Tag Archive for: Fraud

Electronic Pickpocketing Hype Banks on Your Fear!

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Medical Identity Theft Increasing

Medical records are one-stop shopping for identity thieves. There is no need to slowly gather bits and pieces of someone’s personal information – it’s all packaged together: Social Security number, name, address, phone number, even payment accounts. Crooks have received everything from medication to a liver transplant using a stolen identity. And that’s only the tip of the iceberg! More than just medical treatment is at stake. Once a thief’s medical information is entered into your records, it’s extremely difficult to get rid of that information. It’s conceivable, for example, that at a later date, you’ll need a Type A blood transfusion but be given the thief’s Type B with dire consequences.

Identity theft of medical records has more than doubled since 2008, as stated in Javelin’s 2010 Identity Fraud Survey Report. It’s not difficult to imagine the misery that a million Americans have suffered during the past two years when their identities were stolen. And the Poneman Institute, in their National Study on Medical Identity Theft, states that another half million people loaned their insurance cards to uninsured family members and friends. The unsavvy lenders have incurred huge medical bills in this “friendly fraud”.

Larry Ponemon says that, on average, it costs $20,000 to resolve a medical identity theft case. Unlike credit card companies,where the banks incur the losses, the victims often have to pay for the fraudulent care and sometimes lose their health insurance or have to pay higher premiums to restore their accounts. Even though there are HIPAA laws to protect your privacy, not all health care organizations have strict safeguards in place.

The risk goes even further: if someone is treated using your identity, your medical records will more than likely be altered and could compromise your treatment and ability to get service.  According to Larry Ponemon, “stolen medical records offer a complete dossier to get a passport in a victim’s name that could be used for terrorism.”

Ways to Protect Yourself:

  • When you receive an Explanation of Benefits from insurers, read it carefully and save – don’t throw it away even when it says “this is not a bill”! If a treatment date or doctor’s name is not familiar to you, call the insurer and the billing physician to resolve.
  • If your wallet is stolen, contact your insurance company just as you would your credit card company. Don’t carry your Medicare card in your wallet. Carry a photocopy and black out the last four digits of the SS#.
  • Urge your health care providers to ask patients for photo ID’s.
  • Ask your doctors for copies of everything in your medical files, even if you have to pay for them.
  • Monitor your credit report at www.AnnualCreditReport.com. If you see medical billing errors, contact your insurer and the three credit bureaus, TransUnion, Experian, and Equifax.
  • Avoid Internet and storefront offers of free treatment and supplies.
  • Ask for a list of benefits paid in your name and an “accounting of disclosures” which shows who got your records.

John Sileo became one of America’s leading Information Control Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Social Engineering Expert Quoted in CSO Article

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

“I’m trying to inspire employees to care about privacy,” he said. “If they don’t care about it at a human level, they are not going to care about the company’s privacy policy or IT security. You’ve got to get it at a primal personal level.”

Sileo ran through some memorable social engineering scenarios he’s heard during his years as a security lecturer. The first is taken from his upcoming book

Continue Reading Social engineering stories: The sequel

If you are serious about training your staff on social engineering scams, fraud detection and protecting your business from a costly data breach, start with the items above and then bring a professional social engineering expert to your next meeting or conference. Email us for more information or contact one of us directly on 800.258.8076.

Detection-Fraud: 15 Signs You’re a Victim of Identity Theft!

Detection: Fraud and Identity Theft.

“Consumers are spending considerably more time on fraud Resolution, up to an average of 30 hours in 2008. This increase may be attributed to the increased sophistication of fraud schemes.”
–    2009 Identity Fraud Survey Report, Javelin Strategy & Research

Most cases of identity theft are discovered by the victim, which reinforces the importance of monitoring your various accounts for suspicious behavior. Here are a few of the most common warning signs for the detection of fraud, identity theft or data breach:

The Top 15 Ways Victims Detect Identity Theft

  1. You receive a data breach notice in the mail from a company you do business with.
  2. Your bills or statements are not arriving in your mail (or email) on time.
  3. You notice unauthorized charges on your credit card bill or debit card statement.
  4. You notice new accounts or erroneous information on your credit report.
  5. You are denied credit for a purchase.
  6. You receive credit card bills for cards you don’t own.
  7. You are contacted by a collection agency about an item you didn’t purchase.
  8. You receive bills for unknown purchases, rental agreements or services.
  9. Businesses won’t accept your check or credit card.
  10. You are unable to set up new banking, loan or brokerage accounts.
  11. You notice withdrawals on your checking, savings or brokerage account that you didn’t make.
  12. The checks listed on your bank statements don’t reconcile with those listed in your check register. Many times these checks are made out to “Cash.”
  13. You notice a downward trend in benefits on your Annual Social Security Statement.
  14. The police show up at your door.
  15. A subpoena to appear in court arrives in the mail.

