Tag Archive for: Identity Theft Speaker

13 Data Security Tips for Meeting Professionals – SGMP

I just finished delivering a keynote speech for the Society of Government Meeting Professionals (SGMP) at their annual convention on identity theft and protecting data in the meetings industry. Data security is a top concern in this industry because it is probably one of the most highly-targeted groups for identity theft, social media fraud, data breach and social engineering. Here’s why:

  1. Meeting professionals collect, store and transmit massive amounts of private data on attendees
  2. Data theft risk skyrockets when travel is involved, which is a frequent occurrence for meeting planners and professionals
  3. Meeting professionals are busy nearly 24 hours a day once they are onsite for the conference or meeting, meaning that they are highly distracted
  4. A single data breach of attendee data can put the organization responsible for the event out of business due to excessive costs and tight compliance regulations
  5. Conferences are generally collections of highly professional, highly valuable attendees who travel with laptops, sensitive intellectual property, smartphones, unsecured WiFi connections, etc.

Meeting professionals have enormous responsibilities throughout every stage of the planning process. Identity thieves target conferences because of the sheer quantity and value of data circulating around these events. Protecting sensitive attendee data before, during and after the event has become not only a nicety, but a necessity. Data stolen during the planning, execution or clean-up phases of your event can hamstring your organization with financial liabilities and a public relations nightmare. Start by taking these steps:

Meeting Security Before the Event

  • Secure Your Online Reservation System. If you are going to use online registration, invest in a system that delivers not only efficiency, but security. It is your legal, financial and ethical responsibility to protect your attendees’ personal information. Don’t try to do it all yourself. Hire a reputable technology provider to ensure that your data is protected behind firewalls, encryption, passwords, updated operating systems, security software and safe wireless.
  • Educate Attendees. Before they ever begin their travels, attendees should read through a quick 2-minute tip sheet on how to protect themselves while going to a conference. Simply making them aware of some of the risks that exist traveling (laptop theft, unprotected WiFi, smartphone hijacking, etc.) will cause them to pay greater attention on-site.
  • Minimize Data Collection. Collect only the data that you absolutely need and destroy it as soon as you are finished. Once you have processed credit cards, purge that information from your system. The quicker that you properly dispose of sensitive data, the lower your risk and liability.
  • Minimize Physical Files. Take as few physical files with you to the event (attendee lists, etc.) as these are easily misplaced when traveling and distracted. The more that you can keep behind a password protected, encrypted computer, the better.

Meeting Security Traveling to the Event

  • Protect Your Laptop. Almost 50% of serious corporate data theft occurs because a laptop computer is stolen. In addition to the standard forms of protection (passwords, encryption, anti-virus, etc.), carry as little data on your laptop as possible. And never leave the laptop unattended unless it is locked in your hotel room safe. Identity thieves target business travelers because they are generally rushed, distracted and carrying valuable data.
  • Think Twice about Free Wi-Fi. It is very convenient (and dangerous) to use a free wireless connection to the Internet provided by an airport, café or hotel. Unfortunately, it is nearly impossible to distinguish if you are on a safe network or one that allows thieves to pirate your information. Unless you are absolutely sure about the security in place, refrain from sending any sensitive material over a wireless connection that your IT department hasn’t configured or approved.

Meeting Security Onsite

  • Educate Attendees. Make frequent announcements at the start of each segment of your programming to remind attendees that they should not leave purses, laptops or files unattended. In addition, warn them to take care of their belongings in pre-conference material and encourage them to leave as much sensitive data at home or in the office as possible.
  • Room Monitors. Have room monitors that check badges as attendees are entering the room and that monitor purses and laptops that are left in the room during breaks (even if you warn people, some will still leave items). Make sure that you announce that room monitors are watching so that you let any would-be opportunists know that someone is watching. Just this one piece of information should discourage theft.
  • Control Digital Access. Make sure that only authorized users can access your onsite registration system. Don’t leave laptops or registration lists unattended, as they are a goldmine of sensitive data. Make sure you are using a VPN and secure wireless connection to connect back to your office or database server. Deactivate your USB drives so that data cannot be easily copied onto a USB thumb drive when you aren’t looking.
  • Provide Secure WiFi for Attendees. Setup secure WiFi (requiring a password) for your staff and attendees so that they are not broadcasting their private information over an unprotected network (which they are doing anytime they use a free hotspot without a password). Make sure that your contact onsite understands your security needs and concerns. That is part of the service they are providing.
  • Control Physical Access. Use a system of photo ID badges and room monitors to make sure that only authorized attendees have access to highly sensitive areas. You don’t want your biggest competitor to gain access to the meeting where you reveal next year’s strategy.
  • Shred Unneeded Documents. If you no longer need registration information on an attendee, shred it immediately. Every hotel or conference center should have shredders onsite that you are able to utilize. If they don’t, you might ask yourself how well they are protecting your data.

