Tag Archive for: identity theft expert

Clean Up Your Online Profile with Fox and Friends

SCAM ALERT: Target Texting Scam

SCAM ALERT! There is a Target texting scam going around. The text looks similar to the one in the picture to the left, and generally says you’ve won a $1,000 gift card if you simply click on the link and collect the money. When you click on the link, it takes you to a Target-looking site that a criminal has set up to collect your private information. The information is then used to steal your identity. In other cases, clicking on the link installs a small piece of malware that takes control of your phone and forwards your private information to the criminals.

 

Where do the criminals get my mobile phone number to text me in the first place?

  1. They purchase it off of black-market sites on the internet
  2. You give your mobile number away to enter contests, vote on reality shows, etc.
  3. You post it on your Facebook profile for everyone to see
  4. Data hijackers hack into databases containing millions of mobile numbers
  5. Most likely, the thieves simply use a computer to automatically generate a text to every potential mobile phone number possible (a computer can make about a million guesses a second).
What can I do to protect myself and my phone?
  • If you receive a text from any number you don’t know, don’t open it, forward it or respond to it
  • Instead, immediately delete the text (or email)
  • If you accidentally click on the link, never fill out a form giving more of your information
  • Place yourself on the national DO NOT CALL list.
  • Stop sharing your mobile phone number except in crucial situations and with trusted contacts
  • Remember when you text to vote or to receive more information, enter sweepstakes or take surveys via text, they are harvesting your phone number.
  • Resist the urge to post your mobile number on your Facebook wall or profile

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust. He is CEO of The Sileo Group, which helps organizations protect their mission-critical privacy. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation  or watch him on Anderson Cooper, 60 Minutes or Fox Business.

Child ID Theft Expert: Your Child is 51X More Likely to Become Victim

Allowing our children the innocence of their childhood is paramount to us as parents.  Because our children are pretty much the center of our universe, we want to do everything in our power to keep them safe and to safeguard their futures. In this information age, identity theft has become global in its reach and can have devastating consequences for our children’s futures if we’re not vigilant from the day they acquire a Social Security number.

Why are our kids, the very people we most want to protect, so vulnerable? Because they have unused, unblemished credit profiles. Richard Power, Distinguished Fellow, Carnegie Mellon CyLab, recently published the first ever child identity theft report based on identity protection scans of over 40,000 U.S. children. It is extremely alarming that 10.2% of the children in the report had someone else using their Social Security numbers. That figure is 51 times higher than the rate for adults of the same population.

We take so many steps to protect our children. But how often do you check their credit report? “Check my kid’s …credit report?,” I can hear you say. “She is only seven! She doesn’t even have her front teeth yet, let alone a credit card! There are so many years to go before we need to worry about that. Right?”

Unfortunately, no. Because children have untouched and unblemished credit records, they are highly attractive targets. Child identity theft is profitable, hard to detect and a nightmare to recover. Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it. If it’s not discovered in time, fraudulent use of your child’s identity could mean the loss of educational and job opportunities and starting off adulthood at a serious disadvantage with someone else’s bad credit in her name. All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.

“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask. Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.

All too often, background checks involve simply matching the name and the Social Security number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.

In no time at all, your child could have a maxed out credit card, unpaid bills and a huge mortgage for beachfront property across the country. You might not discover the illegal purchases until your child opens a bank account, applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Do the gaping holes in our current credit system and the audacity of criminals leave you enraged? They should. It is imperative that you use your anger as fuel to protect and prepare your children’s future before it is too late. In Part II of this series, we will talk about the specific steps to take in order to protect your child from identity theft.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com.

 

“Clickjacking” and “Likejacking” – Be Aware!

None of us wants to be part of a scam that allows links to be forwarded as if from a friend, invading their privacy and endangering their sensitive  information. It’s not always easy to avoid bad sites but by just being aware of the problem, you can become more adept. The following article is a summary of an original post By Rob Spiegel, E-Commerce Times.

