The Ashley Madison Hack: An Affair to Remember FOREVER

Come on, admit it. Don’t you feel just a little satisfaction watching 37 million adulterers exposed in the Ashley Madison hack? “They do kind of deserve to be cheated just a bit for being cheaters,” someone in one of my keynote speeches commented.

In this case, the hackers weren’t seeking money, they were seeking revenge. Their goal was to get Ashley Madison to shut down the site because they said it wasn’t living up to it’s own privacy policy (they weren’t). But to side with the hackers is a bit like saying it’s okay to pepper spray customers to keep them from going into a store you’re morally opposed to. In other words,  be careful when you condone the use of customers as pawns to fuel change. You just might be the next customer to become a victim, and your data could be just as sensitive (your medical records, divorce proceedings, kids’ geographical location or your online video viewing habits).

I, like many others, have a hard time feeling sorry for the consequences of the stupid and poor choices some have made. It’s not like the victims of the Ashley Madison hack are in the same category as the innocent mom who shopped for holiday presents at Target, or the senior citizen who had their Social Security number breached due to Anthem’s careless cyber security.

However, as someone committed to protecting moms and senior citizens and everyone else from experiencing the blowback from thieves, exploiters and liars, I just can’t stay away from this one. Because even non-users are ultimately effected by the Ashley Madison hack. 

How the Ashley Madison Hack Affects Non-Users Like You

  1. This hack has continued with the precedent set by the Sony hackers because they not only stole the information, but they are blackmailing the company by threatening to make the data public unless the company accedes to their demands (stopping the release of “The Interview” or shutting Ashley Madison down). And the blackmail often works, meaning that this trend will continue!
  2. Besides the effect of having divorce lawyers calling their Maserati dealer to order a new car, this has allegedly led to suicides and to the resignation of Noel Biderman, the chief executive officer of Avid Life Media Inc., the company behind Ashley Madison. After major breaches (Sony, Target, OPM, Ashley Madison), the highest executive becomes the sacrificial lamb.
  3. In addition to the database of users’ names, addresses and the type of extramarital arrangement they were looking for, hackers have also gotten information on 9,693,860 credit and debit card transactions conducted on the site since 2008, opening the doors wide for identity theftI can almost guarantee that this will affect someone in your life.
  4. Cyber extortion has erupted because Ashley Madison has gone on the offensive and offered a bounty for the “capture” of the enemy. The site is offering a reward of $500,000 for information that leads to the successful arrest and prosecution of the people who stole and leaked its data. This sets an alarming precedent of the weaponization of consumer information and the resulting retaliation.
  5. Perhaps the scariest consequence of all is that after the hackers followed through on their threat to make the information public (after AM officials called the hack bogus), enterprising coders created online tools that allowed anyone to easily search the breached Ashley Madison data to see if their friends, family, partners and spouses used the website. That almost guarantees that the breach data will be used to commit fraud (many times breached data is recovered before it is exposed on the open market).

If you are thinking, “serves them all right”, just realize that next time it might be your employer’s or bank’s website. It could be your doctor, your hospital or political organization. It could be the data from your child’s school. And it could be an affair you will never forget.

John Sileo is an an award-winning author and keynote speaker on cyber security, identity theft, internet privacy, and fraud. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Identity Theft Services: Is ID Theft Monitoring Worth the $$$?

Product Review: Are identity theft monitoring services worth it?

Yes, identity theft services can be well worth the investment, especially if you ever become a victim. Imagine that your Social Security number is part of a national breach like Anthem or the Office of Personnel Management. Or it’s stolen out of your tax preparer’s office, scavenged from your trash or skimmed from your iPad as you surf on a free Wi-Fi connection. In most cases, you have no idea that your digital identity has fallen into unethical hands, usually those of organized crime, who replicate and resell it in seconds.

