Beware Disaster Scams in the Wake of Hurricane Harvey

Identity thieves prey on those who are most vulnerable. You may be in the process of cleaning up your lives, but predators running disaster scams may want to clean up on you by stealing your valuable private information.

As we learned from Hurricane Katrina and Superstorm Sandy, one of the most despicable side effects of a natural disaster is the massive increase in reported cases of identity theft in the affected areas. Thieves take advantage of those who are vulnerable, and those who have suffered flooding, wind damage and the effects of the storm are more vulnerable than ever. Imagine how devastating it would it be to apply for a line of credit to help your family recover from the storm only to find out that your entire net worth now belongs to a thief.

Here are some of the highest priority actions for victims of Hurricane Harvey to take once they have taken care of their immediate safety needs.

Secure your personal information immediately.  Clean-up crews will be heading to the area. MOST are good-hearted volunteers, but some are coming with the intent of looking for physical clues to help them steal identities.  In your distress, you may not even know what to think of.  Be sure you’ve accounted for:

  • Social Security cards, statements or related documents
  • Birth certificates, passports and drivers licenses
  • Wallets, purses, checkbooks and boxes of extra checks
  • All financial records, including bank, brokerage, mortgage, credit card, and insurance
  • All digital devices containing sensitive information, including laptops, computers, smartphones, iPads, etc.

Beware of people offering “help” falsely using recognized names like FEMA or Red Cross.  Organizations like this will never contact you; the only time they ask for money or any personal information is after you have contacted them.  The key here is to be skeptical if anyone is asking for your personal information, even as part of emergency relief. Ask enough questions that you can verify who they are, their intentions and their credibility. Do not just give away information in exchange for a promise (e.g., “This is how you will get a reimbursement from the government”). Make sure they are who they say they are.

As a side note, for those of you who are not disaster victims but want to help, the same rule applies: you should contact the agencies.  Don’t fall for phone solicitations or pleas via email that may lead you to fraudulent websites. One key to look for is “.org” that most non-profits use rather than “.com” in the address.

Beware of fly-by-night contractors offering cheap or quick repairs.  To protect yourself, check on the business.  Make sure they have a permanent business address, carry insurance, and have been in operation for more than a year.  Very importantly, get a written contract before you give out any money!

Place a Fraud Alert on Your Credit File. Immediately place a Fraud Alert with all three credit-reporting bureaus (listed below). This is only a temporary solution, but a necessary step. Once the water has receded, consider freezing your credit.

Order & Monitor Your Credit History. By law, you are entitled to one free report from each agency once a year. The easiest way to get a report is to visit AnnualCreditReport.com or call 1-877-322-8228. You can also request your first report when you are placing a Fraud Alert on your account in Step 1, above. Review your credit report for signs of theft or fraud. If you discover irregularities (accounts you never opened, loans that aren’t yours, credit cards you don’t recognize), contact the credit bureau immediately to report fraud, as well as the company listed in the credit report.

Monitor Your Statements Online. Half of the battle in minimizing identity theft is catching it quickly after it happens. Online bank, credit card and brokerage statements will allow those with Internet access to monitor and detect suspicious transactions on a daily basis. If you have access to the Internet, check your bank, credit card and investment statements to make sure that you recognize every transaction.

Resist the temptation to click on photos from questionable sites.  We are a society that thrives on sensationalized images.  However, some of those dramatic photos we want to know more about are infected with malware.  Stick to legitimate news sites and be especially wary of links on social media sites.

Remember to make safety a priority in every area of your life as you work your way through this trying time.  Our hearts are with you.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

7 Steps to Prevent Identity Theft

Click the image below for a PDF of 7 Steps to Preventing Identity Theft

 

Protecting your personal identity doesn’t need to be difficult. But it does take a bit of effort to minimize your digital footprint. The following action items are among the first you should take to protect yourself and your family. From there, we can go into greater detail on protecting the smartphones, laptops and Internet accounts that are increasingly being targeted.

Summary of ID Theft Protection Action Items

  1. Opt out of financial junk mail by registering at www.OptOutPreScreen.com.
  2. Shred any paper documents that would go in the trash with a durable and safe confetti document shredder.
  3. Freeze your credit with ExperianEquifax, and TransUnion.
  4. Use Identity Monitoring to track your data.
  5. Lock your identity documents in a bolted-down, fire-resistant document safe.
  6. Protect your computer with security software, a firewall, secure Wi-Fi, encryption and strong passwords.
  7. Track your credit report 3 times per year for FREE at www.AnnualCreditReport.com.
  8. For further tools, purchase a copy of Privacy Means Profit.