In its on-going effort to mitigate spam activity, Facebook filed a lawsuit against a company that allegedly ran a “likejacking” operation. “We’re hopeful that this kind of pressure will deter large scale spammers and scammers,” said Facebook spokesperson Andrew Noyes. The state of Washington is also applying pressure, having mounted a similar lawsuit against the same company. Both suits were filed citing violation of the CAN-SPAM Act, which prohibits the sending of misleading electronic communications.  Facebook and Washington state filed federal lawsuits on Thursday against Adscend Media for “clickjacking,” a form of spamming that fools users into visiting advertising sites and divulging personal information.


“Likejacking” is similar; victims are tricked into using Facebook’s Like button to spread spam. Users believe links to spam sites are being sent to them by friends, and the advertiser collects money from clients for every user misdirected. A prominent example is the indictment in California of self-proclaimed “spam king” Sanford Wallace in August, Noyes said. “Two years ago, Facebook sued him, and a U.S. court ordered him to pay a (US)$711 million judgment. Now he faces serious jail time for this illegal conduct.” Facebook also secured a $360.5 million judgment against spammer Philip Porembski, said Noyes, which “followed an $873 million spam judgment in 2008 against Adam Guerbuez and Atlantis Blue Capital for sending sleazy messages to our users.” The Guerbuez judgment was the largest award ever under the CAN-SPAM Act, he noted.

Clickjacking is a programming technique that employs a seemingly innocent button to trick users into visiting sites unintentionally. Likejacking is a similar technique that utilizes Facebook’s Like button. The technique is also referred to as “UI redressing.” Clickjacking is “quite well understood,” Roger Kay, founder and principal of Endpoint Technologies, told the E-Commerce Times. “It is used by both legit and illegit programs.” Both clickjacking and likejacking are designed to trick users.

“When someone browsing clicks on a site, the site can execute arbitrary code in the browser,” said Kay. “It can set a cookie, say, for Amazon (Nasdaq: AMZN), or do more nefarious things, like inject malware designed to call other malware later.” Clickjacking has been prevalent for years, and likejacking has become similarly entrenched. Many users of Facebook have likely experienced it in the form of a product-related message that seemed to be from a friend. “The use of the technique is widespread,” said Kay. “Consumers need to use better judgment about which links they click on.”

Links can be forwarded as if from friends, and some come-ons are pitched just right to get around the user’s suspicions he noted.”If you’re the target of a spear phish, then the attack is tailored to you,” said Kay. “So, avoiding bad sites becomes a kind of ninja art everyone must learn.”

 

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.

Whose Device – Yours, Mine or Ours?

Carrying multiple personal devices is a pain and, yet, the fear of giving away critical company data is a nightmare.

For most of us, being connected equals being productive. However, this simple equation becomes complex when one has to juggle personal devices with those issued by our employers. Paramount in an employer’s mind is the protection of the company’s critical and confidential business data but they don’t want to alienate employees by being too restrictive on using their personal smartphones and tablets.

Recent research has found that nearly three out of four adults don’t protect their smartphones with security software and these same people often use their devices to access social media and websites that attract cybercrooks. Poorly-secured  devices can be easily accessed by hackers who are becoming evermore sophisticated and ferocious.

This device conundrum ties directly to corporate IT culture and the question of allowing employees to use personal devices to conduct business. The solution ranges anywhere from an outright ban (which employees often ignore) to fully embracing an employee’s choice, while building corporate safeguards to block spam and corrupt application downloading. Some companies permit it with tight controls such as having the ability to wipe the gadgets clean of all information in the case of loss. Of course that means all personal data will be wiped along with business data but studies show employee satisfaction (ergo productivity) is tied to exercising personal preference of devices.

Security and legal teams wrestle with this dilemma constantly in the mobil world of today and there’s no clear cut answer. Protecting a company and its clients’ data is essential; but also, productivity, efficiency, organization and responsiveness are but a few benefits of giving employees their choice of gadget.

Arming those same employees with the safety measures to secure their devices from fraudulent activities is where IT departments can manage risk. Building a parallel strategy that serves both corporate IT and the end-user is not only necessary, it is beneficial to the bottom-line.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.

 

 

 

 

 

 

 

 

 

 

Child Identity Theft (Part II)

If you missed the first part of this series, please visit Child Identity Theft  (Part I).