Next, your identity is used by an undocumented worker to get a job, and now you owe taxes on their earnings. A second user applies for credit in your name and skips town, leaving behind your decimated credit score. Another uses your SSN to drain your health insurance benefits and append the wrong blood type to your medical file. You have no idea that any of this is taking place behind the scenes until the day that the tax bill arrives in the mail, you are denied medical coverage and a collection agency shows up at your door. Because the discovery process doesn’t happen for an average of 18 months after the initial theft, your losses are substantial and your innocence difficult to prove. Obviously, I’ve combined many forms of ID theft here into a single scenario, but everyone of them is real and common.

If I told you that there are ways to automatically detect the exposure of  your SSN online (allowing you to request its removal), to prevent the trafficking of your ID on the dark side of the web and to be notified about even the smallest use of your credit profile by criminals, would you be interested?

Every one of these preventative measures is possible, and detecting the abuse of your identity is made much more convenient and less time consuming by identity theft services that monitor your ID online. Are they a perfect solution? There is no such thing as a perfect solution, and if someone says there is, they are working too hard to sell you something. The key to protecting your identity is to layer on many forms of prevention and detection, thus persuading the criminal to move on to another target. One key layer is provided by identity monitoring services.

Monitoring your identity is much like installing a burglar alarm to protect your home – it’s a no-brainer if you are willing to invest a little to attain much more peace of mind. The most common question I get asked after my speaking engagements is which service I use personally. I have to say, despite their clever marketing, I am not a huge fan of the most popular providers, because they promise too much and deliver fewer tools than some of the better options. The identity theft services provided by the credit card companies are even more limited and less effective. I recommend doing your homework and comparing the different features of the various services.

Here are some features you’ll want your identity theft service to include:

  1. Convenience: The identity theft monitoring service should email you any time a red flag appears (changes to your credit, mailing address, bank accounts, loans, etc.) , so that you don’t have to do any extra work to keep track of your identity.
  2. Depth of Monitoring: Utilize a company that monitors your credit report at all three credit reporting bureaus (a tri-bureau report), which is vital, because the bureaus often don’t share information as much as they claim to share.
  3. Cyber-Agent Scanning: If you are worried about your private information being circulated in criminal chat rooms, carding sites, newsgroups and other digital venues where cyber criminals buy, sell and trade your data, make sure your product scans known rogue sites and alerts you to problems.
  4. Breadth of Reporting: Your identity monitoring service should also scan non-credit loan applications in case someone is using your identity to run a pay-day loan scheme.
  5. Public Document Surveillance: Your service should monitor your public records on the internet (court documents, legal agency filings) in case your information is published for any reason by the government or your Social Security number is found in public records.
  6. Restoration Services: It is vital that the identity theft monitoring service you choose provides restoration and repair if your identity is stolen. In fact, this is probably the most useful and effective part of the monitoring services, as it makes it much easier to recover from ID theft if you are a victim.
  7. Dashboard Access: I like the services that provide one easy to monitor dashboard across all aspects of your identity – that way, if something is a threat, you see it with a big red warning sign.

If a company promises you identity theft services or credit monitoring for free, run the other direction. Like anything else, identity theft services are an investment, and paying nothing means you are getting nothing other than having your name and valuable information sold to other marketers. Remember, you are protecting a digital asset (your identity) that is worth more than all of your bank accounts, mortgages, investments and net worth combined. Spending a little to save a lot is like immunizing yourself against the disease of identity theft before it strikes.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Going on Vacation? How to Keep Travel Identity Theft from Ruining Your Trip!

Click Here for a Downloadable and Printable
25 Point Travel Safety Checklist (PDF)

Travel Safety Tips Checklist

Here are the same tips in text format

Before you go:

