occur to anybody- it’s not a man named John?

John: I know and then went bankrupt-as me.

Rachael: Oh my God–I just want to feed you spaghetti!  Okay, I think we’re going to move a lot of people on this next item.  Tell them the next item.

John: Yes.  If you have a smartphone without a passcode on it.  So without the four digit code or some sort of a passcode.

Rachael: If you have an unprotected phone, move it.  (Many audience members move.)  I knew we’d get a lot of them on that one.  Okay, now explain why you’re even more at risk without a passcode, even though it’s fairly obvious.

John: You bet.  So the smart phone is part of who we are, right?  It’s become an extension of ourselves.  It’s literally part of our identity.

Rachael: Access to everything.

John: Let me give you an example of how easy it is.  The thief takes it off the table at a cafe, right?  They walk outside- no passcode on it.  So they quickly surf through your websites or your contacts.  They see where you bank.  Then they go, ON THAT PHONE, to the bank’s login page and they hit the “forgot my password” link…

Rachael: And it sends it to you!

John: And it emails it to the thief!

Rachael: AGGGHHH!

John: They’re right in your account.  Bam! It’s that easy.

Rachael: One more thing.  We’ve gotta move more people.  Give us one last item that puts us at risk that you think most, if not all, of these people have.

John: If you have a debit card or bank card. (Almost everyone else crosses room.)

Rachael: Now everybody has to have their bank card with them.  I carry mine, too.  Don’t you carry one?

John: I don’t.  I’m not saying you can’t carry a debit card or a bank card.  It’s how you carry it.  It’s that you’re smart with it.  Your debit card, your checkbook, connects directly to your bank account.

Rachael: (Looks at remaining audience members who didn’t move.)  We have about ten/twelve people left.  You guys don’t have any bank or debit cards on you?  Wow, That’s amazing!

John: It’s doable.  Use your credit card.  I realize it’s a great budgeting tool, but if you can get it out of your purse when you don’t need it…lock it up at home- just like you do your Social.

Rachael: Get cash once or twice a week.  Leave the card at home and carry credit cards that have protection.

John: Yes, you have much better protection liability-wise.  The money doesn’t come directly out of your  account when it’s stolen.

Rachael: It’s amazing.  I love the visual of watching the risk factor.

New segment 

Rachael: We wanted to take this a few steps further.  We didn’t have time to go to every single person’s home here, so we sent you to one of our viewer’s homes to find the places in our homes where we’re putting ourselves at even more risk, right?

John: Yes, at Lisa’s.

Rachael: So, he went to Lisa’s house.  We’re going to have these guys take a seat.  You check out what happened at Lisa’s and we’ll meet back here.

Video

(Shows family activities at Lisa’s house.)

Lisa:  I’m a wife and a mother of three and I just want to do everything I can to protect my family.  About a year and a half ago we were victims of identity theft.  You feel like your whole life has been stolen from you. At first when that identity theft happened, we were taking steps.  We put alerts on with credit reporting agencies, but I think I fell back into being more lax about it.

(John arrives at Lisa’s house.)

John:  So our plan of attack today with Lisa is to take her around the house and we’re just going to look at the different ways her data might be exposed.

(In her office)

We’ve got a file cabinet…a locking file cabinet that undoubtedly is …unlocked.   (It is. John looks through items) Birth certificates…

Lisa:  I try to hide it.

John: You try to hide it, yeah, but we all hide it in the same way.  What I really suggest is a locking fire safe.  You can buy these big, heavy safes that protect against water and fire, but they also allow you to store these documents in a really safe way.

(On to Kitchen)

Lisa:  My purse is over here.

John: Wow.  What is this, an organizer?  (Huge, overflowing wallet)  You keep your life in here, don’t you?  Let’s see what we’ve got.  Debit cards, multiple credit cards…I would get in the habit of thinking, “Okay, I’m going out to do this shopping.  What cards do I need?  Take the cards that you use most often and get in the habit of leaving the rest at home.  On a credit card or debit card, one thing that I recommend is that you simply write Photo ID Required on it.  It lets the retailers know, “Hey, my identity matters.  Ask for it.”  It makes it harder for someone to shop and impersonate you. (Continues to look through wallet) Cash-we don’t worry too much about that.  It’s really the data that we’re looking at. And a lot of times the thieves will take the cash, they’ll take photos of this (other cards/data), and they’ll put it all back.  They don’t want you to know they’ve taken it.

Lisa: I didn’t even think of that.

(They head outside to Lisa’s trash can.)

John: You have to be really mindful of what we leave outside of the door.  We put things in our trash that are incredibly valuable.  This is called dumpster diving.   (John looks through trash.) This looks good here.  Looks like a bank statement, we’ve got an insurance statement.  We’ve got a credit card statement.  It has your full account number on it-right there. Bonanza!  You also need to shred anything with any identity on it.