According to Javelin Strategy & Research, over the past 3 years, stolen data being used in less than one week jumped from 33% to 71%.  Identity thieves count on our lackadaisical attitude toward monitoring our wealth. Remember, actively monitoring your accounts, credit reports, and other identity documents is the best strategy to catch identity theft in its earliest stages, before it becomes a problem.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Protect Yourself Against Mail Fraud

The reality is that unsecured, curbside mailboxes are prime targets for people who are intent on committing the crime of identity theft. Although I would suggest to stop using the mail to send and receive identity documents, this is not always possible. Therefore, here are alternative suggestions:

Lock Box. Install a locking mailbox that can be accessed only by you. These generally have a mail slot that allows the postal service to put mail into the box. Many newer neighborhoods already have some form of locking mailboxes.
P.O. Box. If a locking mailbox is not possible, get a P.O. box at your local post office and have sensitive documents sent there. It is a little bit more work, but gives you much more privacy.
In Person. When mailing sensitive documents, walk them into the post office and hand them to a postal worker. If it is after hours, drop the mail through an internal slot in the building. If there is no internal mailing slot, mail it the following day. This cuts out the most vulnerable stages of mailing.
UPS/FedEx. Have identity documents sent by UPS or FedEx and make sure that you require a signature for delivery. This makes the information harder to steal and you can track its location at anytime, which will alert you if the document isn’t delivered in a timely manner or is diverted somewhere else.
Send Checks to the Bank. Have sensitive documents (like new checks or credit cards) sent to your bank rather than to your home address. Pick them up there.
Watch for Cards. When new credit cards are coming through the mail, watch for them and call the credit card company if they don’t arrive in 7 to 10 days.
Quick Retrieval. If you are unable to install a locking mailbox and don’t have access to P.O. boxes, retrieve any mail within an hour or two of delivery. This lowers the exposure time of your mail.

According to the Identity Fraud Survey Report by Javelin Strategy & Research, 8% of all known identity theft is committed by mail fraud and the misuse can last for up to 175 days. But mail fraud is very difficult to catch, which means that the numbers are probably significantly higher. Just by protecting your mail against Identity Theft you can reduce your chances of becoming a victim by at least 8%.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by [intlink id=”15″ type=”page” anchor=”Contact John Sileo”]email[/intlink] or on 800.258.8076.

The Fear of Honesty

We’ve gone soft; we fear honesty. I think we even fear being honest with people more than we fear people being honest with us. Honesty has become synonymous with ugly confrontation, rather than just being, well, honesty.

Yesterday, a good friend emailed me a two sentence note reminding me that I hadn’t done something that I’d promised I would do. What I had promised is immaterial to this post, but that I had promised to do it, and then failed, is very important. I gave my word to a good friend, and then ignored my promise. And he had the guts to remind me. In fact, he’s laughing at me right now that I even consider his reminder to be a big deal, because to him it would be phony not to remind me. That’s who he is. And he’s a better friend for it. And in no way could what he did be called confrontational. Direct, yes. Honest, yes.

Here’s the striking part that makes me uncomfortable — I only have THREE friends (in addition to my wife, who is my honesty compass) who have the backbone to call me on something like this. And that makes me sad, because I have many friends, and it means that most of the time I’m probably not hearing the whole truth, maybe just a watered down version of what they think I want to hear. And who knows, maybe that is what I want to hear. Worse yet, I’m not sure I would have confronted me like my friend did (even though it was something minor), which means that I’m no better that those I’m condemning as soft.

But I’m condemning you (us) anyway. I spend my entire workday in the world of fraud; how people are conning each other out of money, mostly. I am surrounded by stories of the wickedly, cleverly dishonest. And I have to say, by shutting up and putting up with them, we enable them. Let me share an example.

As you’ll see from previous posts, I’m constantly being asked for my opinion on the negative impact of social networking (Facebook, Twitter, YouTube, etc.) in the workplace, especially by the CEOs of companies. When people ask me about this, they are usually asking because they want an answer from a privacy perspective: how information is leaking out of their company through social media. Which it is, and I share that with them. But they ask with such urgency – like they are trying to find a reason to crack down on its use.

But the more honest answer that I rarely mention, an answer they themselves sense and are unwilling to confront, at least person to person, is that the real damage of social networking on the workplace comes from the fact that we are spending our work day in personal conversations (enabled by social media) that seriously and negatively impact our productivity. We say that we tweet for business reasons, but a lion’s share of our surfing is personal. How often are we reminded that we’re not getting paid to get back in touch with high-school buddies. Now, I might write it in an article, but to actually say it to someone’s face (the offender) is an entirely different gravity of backbone.

Do we fear offending people, or not being liked? Are we afraid we might get fired, or lose a friendship? I don’t think so.

I think we have unknowingly created a culture that punishes people for honesty:

  • We become social outcasts because we let a neighbor know that their kid was mis-behaving in our home (which he was) and we don’t ask them to stop negatively spinning the story to the rest of our neighbors. And we defend our kid, even when we know that they were mis-behaving.
  • We don’t listen to the news unless it is slathered and tainted with our own self-centered political perspective (do you really think you are getting the most honest version of the story from Glenn Beck or Keith Olbermann?). We don’t want the actual news, we want yummy confirmation about our vision of how the world should be. In the media, honesty is just too boring. If you don’t have an outrageously provocative opinion (by definition, dishonest), it just won’t sell. How many of us watch The Lehrer Report on PBS? How many of us just dismissed that reference to impartiality based on our political views?
  • We ask for 360 Feedback at work and once it is given, go home and complain about how “off” our boss was. But we never tell our boss, we never have the conversation.

The net result of Fearing Honesty is that we become dishonest with ourselves. We drink the Cool-aid, so to speak. We know that no investment returns 15% year, even in bad years, but we continue to give our money to the Bernie Madoffs of the world, hoping. We tell our spouses that the relationship is strong because we can’t bare to tell them the truth. Instead of being direct, we step out on them. We know we need to change, but not as much as the next guy.

Even if you’ve made it this far in the article, you probably won’t see the world differently when you look up from the screen. I’m wondering if I will. If so, it will be thanks to my friend.