  • Only book through a legitimate agency or website, as there are many travel scams out there. Read the fine print before signing.
  • Pay for your travel arrangements with a credit card – it gives you some control in disputing charges.
  • Stop your mail before leaving so that data thieves aren’t opening your financial mail for you.
  • Turn on automatic account alerts on your credit card to easily monitor all transaction (via smartphone) without having to look at statements.
  • Turn on remote tracking and wiping software on your phone so that if it is lost, you can locate and/or wipe the data off from anywhere.
  • Make sure that your laptop computer has long, strong, alpha-numeric password encryption (BitLocker for Windows, FileVault for Mac).
  • Leave most of your identity at home, especially checkbooks, Social Security cards and excess credit and debit cards.
  • Take your passport (if international), driver’s license (use this for ID, not your passport), credit card and a dedicated ATM/debit card with enough money in the account to cover your trip. I recommend these as backup and cash as your main form of payment. This limits your exposure to exactly how much you have on you.
  • Make a photocopy of those items, front and back, in case of loss. Take the photocopy with you (store separately) in case you lose your ID.
  • Request a nameless, travel-only ATM/debit card with a 4-digit PIN from your bank.
  • Never post on social network sites that you are leaving (it let’s robbers know you aren’t home) and refrain from posting pictures on the road until you return. Secure your home as much as possible with lights, locks and alarms.

On the road:

  • Protect your identity and small devices in a travel wallet or secure pocket. Pickpockets can open backpacks and purses without your ever knowing.
  • Free Wi-Fi hotspots are simple for thieves to eavesdrop on. Instead, surf on your cellular data plan (call your provider for international data plans and “tethering” instructions).
  • Never type anything sensitive on a public computer (hotel, cafe, library) as your data is probably being recorded and possibly exploited.
  • Be obsessive about keeping control of your smartphone, as it’s a mobile computer connected to your wealth. Turn on the passcode, enable remote tracking and never leave it lying around or loan it out, especially in public.
  • At ATMs, make sure that there isn’t a skimming device attached by wiggling anything that sticks out from the machine. Shield your PIN# from those behind you and never let anyone help you get money out, pay for tickets, etc.
  • Lock your digital devices, valuables and traveling papers in your hotel room safe when you don’t need them.
  • For added protection, put the privacy sign on your door and let housekeeping know that you don’t want service. Unmade beds are better than stolen documents or devices.
  • Never give credit card or other information over the phone in your hotel – many scams look like the front desk calling for your information.

Back home:

  • Review credit card statements for any fraudulent charges that happen after the fact (common).
  • Turn off your dedicated ATM/debit card.
  • Restart your mail and make sure no critical statements are missing.
  • Turn off your international data plan.

See our whole series on Travel Safety Tips to Prevent Identity Theft!

John Sileo is an an award-winning author and keynote speaker on identity theft and cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Travel Safety Tips Part 4

You’ve made it home safely after braving gastronomic adventures at greasy spoons, drinking from questionable water sources, and surviving white-knuckled taxi rides.  Now, post those vacation pictures on social media and wrap up the loose ends of protecting your identity.

Monitor Your Accounts: Shortly after you return from your travels, pay special attention to your account statements to make sure that nothing out of the ordinary appears. If a credit card number or bank account number was stolen during your trip, this is how you will catch it early and keep it from becoming a major nightmare. Contact your provider and alert them to the breach immediately.

Get a credit report: Hopefully you’ve monitored your accounts throughout the trip.  When you get home, request a report at  Check your credit report for any suspicious activity. Even if you don’t see any unfamiliar transactions, that still doesn’t mean you’re safe.Identity thieves are known to take their time and act when you least expect it, so continue monitoring!

Rotate Your Account Numbers: If you feel like your identity might have been compromised (e.g., your credit card number stolen), call your financial institution and have them issue a new card. This makes the old number obsolete, should anyone try to use it in the future.  Also, turn off your dedicated travel ATM/debit card.

If you have used your international data plan, be sure to turn it off.

Pick Up the Mail: Don’t leave it in anyone else’s hands any longer than necessary. Make sure you shred any mail that you no longer need.

(Click here if you missed the first three posts: “Planning Your Trip”, “Before you go” or “On the Road”.)