Child Identity theft is the fastest growing sector of the identity theft “industry,” and the numbers are staggering. Although it’s difficult to estimate exactly how many children lose their identities since the crime can go undetected for years, the FTC states that 5% of identity theft cases target children, which translates into 500,000 kidnapped child identities per year, and growing. The Carnegie Mellon CyLab Report states that in 54% of the cases, the child was under the age of 14.

The identity thief is not always a stranger. In many cases, it’s a relative with bad credit who takes advantage of a child’s pristine credit. Conveniently, these family members generally have access to the information necessary to maximize the fraud with little attention. This seems absurd, but imagine a parent who is strapped for cash, has a bad credit score and needs to buy groceries. In this case, short-term thinking blinds the relative or friend to long-term consequences. In other instances, the child’s future is not taken into consideration at all.

Frankly, it doesn’t take much to get the crime underway; all a criminal needs is the child’s name and Social Security number. These pieces of personal information are exposed in a variety of ways:

  • When registering for daycare, schools and recreational sports
  • On medical, dental and hospital records
  • When joining organizations like the Girl Scouts, Boy Scouts, etc.
  • When the above information is permanently stored and accessed by volunteers or employees
  • When one of the above organizations is breached by a hacker or malicious software
  • When an adult befriends your child on a social networking site (MySpace, Facebook) and eventually socially engineers private information out of them

The Three Basic Types of Child Identity Theft

  1. Financial identity theft occurs when the name and Social Security number is used to establish new lines of credit.
  2. Criminal identity theft happens when the criminal uses the child’s identity to obtain a driver’s license or substitutes the child’s identity if caught in a criminal act.
  3. Identity cloning entails using a child’s identity (via information collection or a black market ‘purchase’ of personal information) for medical, financial, criminal and governmental purposes. The most common form of cloned identity theft is committed on behalf of undocumented workers looking for an identity that will keep them working in this country.

For parents, cleaning up the disaster of identity theft for their children is costly and incredibly time consuming. Getting a new Social Security number is almost impossible, and rarely the best option.

Taking steps right now to protect your child from this horrible crime is one of the greatest investments you will ever make in their financial and emotional future.

Protecting Your Children

Acting now on behalf of your child will protect them from consequences common to child victims:

  • Starting adulthood with a credit rating low enough to scare away the hungriest of loan sharks
  • Being denied a first loan, credit card or apartment rental because of a crime committed 10-15 years earlier (the passage of time makes this crime very hard to clear up)
  • Being denied access to college or a new job
  • Having a warrant out for her arrest for crimes that she didn’t commit

In the same way that you can’t protect your children from every bruise and scrape, you can’t entirely remove the risk of identity theft. You can, however, prevent or soften the fall if it does happen. Take these steps first:

  1. Watch for mail in your child’s name. This is a potential sign that credit has been established using their identity. The most common types of mail that signal identity theft are financial (pre-approved credit cards, etc.).
  2. Consider ordering a free credit report for your child. If you suspect foul play, write to the three credit reporting bureaus (Equifax, Experian and TransUnion) to see if your child has a credit profile (no profile, no chance that it is being used illegally). If they do have an active credit profile, you will need to resolve this with the specific credit bureau. Please note that requesting your child’s credit report repeatedly can actually establish a credit profile in their name. For a more convenient option, use an identity monitoring service for you and your family that alerts you when credit is established in any of your names.
  3. Stop giving out your child’s personal information. Until you are confident that it is absolutely necessary to receive the services desired, withhold their personal information. More than 80% of organizations that ask for your child’s Social Security number don’t actually need it to establish services. If you must give it, ask them how they will use it, how long they will keep it and how it will be protected while they have it.
  4. Protect your child’s identity documents. Birth certificates, passports, bank account information, wills and trusts involving children should all be locked securely in a fire-safe or bank’s safety deposit box. Physical document theft is one of the most prevalent ways kid’s identities are stolen.
  5. If you find evidence of fraudulent activity, contact the police, the source of the fraud and all three credit bureaus. Filing a police report helps to establish your child’s innocence in an official way.Have the credit bureaus FREEZE your child’s credit for maximum protection. Keep detailed records of all correspondence between yourself, the police, the merchant and the credit bureaus. It will come in handy should you ever find yourself in court, as I did.
  6. Educate your children on the importance of protecting their personal information. Teach them about the value of their personal information: their name, address, phone numbers, email address, Social Security Number and any passwords and PIN numbers. Reinforce that they own their private information and that it should not be shared with friends, over the internet or with anyone whom they don’t know or trust.Education is absolutely the best financial gift you will ever give to them.