Meeting Security After the Event

  • Destroy the Evidence. When the conference or meeting is over, shred any remaining physical documents you no longer need. Purge digital files from your systems, especially those containing credit card or Social Security numbers. The less you keep on hand, the lower your changes of theft.

Above all, don’t forget to educate your staff and attendees on the risks of data theft while attending a conference. Higher levels of awareness drastically reduce the incidents of attendee identity theft and corporate espionage.

John Sileo is the award-winning author of Privacy Means Profit and America’s leading speaker on identity theft prevention, social media exposure, online reputation management and information leadership. Learn more about his keynote speeches on a variety of topics or call directly on 1.800.258.8076.

 

Tired of Being Tracked by Websites? Do Not Track is Here.

In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.

The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.

Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.

In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.

Mozilla Firefox version 4.0 is still in beta while they make sure they get any glitches fixed. So don’t install it unless you are comfortable with using beta (often glitchy) software. It has been out for many weeks now, and most of the glitches are probably resolved at this point.

To add the Do Not Track functionality, download and install the latest version of Firefox 4, and then go to Firefox -> Options  -> Advanced. Check the “Do Not Track” box and save your settings.

When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking.  You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. I recommend that users go in and try this out. This is the best way to give them feedback so they can make our browsing experience as safe as possible.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Don’t Have a Fraudulent Valentine’s Day

Romance is in the air, but so is fraud.

I hate it when scammers take advantage of you on holidays. In fact, I don’t much like being the person responsible for telling you that fraud goes way up during holidays like Christmas and Valentine’s Day. But it’s my job, and it’s important to me, and you have nothing to worry about if you are using common sense. In case your common sense is lacking due to all of the chocolate, here are some thoughts on Valentines Scams.

In happy and/or busy moments, people tend to let their guard down. Consumers are happier, more trusting, generous and hopeful around Valentine’s Day. This is a good thing. We want people to be happy, in love and celebrating each other.

I just don’t want you to be so distracted that it gives an identity thief an opening to take advantage of you. Around this time there is a rise of online scams, especially where thieves send out malicious links that direct you to a site where you are tricked into giving personal information.

The problem with malicious links is that they appear to be sent by someone you trust, especially when they come from a friend on Facebook or another social netowork. Most people click on them because they look like they are from a friend, legitimate company, bank, or other business that you have dealt with in the past. Also, around Valentines day, the message might appear to be from a  flower, candy or gift company that is giving you some amazing offer, and all you have to do is click!

While these malicious links can be sent by email most people don’t realize you can get them via Facebook, Twitter, IM, or even text message. Scammers have gotten more sneaky and creative with their methods of attack. With Valentines Day right around the corner they will be disguised as friends or businesses tapping into your romantic, loving, and trusting side.

Watch out for companies offering you 50% off on 1-800-flowers if you purchase them from their (phony) site. Maybe it’s a free offer from Match.com or link a “friend” has sent to check out the best Valentine’s Day gifts this year. In other words, just be extra careful about anything you click on that has to do with the holiday. You are better off typing the URL of where you want to go (flower store, chocolates, etc.) in the address bar.

Here are a few ways that criminals hid Malicious links so that you have a harder time spotting them:

  • A slight misspelled version of a trusted URL
  • Using a URL shortener (Tiny, bit.ly) to hide the actual URL
  • Use simple HTML formatting to hide the real URL. This is very common and hard to spot because while you are clicking on www.firstbank.com it is actually a dangerous link in disguise that takes you to a malicious site.