Detailed Explanations

  1. Opt Out of Financial Junk Mail

Problem: Your private data is bought and sold by junk-mailers without your knowledge.
Solution: Opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.

There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”. Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-Approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies. But it is your right to stop the sale of your information. To opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com. There is no cost to you for opting out.

Once you’ve completed this step, begin opting out of ALL information sharing on every account you have (bank, brokerage, mortgage, utilities, phone, etc.) as well as with the Direct Marketing Association.

  1. Shred Your Paper Trash

Problem: We throw away private information every day. This is where dumpster divers begin.
Solution: Buy a high-quality document shredder.

Assume that any document you throw out will end up in the hands of an identity thief. Get in the habit of either chopping or locking documents and disks that contain identity (name, phone number, address, social security number, account numbers, passwords, PIN numbers, phone numbers, client information, children’s’ information, etc.).
When buying a paper shredder, I recommend the following features:

  • Cross-cut confetti shredding
  • 10+ pages of simultaneous feeding capacity
  • Allows shredding of stapled documents, credit cards and CDs

The shredders I like best are made by Fellowes. I like Fellowes because of their SafeSense technology, which turns the shredder off if your fingers (or your kids’ fingers) get too close to the shredding device. This adds a great deal of peace-of-mind to an already effective product. They also have anti-jamming technology that makes them less frustrating than other brands and they don’t seem to break down as frequently. Convenience is key! Make sure you place a confetti shredder next to ALL of the places that you handle identity (where you open your mail, your home office, your desk at work) and shred everything possible. Don’t skimp here – if you don’t make it convenient for yourself and your employees, it won’t get done. If a document has identity of any sort on it, shred it, even if it isn’t your information. Don’t forget to destroy digital files as well, like those that live on a hard disk when you donate your computer. If you can’t shred it, lock it up in a fire-safe (see below).

  1. Freeze Your Credit File

Problem: If a thief gains access to your credit file, they can spend everything you’re worth.
Solution: Freeze your credit with ExperianEquifax, and TransUnion.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file, which is maintained by companies like Experian, Equifax and TransUnion. The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Don’t let anyone talk you out of freezing your credit. It is the number one thing you can do to prevent credit fraud. To learn more about freezing your credit, visit the three credit bureau credit-freeze sites here: ExperianEquifax, and TransUnion.

  1. Use Surveillance to Monitor Your Online Identity

Problem: Your private information is floating around on the Internet and exposing you to risk.
Solution: Monitor your online identity conveniently with sophisticated identity surveillance.

When my audiences learn that only about 25% of identity theft can be caught by monitoring their credit report, they often ask me to evaluate the more sophisticated identity theft monitoring and protection services in the market place. Not all identity monitoring services are created equal. I recommend an identity surveillance service that monitors the following aspects of your identity:

  • 24/7 monitoring of your credit file (most services provide only this – nothing more)
  • Non-credit loans (pay-day loans, etc)
  • Government records
  • Public records disclosure (court cases, real estate transactions, etc.)
  • Nation-wide criminal databases
  • Cyber-trafficking of your private information over the internet
  • The better services will also offer recovery services and identity theft insurance

I choose a particular identity theft monitoring company because of the quality and volume of monitoring they provide, the convenience of their service, and the safety of their data centers. Here’s how it works. Rather than waste hours monitoring all of the potential sources of identity theft myself, the product does it for me, automatically. Every month, a report shows up in my email inbox letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial – if we make it easy to be safe, we will be safe! You should expect to spend approximately $200 per year for a good service (far less than you probably spend to insure your car and home, which are worth far less than your identity).

  1. Lock Up Identity Documents

Problem: Identity documents that are left unlocked in our homes and offices open up profitable opportunities for identity thieves.
Solution: Purchase a fire-resistant document safe to securely store all of your identity documents.

A majority of our most valuable identity documents (passports, birth and death certificates, wills, trusts, deeds, brokerage information, passwords, health records, customer data, employee records, etc.) are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, bankers boxes, office drawers or out in the open, on our desks. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.