In the case of child identity theft, an ounce of prevention is worth a lifetime of financial security. Don’t let the center of your universe become just another statistic. Because you love and protect your children as much as I do, start this process immediately.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com.

7 Steps to Secure Profitable Business Data (Part II)

In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.

  1. Start with the humans.
  2. Immunize against social engineering.
  3. Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
  4. Eliminate the inside spy. Most businesses don’t perform a serious background check before hiring a new employee. That is short sighted, as much of the worst data theft ends up being an “inside job” where a dishonest employee siphons information out the back door when no one is looking. In the consulting work we have done with breached companies, we have discovered the number one predictor of future theft by an employee – past theft. Most employees who are dishonest now were also dishonest in the past, which is why they no longer work for their former employer.Strategy: Invest in a comprehensive background check before you hire rather than wasting multiples cleaning up after a thief steals valuable data assets. Follow up on the prospect’s references and ask for some that aren’t on the application. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work. More importantly, letting your prospective hire know in advance that you will be performing a comprehensive background check will discourage dishonest applicants from going further in the process (watch the video for further details). I personally recommend CSIdentity’s SAFE product, which is a technologically superior service to other background screen services.
  5. Don’t let your mobile data walk away. In the most trusted research studies, 36-50% of all major data breach originates with the loss of a laptop or mobile computing device (smart phone, etc.). Mobility, consequently, is a double-edged sword (convenience and confidentiality); but it’s a sword that we’re probably not going to give up easily.Strategy: Utilize the security professional mentioned above to implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after 5 minutes of inactivity and check the box that requires you to enter your password upon re-entry. This will help keep unwanted users out of your system. Finally, lock this goldmine of data down when you aren’t using it. Either carry the computer on your person (making sure not to set it down in airports, cafes, conferences, etc.), store it in the hotel room safe, or lock it in an office or private room when not using it. Physical security is the most overlooked, most effective form of protection.
  6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out. The problem tends to be that no one in the business uses it consistently.Strategy: Take a day to pretend that you are your fiercest competitor and sort through all of the trash going out your door for sensitive documents. Do you find old invoices, credit card receipts, bank statements, customer lists, trade secrets, employee records or otherwise compromising information? It’s not uncommon to find these sources of data theft, and parading them before your staff is a great way to drive the importance of privacy home. If your employees know that you conduct occasional “dumpster audits” to see what company intelligence they are unsafely throwing away, they will think twice about failing to shred the next document. In addition to properly disposing of new documents, make sure that you hire a reputable on-site shredding company to dispose of the banker’s boxes full of document archives you house in a back room somewhere within your offices.
  7. Anticipate the clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, noncompliant server farm, you will ultimately be held responsible when that data is breached.Strategy: Spend a few minutes evaluating your business’s use of cloud computing by asking these questions: Do you understand the cloud service provider’s privacy policy (e.g. that the government reserves the right to subpoena your Gmails for use in a court of law)? Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)? What happens if the cloud provider (Salesforce.com, Google Apps) goes out of business or is bought out? Is your data stored locally, or in another country that would be interested in stealing your secrets (China, Iran, Russia)? Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control? If you are bound by HIPAA, SOX, GLB, Red Flags or other forms of legislation, you might be pushing the edges of compliance.

By taking these simple steps, you will begin starving data thieves of the information they literally take to the bank. This is a cost-effective, incremental process of making your business a less attractive target. But it doesn’t start working until you do.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

Comprehensive Opt Out List for Marketing Databases

Major data breaches like the recent Epsilon Breach occur frequently, even if you don’t hear about all of them. With all the publicity surrounding this particular breach, people have been asking how to remove themselves from some of those marketing lists that are frequently compromised.

Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.

So, how do I get out of marketing data bases?

Most databases allow you to opt out of having them share and sell your information, you just need to find out how.  Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.