Here are a few ways that you can protect yourself for being duped this Valentine’s Day.,

  1. Always type the website you wish to visit directly into the browser. Do not click on a link and just assume that it is safe.
  2. Don’t click on anything that has been sent from someone you don’t know or from someone you do know but seems out of character.
  3. Don’t click on anything that said it was sent by your bank or any other bank. Call the bank up directly to verify the email and type their web address into your browser.
  4. Don’t click on a link that says it is an urgent situation. Many times, scammers will try to scare you into thinking you have to click now or something bad will happen. That is never the case. Call the company directly on their known phone number to handle the situation.
  5. And most importantly, unlike true love, if something seems too good to be true, it probably is. Research it further.

On this Valentines Day, make sure that you don’t get swept up in the moment and taken advantage of by a scammer. No matter what the holiday is, always make sure that you are thinking with your head and not just with your heart when protecting your most important asset… your identity.

John Sileo loves Valentine’s Day because he gets to celebrate with his wife, whom he has had a crush on since he was 8. He is the author of Privacy Means Profit and earns his keep delivering highly motivational identity theft speeches.

Avoid Super Bowl Scam

With any big sporting event comes the opportunity for thieves to take advantage of desperate fans. This rings true with the upcoming Super Bowl match between the Packers and the Steelers (appropriately named, but incorrectly spelled for this post on theft). Whether you watch the game for the fun commercials or to root for your new favorite team (sorry, Broncos), we can all agree that Super Bowl Sunday is almost a national holiday. With any holiday comes predators looking to take advantage of distracted and unsuspecting fans.

Here are a few Super Bowl themed scams that you should be aware of:

Fake Tickets. According to the NFL, in recent years, between 100 and 250 football fans have shown up to Super Bowl games with bogus tickets. Before booking a hotel room and hopping on a plane to Dallas make sure that you have legitimate tickets to the big game.

Michelle Reinen, director of the Bureau of Consumer Protection says, “Actual Super Bowl tickets are printed on thick, heavy paper with bar-codes, holograms and raised ink. In addition, the NFL says the tickets include heat sensitive logos that disappear with the touch of a thumb.”

Phony Sweepstakes. Avoid clicking on Super Bowl sweepstakes offers, which may feature trips to the big game or other related prizes. These e-mails could be part of a larger scam to get you to fork over funds for a chance at tickets, or scammers could be enticing you to click on a link that will download malware or other viruses onto your computer.

Treat these emails as you would any suspicious email and delete it from your inbox. Never click on unknown links.

Travel Scams. Looking to score big on a Super Bowl travel package? Be careful, because scam artists love to dream up new tricks for major sporting events. People traveling to Dallas for the game should book their travel accommodations carefully. When big games are in the works, people will often find offers that charge hidden fees for items, like tickets, that they thought were included. They may also not be booking you into the exact hotel you think you are getting. Instead of staying at the Lowes Arlington, you find yourself at their sister property in Amarillo. Book hotels directly through the hotel, or if you go through Hotels.com, Travelocity, Hotwire or Expedia, call the hotel after the reservation is made to verify what you are getting.

My biggest tip to avoid becoming the victim of a scam is to Be Skeptical. If an offer seems to good to be true, it probably is. Question everything and get verification to make sure that your Super Bowl Plans go as smooth as possible.

John Sileo is the award-winning author of the fraud prevention book Privacy Means Profit and speaks on information offense, identity theft prevention and data breach avoidance. His clients include the Department of Defense, Pfizer and the FDIC. To learn more, contact him directly on 800.258.8076.

Opening Pandora's Privacy Box

I am a huge fan and frequent user of Pandora, the internet radio station that plays songs based on learned music preferences (if you like the Avett Brothers, it knows you will probably also like Dave Matthews, etc.). Pandora is an overwhelmingly popular online radio network app for computers, smart phones and the iTouch. It provides listeners with an informed collection of songs and play-lists based on a comprehensive analysis of over 400 qualities of a song that make it specifically appealing to you. While the financial cost to users appears at first site to be nothing (if you don’t mind the occasional ad), the privacy cost can be exponentially high with Pandora selling your web-surfing habits to advertisers.