I know this may seem like a LOT to do, but the peace of mind you will have knowing you’ve done all you can to protect yourself will make your vacation just that much more enjoyable.  Happy trails!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Travel Safety Tips Part 3

Welcome to the third (and longest!) part of our four-part series on travel safety. We’ve covered “Planning Your Trip” and what to do “Before You Go” Today we’ll go through the many important things to consider while you’re “On the Road”.  Be sure to check back tomorrow for our final installment of what to do “When You Return”.

Travel Light:  If you don’t have to take it with you, increase your safety and leave it at home.  This includes:

Checkbooks: Do not carry checks or take only one or two for an emergency, placing them with your cash in your money belt. Checking account takeover is one of the simplest crimes to commit and one of the most devastating types of financial fraud from which to recover. The easy alternative? Use a credit card or cash.

Debit cards: You can reduce your vulnerability to having your checking account plundered while on vacation by leaving all debit cards (check cards) at home. Don’t be fooled into thinking that Debit/ATM cards are safe just because they have a PIN or password. Be aware, too, that debit cards don’t have the same financial fraud protections as most credit cards.

The Solution?  Actually, you have two!  You can get a nameless, travel-only ATM/debit card with a 4 digit pin from your bank.  Or you can ask your bank for an ATM-Only debit card (it won’t work in stores, only at an ATM) and make sure your password isn’t seen by roaming eyes when you are at the ATM.

Better yet, use a credit card or cash.  The exception to this is when you are traveling in a foreign country and your debit card is the most efficient way of obtaining cash from an ATM.

Excess credit cards:  Every piece of identity you take with you creates more avenues for potential fraud. I recommend that if you are traveling with another adult, you each take one credit card. (If possible, take cards from two different credit card companies. That way, you each carry only one card that can be lost or stolen, but you have a backup card if the other person’s card is lost, stolen or shut down because of fraud).  Make sure that your credit card company knows the dates and places you are traveling so that they don’t shut it down when charges are made out of town. Also, make sure you have a large enough credit line to cover your purchases while traveling. You can ask for a phone number you can call from overseas if your card doesn’t list one. The 800 number on the back of your card might not work outside the U.S.

Social Security card: It is not necessary to have your Social Security card while traveling (or at any time other than your first day of work with a new employer), so leave it locked up at home.

Bills: Don’t try to take bills to pay while traveling.
 Instead, schedule all payments before you go.

Identity Documents: Leave birth certificates, passports (unless travelling internationally), library cards, receipts, etc. at home while you travel. Anything you don’t absolutely need should be left at home locked in a fire safe. If you can travel with only a credit card, driver’s license and health insurance card (as long as it doesn’t have your SSN on it), you will be much safer.  Also, don’t put all of your info on your luggage.  A last name and phone number will suffice.

Boarding Passes: Tear up and throw away used boarding passes (or shred if you can). Those boarding passes so many of us leave behind in airplanes or hotels often contain full names and other personal information.

Excess digital gadgets: The more gadgets you bring, the more potential for theft.  Keep it simple.

Guard your devices

Passcodes: Smartphones and tablets carry as much information as laptops. Turn on the auto-lock passcode to keep others out of your data.  Also make sure that your laptop computer has long, strong, alpha-numeric password encryption(BitLocker for Windows, FileVault for Mac).

Public Access Internet Facilities: While using your laptop to access online banking or other password-protected services from Wi-Fi networks, be sure the Wi-Fi hotspots are secure. If you’re using a public computer in hotel business centers or cyber-cafes, never access any sensitive information.  Key-loggers (software that can track your keystrokes) may be tracking you.
 Better yet, install tethering between your mobile phone and tablet or laptop so that you are surfing securely.

Ask for Privacy: Instead of leaving oodles of data exposed in your hotel room (a major source of theft), hang your privacy sign on the door and let house cleaning know that you do not want to be disturbed. Lowering traffic lowers risk.

Have a plan for a stolen phone: Enable your phone’s GPS locator and “wipe” function (if available). Many phones have a setting you can switch on that helps you locate the phone via GPS if it’s stolen. Similarly, the “wipe” feature will let you wipe your data clean if it’s stolen.