The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.

Even if you opt out, unfortunately, most of these sites still retain your information in their databases, meaning that you are still at risk of a breach. But until we have stronger consumer rights governing our private and personal information, opting out is the best you can do.

 

Tired of Being Tracked by Websites? Do Not Track is Here.

In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.

The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.

Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.

In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.

Mozilla Firefox version 4.0 is still in beta while they make sure they get any glitches fixed. So don’t install it unless you are comfortable with using beta (often glitchy) software. It has been out for many weeks now, and most of the glitches are probably resolved at this point.

To add the Do Not Track functionality, download and install the latest version of Firefox 4, and then go to Firefox -> Options  -> Advanced. Check the “Do Not Track” box and save your settings.

When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking.  You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. I recommend that users go in and try this out. This is the best way to give them feedback so they can make our browsing experience as safe as possible.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Don’t Have a Fraudulent Valentine’s Day

Romance is in the air, but so is fraud.

I hate it when scammers take advantage of you on holidays. In fact, I don’t much like being the person responsible for telling you that fraud goes way up during holidays like Christmas and Valentine’s Day. But it’s my job, and it’s important to me, and you have nothing to worry about if you are using common sense. In case your common sense is lacking due to all of the chocolate, here are some thoughts on Valentines Scams.

In happy and/or busy moments, people tend to let their guard down. Consumers are happier, more trusting, generous and hopeful around Valentine’s Day. This is a good thing. We want people to be happy, in love and celebrating each other.

I just don’t want you to be so distracted that it gives an identity thief an opening to take advantage of you. Around this time there is a rise of online scams, especially where thieves send out malicious links that direct you to a site where you are tricked into giving personal information.

The problem with malicious links is that they appear to be sent by someone you trust, especially when they come from a friend on Facebook or another social netowork. Most people click on them because they look like they are from a friend, legitimate company, bank, or other business that you have dealt with in the past. Also, around Valentines day, the message might appear to be from a  flower, candy or gift company that is giving you some amazing offer, and all you have to do is click!

While these malicious links can be sent by email most people don’t realize you can get them via Facebook, Twitter, IM, or even text message. Scammers have gotten more sneaky and creative with their methods of attack. With Valentines Day right around the corner they will be disguised as friends or businesses tapping into your romantic, loving, and trusting side.

Watch out for companies offering you 50% off on 1-800-flowers if you purchase them from their (phony) site. Maybe it’s a free offer from Match.com or link a “friend” has sent to check out the best Valentine’s Day gifts this year. In other words, just be extra careful about anything you click on that has to do with the holiday. You are better off typing the URL of where you want to go (flower store, chocolates, etc.) in the address bar.

Here are a few ways that criminals hid Malicious links so that you have a harder time spotting them:

  • A slight misspelled version of a trusted URL
  • Using a URL shortener (Tiny, bit.ly) to hide the actual URL
  • Use simple HTML formatting to hide the real URL. This is very common and hard to spot because while you are clicking on www.firstbank.com it is actually a dangerous link in disguise that takes you to a malicious site.

Here are a few ways that you can protect yourself for being duped this Valentine’s Day.,

  1. Always type the website you wish to visit directly into the browser. Do not click on a link and just assume that it is safe.
  2. Don’t click on anything that has been sent from someone you don’t know or from someone you do know but seems out of character.
  3. Don’t click on anything that said it was sent by your bank or any other bank. Call the bank up directly to verify the email and type their web address into your browser.
  4. Don’t click on a link that says it is an urgent situation. Many times, scammers will try to scare you into thinking you have to click now or something bad will happen. That is never the case. Call the company directly on their known phone number to handle the situation.
  5. And most importantly, unlike true love, if something seems too good to be true, it probably is. Research it further.

On this Valentines Day, make sure that you don’t get swept up in the moment and taken advantage of by a scammer. No matter what the holiday is, always make sure that you are thinking with your head and not just with your heart when protecting your most important asset… your identity.

John Sileo loves Valentine’s Day because he gets to celebrate with his wife, whom he has had a crush on since he was 8. He is the author of Privacy Means Profit and earns his keep delivering highly motivational identity theft speeches.