Pandora clearly states in its FAQ that they are sharing information such as your age and gender with advertisers.

“…the free version of Pandora is mostly supported by advertisements, and we want to be able to show the most relevant ads to our listeners… Since this means that you’re more likely to see an ad that’s relevant to you, we hope it’s a good thing for our listeners as well as for our advertisers, and therefore also for Pandora as a whole.”

So are they sharing more sensitive identity information? While Pandora admits that they share your age and gender, a recent Wall Street Journal Article says they are sharing more. They state that Pandora shares age, gender, location, and phone ID information with marketing firms on both its iPhone and Android mobile versions. So while advertisers won’t have your name and email address, they’ll get their hands on a lot of info about your mobile phone behavior.

Just remember when you log into Pandora and stream your free music play list, there is a cost. When you are getting something for “FREE”, there is always a cost, and it’s often your personal information. While you may not be able to immediately understand the financial impact of this, just know that your privacy is slowly flowing out of your control – one song at a time.

To increase your privacy on Pandora, visit www.pandora.com/privacysettings and restrict access as much as possible.

Is your organization trying to stem the flow of information leakage via identity theft, corporate espionage, data breach and social networking exposure? Contact keynote speaker John Sileo to inspire your audience to change their poor privacy habits from the inside out.

Identity Theft Expert John Sileo on 60 Minutes


Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a
deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.

For starters, let’s assume your business is strong, maybe even profitable in these tough economic times. In the spirit of Sun Tzu and The Art of War, you’ve dug in your forces, preparing for a lengthy battle: you’ve reduced costs, maximized your workforce, and focused on your most profitable strategies. As your competitors suffocate under market pressure, you breathe stronger as a result of the exercise. But like Achilles, your survival through adversity blinds you and even conditions you to ignore pending threats. You begin to think that your overall strength translates into an absence of weaknesses; and in general, you might be right. But Achilles didn’t die because of his overall strength, which was significant; he died because he ignored critical details. What details are you and your company ignoring?

Information, like Achilles himself, is power. And maintaining control and ownership of your information is quite possibly the most threatening Achilles’ heel any data-reliant business faces. Companies that don’t actively take control of their data are prime targets for identity theft, social engineering, data breach, corporate espionage, and social media exploitation. Regardless of your title, you have a great deal to learn from Achilles’ mistakes, and a significant opportunity to protect your own corporate heel.

Achilles 3 Fatal Mistakes and How to Avoid Them

Admit Your Vulnerabilities. Achilles forgot that he was human, failing to take inventory of his weakness in spite of superior strength. Though his faults were limited — a small tendon at the base of his foot — his failure to protect himself in the right spots proved fatal. When protecting data, it is imperative to understand that your greatest vulnerabilities lie with the people inside of your company. No matter how secure your computer systems, no matter how much physical security you deploy, humans will always be your weakest link. The more technological security you implement, the quicker data thieves will be to attempt to socially engineer those inside your company (or pose as an insider) to capture your data. Admitting vulnerabilities doesn’t have to be a public, embarrassing act. It can be as simple as a quiet conversation with yourself and key players about where your business is ignoring risk.

The three greatest human vulnerabilities tend to be: 1. Unawareness of the risks posed by data loss, 2. Lack of emotional connection to the importance of data privacy (personally in professionally) and it’s affect on profitability, and 3. Misunderstanding that in a world where information is power, it’s no longer about whom you trust, but how you trust. These symptoms suggest that your privacy training has either been non-existent or dry, overly technical, policy related and lacking a strong “what’s-in-it-for-me” link between the individuals in your organization and the data they protect every day.

If this is true inside of your business, rethink your training from this perspective: Your audience members (employees) are individuals with their own identity concerns, not just assets of the company who can be forced to follow a privacy policy that they don’t even pretend to understand. By tapping into their personal vulnerabilities regarding private information (protecting their own Social Security Number, etc.), you can develop a framework and a language for training them to protect sensitive corporate information. Like in martial arts, where you channel your opponent’s energy to your favor, use your employee’s humanness to your advantage. Pinpoint these vulnerabilities and shine the light of education on them.