Social Media:  Turn off your location settings and try to refrain from gloating about your glorious trip by posting pictures until you’ve returned safely home.

 Use the hotel safe

I can’t emphasize enough the importance of using the in-room safes that are now a part of almost every hotel room. They are easy to use and significantly increase traveling safety (decreasing theft by cleaning staff and other travelers). In addition to your traditional items such as jewelry or extra cash, use them for:

All important devices: your laptop, cell phone, tablet, iPod, thumb drive, etc.

Passports: Unless you are traveling in a country where you it is mandatory to keep your passport with you at all times, lock it up in the safe the whole time you are staying at the hotel.

Other Identity Documents: Store your plane tickets, receipts, and any other identity documents (birth certificates, extra credit cards, visa, etc.) in the safe when not in use.

Beware of scams

Hotel credit card scam: The way this typically works is that while you are sleeping, you receive a call “from the hotel’s front desk”.  The pleasant “night clerk” informs you their system has crashed and they need your credit card number to complete a night audit.  Do not give them your information over the phone.  If they don’t relent,  walk down to the desk!

Message about fraud: If you get a phone call or e-mail about suspicious activity on your card, call the customer service number on the back of your credit card instead of automatically calling back the number on the message.  That’s a common ploy by ID thieves to capture personal information. If the call was legitimate, you will be connected to the appropriate department.

Other Time-tested Tips

Mind the Lions at the Watering Hole: Increase your awareness in airports, hotels, conferences and restaurants.  Remember, where there is a crowd, there is a pickpocket, just waiting for you to be too busy with your camera or map to notice their activities. Be on the lookout also for untrustworthy passengers on the plane, especially shoulder surfers who watch you enter login credentials, PINs, credit card numbers and other personal data on your laptop, smartphone or tablet in the hopes of catching something they can use later to steal your identity.

Carry it Safely: I recommend carrying all of your identity documents (passport, credit card, driver’s license, tickets, etc.) in a travel pouch that fits around your neck or your waste (and inside of your clothing). It is a minor inconvenience, but it lowers instances of pick pocketing and unintentional misplacement. Thieves have unbelievably nimble fingers that can slip into your pocket or purse undetected so here’s an essential habit to cultivate: just before you leave your hotel room (especially in cities), verify that your money pouch is securely fastened around your waist or neck, under your clothes.

Use a Backpack: When possible, carry laptops and other large identity-storing items in a backpack that stays zipped and on your back at all times. It is easy to set down a purse, book bag or piece of luggage while at a ticket counter or retail store. Backpacks, on the other hand, are easy to keep on our person at all times, and are harder to break into without alerting the wearer.

Watch Your Cards: When paying with a credit card in a restaurant, try to keep your eye on the card. If the server removes it from sight, they may be able to create a “clone” by using a portable card skimmer that will copy the information from the card’s magnetic strip. Many restaurants are now able to process the card at your table or you can take it to the register and observe the transaction.

 ATM Machines: Use your “ATM Only” card (one that requires a PIN and does not contain a Visa or MasterCard logo) at ATM machines found at banks or credit unions that are in well-lit areas. Be sure to examine the ATM machine carefully for signs of tampering. Be on the lookout for anything that looks suspicious. Save all transaction receipts in a specific envelope to make it easy to reconcile your bank statement when you arrive home.

Use a Dedicated Travel E-mail Address: I shake my head every time when I see messages arrive from overseas via work e-mail accounts. If someone gets access to your work e-mail account, the amount of damage they could do to your livelihood is inestimable. Certainly there are times when you need to log in to your work account, but you will want to use caution in the extreme at those times.

My suggestion is to use a personal e-mail address when possible while traveling, one at which you store no sensitive information and at which a fake log-in won’t be disastrous, and communicate from that e-mail address exclusively. On occasion you will see addresses like [email protected]; this travel-exclusive e-mail method can work quite well.

If you’re not using Bluetooth, turn it off: Some thieves can “hack” into your phone through Bluetooth, so if you’re not actively using it, turn it off!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.