To store them securely, purchase a fire-resistant safe. Think of it this way. Your identity is probably worth something close to $300,000 (even if your credit is poor), not to mention the value of any business data for which you are responsible (customer records, employee information, intellectual capital). Spending a few hundred dollars to lock up the keys to your identity is simple.
Look for a fire safe that meets these requirements:

  • Able to withstand 1500° F for 30 minutes
  • Lockable by key or combination
  • Able to be secured to the foundation of your home (to prevent safe theft)
  • Preferably waterproof (where there’s fire, there’s water)

I recommend fire-resistant stackable filing cabinets because they are nearly indestructible, inexpensive and protect your data from both fires and theft. They also allow you to expand your storage capacity as you protect more and more of your identity.

One important note: increasingly, thieves are breaking into homes and businesses in order to steal identity documents. By placing them all in a central location (such as a fire safe), you are making it easier for them to steal everything at once. I suggest that you have your fire safe bolted into the foundation of your home or business. This small expense could save you hundreds of thousands of dollars. It’s no more expensive than putting dead-bolt locks on your doors.

  1. Protect Your PC

Problem: The information stored on your computer can be compromised if left unprotected.
Solution: Follow the 7 Steps to a System Lock-down listed below.

In order to protect all of the identity documents stored on our home and work computers, it is important to close all of the potential data leaks. The following suggestions will get you started, but please hire a computer security professionally to help you protect this very valuable asset in the fight against identity theft.

  1. Create strong, alphanumeric passwords. Read your copy of Privacy Means Profit for further details.
  2. Employ a highly-rated security software suite on every computer you own. It should include: anti-virus and anti-spyware scanners; password protection, phishing and pharming filters and a firewall.
  3. Configure your Windows systems for automatic security updates. Apple computers do this by default.
  4. Utilize encryption software (for professional-level protection). Encryption is more complicated than I can explain in a bullet-point, so please read for details in Privacy Means Profit.
  5. Physically lock-down your computers (especially if you use a laptop or hand-held). Desktop computers and workstations should be locked in your office, both at work and at home. More private data disappears because of stolen laptops, tablets and mobile phones than any other source.
  6. Secure your wireless network. Make sure that the connection is not open to anyone with a wireless device and that you use WPA2 encryption or better, NOT WEP. For additional security, enable SSID Masking, MAC-specific addressing and VPN tunneling (see PMP for more details).
  7. Secure your Mobile Data Devices (iPhones, Androids, BlackBerrys, Thumb Drives, Laptop Computers) using all of the tools above. Just because they are small doesn’t mean that the data on them isn’t worth a mint.
  1. Monitor your credit report three times per year.

Problem: Scammers can be using your credit and you don’t even know it.
Solution: Monitor your credit report for free, 3 times per year at AnnualCreditReport.com.

A credit report records a history of how you repay money you borrow from others. When an identity thief or credit fraudster uses your Social Security number to set up new credit accounts, you will never know it… unless you actively monitor your credit bureau accounts. By law, you are entitled to a free report every year from each of the three credit reporting agencies, Equifax, Experian and TransUnion. Details on how to read your report and detect and rectify fraud can be found in Privacy Means Profit.

Naturally, these steps will get you started down the road to protecting yourself from identity theft and cyber fraud. But there are many more suggestions than the ones above to continue protecting your identity. For a detailed plan of action, consult your copy of Privacy Means Profit or visit my blog at www.Sileo.com. To bring me in to speak to your group about identity theft, cyber security, online privacy or social engineering, contact me directly on 303.777.3221.

 

Safe Online Shopping on Cyber Monday

It’s almost Cyber Monday, so tell me something – why do you shop online? Because it’s super convenient? Or because you get better pricing? Maybe it’s because you’re allergic to hand-to-hand combat on Black Friday? I’m a huge fan of shopping online to save time, money and brain cells. But if you have bad surfing hygiene, you’re just asking identity thieves to go on a shopping spree with your money. And it’s so easy to avoid if you know how. Which you’re about to.

Thanks for joining me here on Sileo on Security, where we believe there’s no need to fear online shopping if you surf wisely. I want to share nine habits with you over the next three episodes that will keep your digital shopping cart safer than the real thing.