(Moves to mailbox- unlocked out on the street)

Do you mind if I go through your mail a bit?

Lisa: Not at all.

John: Allright, so here’s a pre-approved credit card offer.  This makes it really easy for somebody to apply for a credit card in your name.  There’s an easy solution.  It’s called opting out.  You can opt out of financial junk mail so it’s never in your mailbox in the first place.

Lisa: I didn’t even know you could do it.

John: You should take this now and shred it.  Everything that you can shred, you shred.

(Moves to Lisa’s computer.)

John: I love talking to people about their computers because it is the jackpot in the house of all our financial information.  I was glad to see that you have a password to get in.  That way if somebody walks out with the box, it’s a little more protected.  Do you shop online at all?

Lisa: Yes, I do.  I shop online a lot.  I’ve been using my debit card a lot more lately.

John: Okay, shopping online- I’m totally good with.  Using your debit card is risky.  It’s connected to your bank account.  I recommend you use a credit card and, in fact, I think it’s smart to have a separate credit card you use online and a credit card you use out and about.  That way if something happens online, you can shut down the one card and you’ve kind of cordoned it off.

(Back to studio.  Rachael welcomes Lisa and introduces Privacy Means Profit.)

Rachael: The biggest thing that I got out of that segment that I want to do immediately when the show is over–putting the stickers on every single front of my credit card or debit card (that says) “Ask for Photo ID”.  You said everyone ignores it on the back, but everyone demands it on the front.

John: That’s exactly right.

Rachael: Everyone could buy “stickems” and that’s a really good one.  That’s so easy and fantastic.  So Lisa, that was enlightening. Thank you for letting us into your home.  What did that feel like from your side of it?  Did you feel like “Uh!” (slaps forehead) “I can’t believe I did that”?

Lisa:  I couldn’t believe everything I was doing wrong.  John gave me such great tips- just little things you can do to protect your identity.  It was scary because I thought I was being more diligent than I was.

John:  We all do.

Rachael: That’s the thing. It seems so obvious when he puts a highlighter pen over it.   Then we all say “I do that, I do that, too.”  I love that sticker thing though.  Isn’t that a great tip?

Lisa: Yes.  Actually  I started to implement that.  That was the first thing I did.

Rachael: (To John) So, who are identity thieves?  What are the most popular types of identity thieves?

John: It breaks down into three big categories.  The first is friendly fraud.  It’s the people that we know.  I see these every week.  It happens constantly.  It’s the college roommate who visits who has fallen on hard times so they sneak a check out of the middle of your checkbook.  The second is the local.  This is the person in your neighborhood who is a drug addict, a gambling addict, they need a little extra money and they’re willing to filter through your trash or your mail to get it.  The third, the fastest growing one, is organized crime.  These are international people who have huge resources to hack into very secure databases.  These are not poor databases.

Rachael: They’re really investing in their crime with top quality computer programmers.

John: Absolutely, that’s exactly what they do.

Rachael: So, tell us about medical identity theft.

John: It’s so quickly growing because health insurance is really expensive, right?  Here’s one we see a lot of right now.  They wear a pair of Google Glass glasses that record, or they have an iPhone.  They walk through the emergency room where people are totally stressed out and they’re filling out forms and they’re looking at them.

Rachael: That is so creepy!

John: And listen to this one: photocopiers.  You have your doctor photocopy stuff- that has a hard drive in it and when someone services it…

Rachael: You’re giving me hives!

John: So you photocopy it at home.

Rachael: So how do you protect yourself from it?

John: Number one-those benefits statements that we get? Review them, just like you would your credit card statement.  If something is wrong, you shut it down.  You call them immediately.

Rachael: Pay more attention.

John: Yes, pay more attention.

Rachael: And guard what you’re writing.

John: Yes, they can be snapping photos.  A lot of times what I’ll do is put it on a sticky note and I’ll take it off after.  It doesn’t stay on their records, but it stays in the system.  It’s  a little bit better protection.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Data Breach Expert John Sileo on Fox & Friends – Target Data Breach

Data Breach Expert John Sileo goes on Fox & Friends to discuss the 110 million records breached at Target.

10 Times NOT To Use Your Debit Cards this Holiday Season!

As you head into the holiday season, one of the best steps you can take to protect your bank account is to eliminate the use of your debit card. While delivering a keynote speech in Washington DC last week, someone asked me if I could name ten times when you should NOT use a debit card.  I replied, “It’s a trick question because the answer is NEVER!” I seriously do feel that way, but I know there are people who either need to or prefer to use a debit card rather than a credit card or cash, so I want you to be informed about how to use it wisely.

First, make sure you understand the difference between a credit and debit card.  While they appear identical and can often be used interchangeably, remember that a debit card is a direct line to your bank account.  If a thief gets ahold of your debit card information, they essentially have access to your account.  One of the biggest differences comes to light when fraud occurs.  Credit card users can simply decline the charges and not pay the bill.  Debit card fraud comes straight out of your bank account and is much harder to fight or reclaim the money that as been debited. In the meantime, while you prove it was fraud, you’re out the cash.

Here is a Top Ten List of times to choose credit over debit.

10. Booking future travel

If you book your travel with a debit card, they debit your account immediately,. So if you’re buying travel or making a reservation that you won’t use for several months, you’ll be out the money immediately.  Also consider that many large hotels have suffered data breaches.

9. Hotels

Many hotels follow the practice of using your debit card to place a hold on your money (sometimes hundreds of dollars) to make sure you don’t run up a long distance bill, empty the mini bar or trash the room. The practice is almost unnoticeable if you’re using credit, but can be problematic if you’re using a debit card and have just enough in the account to cover what you need.  Be sure to ask about their “holding” policy if you are using a debit card.

8. Expensive purchases

This one is simple.  If something goes wrong with the merchandise or the purchase, a credit card offers rights to dispute and stop payments much easier than a debit card. You have a much shorter window for reporting and resolving an issue and may even be responsible for all charges if you wait too long.

7. Rental or security deposits.

Say you want to rent a car or borrow a Bobcat from your local home improvement store.  Remember that when you use a debit card to put down a deposit, that money is temporarily unavailable to you.  Of course, you’ll get the money back when you return the car or equipment, so this is no big deal if you have the money to spare until that time. But with a credit card, the money is just “frozen” and not actually charged so you won’t ever notice it’s gone.

6. Regular/recurring payments

You’ve heard about someone who quit a gym or discontinued a magazine subscription only to find that they kept getting billed. If you used a debit card for those payments, they’ll just keep coming right out of your bank account.  (Using a credit card is also a good way to ensure you don’t forget to make that monthly debit in your check register!)

5. Wi-Fi hot spots

Never use your debit card for an online purchase while at a coffee shop or other business that offers free wi-fi access.  Many of those businesses have unsecured wireless connections, so it’s much easier for hackers and scammers to log on and steal your data.

4. Restaurants

Anytime the card leaves your sight, you should NOT use your debit card. The waiter coming to your table has alone time with your card, giving them the opportunity to copy your card information.

This also applies to ordering food for delivery.  Restaurants that deliver tend to keep customer payment information on file in order to make future orders more convenient.

Another problem with using a debit card at restaurants is that some establishments will approve the card for more than your purchase amount because, presumably, you intend to leave a tip. So the amount of money frozen for the transaction could be quite a bit more than the amount of your tab. And it could be a few days before you get the cash back in your account.

3. Outdoor ATMs

Outdoor ATM machines provide the perfect opportunity for thieves to skim users’ debit cards.  Skimming is the practice of capturing a bank customer’s card information by running it through a machine that reads the card’s magnetic strip. Criminals place these machines over the real card slots at ATMs and other card terminals.  If the public has access to it, so do data criminals.  Use the ATM just inside the bank where it is under constant surveillance. And no matter what, look for devices or cameras on the ATM machine that aren’t normally there.

2. Gas stations

Every gas pump asks, “Credit or Debit?” these days.  Don’t choose the debit option!  Go inside and pay cash if you choose not to use your credit card!  There are three reasons.  One, it’s fairly easy for a thief to insert a skimmer and then sit nearby with a laptop accessing your information.  Even if the thief doesn’t manage to get your debit card personal identification number, or PIN, from such a device, he still may be able to duplicate the card’s magnetic strip and use it for “sign and swipe” Visa or MasterCard transactions.

Thieves can also sit nearby using small cameras to capture footage of debit card users entering their PINs. Finally, similar to the hotel example above, your debit card may be used to place a hold for an amount larger than your actual purchase.   So, even though you only bought $10 in gas, you could have a temporary bank hold for $50 to $100, says Susan Tiffany, director of consumer periodicals for the Credit Union National Association.

1. Online

Using you debit card online is like asking for your bank account to be emptied. There is just way too much potential for hacking at many different points in a transaction.  It could occur due to malware on the computer, someone could be “eavesdropping” via a wireless network, or it could happen once in the hands of the merchant due to a data breach.  If you have a problem with the purchase or your debit card number is stolen, it’s a huge hassle to get the money restored to your account and make your card number safe and secure again.

Keep it simple and just always use a credit card. I realize that it is easier to spend more money when it’s not coming directly out of your account, but it’s better to resist the temptation to spend for the added security provided. 

John Sileo is an author and highly engaging keynote speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Can Medical Identity Theft Really Kill You? [Burning Questions Ep. 2]

There has been a great deal in the news about medical identity theft leading to death. Is it possible? Yes. Is it likely? Less likely than dying of a heart attack because you eat too much bacon. But let’s explore the possibility of death by medical identity theft (below, in this article), and why the threat gets sensationalized (in the video).

Read more