The first habit is just common sense. Please, stick to reputable websites with a proven track record. If you haven’t used the site in the past or if it isn’t a recognizable brand like Amazon, research before you buy! If you shop there in person, you’re probably safe online. When you buy only based on price, you generally get what you pay for. Cheap products, shipping charges, MALWARE! Also be careful about imposter websites with URLs that look almost exactly like the real one.

Next, always LOOK for the LOCK. If your browser doesn’t show a padlock in the URL bar and doesn’t start with the address HTTPS://, don’t fill out ANY forms or send ANY information via that website. The S in the address stands for secure, and everything else is just faking it! [No “S”, No $]

Third – you may get sick of hearing me say this one, but it’s so important to use strong passwords on all of your internet accounts. The easiest way for a hacker to spend your money is to crack your account because your password is your dog’s name, a word in the dictionary or something thieves can find on your MySpace profile. You don’t still have a MySpace profile?

Your One-Minute Mission today is quick and easy. Log in to the ecommerce websites you shop on most often – so for me, in order, I’d go to Amazon, Zappos, DaintyCandles.com, PayPal – you know, the usual suspects. Once you login, make your password longer and stronger than it already is. Just doing this, occasionally changing your passwords, makes thieves work a whole lot harder for those candles.

And then, as you always do, make sure that you tune in for the next episode of SOS, where I’ll give you intermediate steps to protect your online identity.

All of us at The Sileo Group wish you a happy and healthy holiday season!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Zuckerberg Hacked: How Not to Be Like Mark

Mark Zuckerberg Hacked Because of Weak Passwords

It seems Mark Zuckerberg might be a little lazy, or a little stupid, or at the very least a little embarrassed. The undisputed king of social media has had two of his social media accounts hacked. Granted, it was not his Facebook account—just his Pinterest and Twitter accounts, the latter of which he hasn’t used since 2012. A Saudi Arabian hacker team named OurMine has taken credit for the attack, claiming they got his password from the recent dump of information obtained in the LinkedIn data breach from 2012.

Let’s see where Mr. Zuckerberg went wrong by using the safe password development tips (in bold below) from his very own creation: Facebook.

Make sure your password is unique, but memorable enough that you don’t forget it. Supposedly, Zuckerberg’s password was “dadada”.

Don’t use a password that you use on other sites – if one site gets hacked and your password is stolen, hackers will often try it on other sites. Clearly, he used it on at least three sites.

Don’t share your password with anyone. If you think someone else has it, you should change it. When LinkedIn was hacked four years ago, he evidently did not change it on the other sites.

Instead of picking on him further, let’s talk about how this applies to someone really important: you and me.

While Mr. Zuckerberg has had to eat a little humble pie, he likely won’t suffer any serious damage from this incident. Others, however, aren’t so lucky. More than 100 users of TeamViewer, a German software company whose software gives users remote access to computer desktops, have had accounts taken over since the LinkedIn data was made public. The criminals then used TeamViewer to authorize transactions through Amazon or PayPal. The company believes the activity is linked to the recent rash of data disclosures.

There is also the strong possibility that users of LinkedIn may be more likely to use those same passwords in their professional lives. That could expose users’ business data or allow hackers to take over accounts at job or travel sites.

I am constantly amazed by the corporations that I speak to that haven’t yet instilled strong password habits among their employees. They spend hugely on intrusion detection, but don’t take the time or minuscule investment required to solve what I call a gatekeeper flaw. Employees are the gatekeepers of your valuable data, and if they don’t protect it with strong passwords, no amount of security software will cover this inexcusable and easily solvable mistake. 

How are you training your people on strong passwords? 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Safe Online Shopping During the Holidays!

If I could give the world a gift this holiday season, it would be to make the world a safer place to trust. You deserve to know whether or not you can trust the politicians you elect, the advice you receive from your doctor and whether or not you can entrust your privacy to the websites and businesses you use every day.

Identity theft, cyber stalking, and “big data” surveillance—these byproducts of the information economy make it hard to rest easy. Every day in the news we hear about another scam, another breach of corporate data that victimizes more than 11 million Americans a year. But you don’t  have to be a statistic!

Want more tips on how to protect yourself, your family and your wealth during the holiday season? Take a few minutes to read 12 Days to a Safe Christmas.

All of us at The Sileo Group wish you a happy and healthy holiday season!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.