Fight Prevention Paralysis. One of the most unfortunate and destructive character traits among humans is our hesitation to prevent problems. It is human nature to invest time to prevent tragedy only after we’ve experienced the pain that results from inaction. We hop on the treadmill and order from the healthy menu only after our heart screams for attention. We install a home security system only after we’ve been robbed. Pain motivates action, but the damage is usually done. You can bet that had he the chance to do it all over again, Achilles would slap a piece of armor around his heel (just like TJMAXX would encrypt their wireless networks and AT&T would secure their iPad data).

Prevention doesn’t get the proper attention because its connection to the bottom line is initially harder to see. You are, in essence, eliminating a cost to your business that doesn’t yet exist (the costs of a future data breach: restoring and monitoring customer credit, brand damage, stock depreciation, legal costs, etc.). This seems counterintuitive when you could be eliminating costs that already exist. But here is the flaw in that method of thinking: the cost of prevention is a tiny fraction of the cost of recovery. When you prevent disaster, you get a huge return on your investment (should a breach ever occur). Statistics say that a breach will occur inside of your organization, which means that by failing to invest in prevention you are consciously denying your organization a highly profitable investment. Why would you insure your business against low percentage risks (fire), but turn the other way when confronted with a risk that has already affected 80% of businesses (data breach) and has an almost guaranteed double digit ROI? It is your responsibility to demonstrate how the numbers work; spend small amounts of money preventing, or vast sums of time and money recovering.

Harden the Riskiest Targets. Once you have admitted to and cataloged your vulnerabilities and allocated the resources to protect them, it is time to focus on those solutions with the greatest return on your investment. A constant problem in business is knowing how to see clearly through information overexposure and pick the right projects. Just think of how much stronger Achilles would have been had he placed armor over his heel (which was human) rather than his chest (which was immortal). There is no financially responsible way to lower your risk to zero, so you have to make the right choices. Most businesses will gain the greatest security by focusing on the following targets first:

  1. Bulletproof Your People. Most fraud is still committed the old fashioned way – by manipulating trusting, unsuspecting people inside of your organization. Train your people for what they are: the first line of defense against fraud. Begin by preventing identity theft among your staff and then bridge this personal knowledge into the world of professional data privacy.
  2. Protect Your Mobile Data. Laptops, smart phones and portable drives are the most common sources of severe data theft. The solution to this very powerful and ubiquitous form of computing is a quilt-work of security including password strengthening, data transport limitations,  access-level privileges, whole disk and wireless encryption, VPN and firewall configuration, physical locking and human decision making (e.g., don’t leave it unattended the next time you get coffee at your corporate conference).
  3. Prevent Insider Theft: Perform thorough background checks, reference verification and personality assessment to weed out dishonest employees before they join your organization. Implement an ongoing “honesty meter” for your employees that ensures they haven’t picked up bad or illegal habits since joining your company.
  4. Classify Your Data. Develop a system of classification that includes public, internal, confidential and top secret levels, along with secure destruction and storage guidelines.
  5. Anticipate the Clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, non-compliant server farm, you will ultimately be held responsible when that data is breached. You must be aware of who owns that data, today and in the future, when your storage company is bought out or goes bankrupt.

We have much to learn from the foresight of New Zealand; they are an excellent example of how organizations should defend their Achilles’ heel. To begin with, they have begun to acknowledge their vulnerabilities in advance of the problem (in fact, their chief vulnerability is that dangerous form of innocence that comes from having very few data theft issues, so far). In addition, they are taking steps to proactively prevent the expansion of identity theft and data breach in their domain (as evidenced by the corresponding educational story on 60 Minutes). Finally, they are targeting solutions that cost less and deliver more value. I was in New Zealand to instruct them on data security. Ironically, I gained as much knowledge on my area of expertise from them as I believe they did from me.

John Sileo speaks professionally on identity theft, data breach and social networking safety. His clients include the Department of Defense, the FDIC, FTC, Pfizer and the Federal Reserve Bank. Learn more about bringing him in to motivate your organization to better protect information assets.

3 Steps To Take When Disposing Of Your Computer

By Michael Berg, CreditCards.com

Most people wouldn’t throw out their Social Security card or toss a credit card in the trash. Yet careful souls worldwide have been dumping old computers by the millions, filling landfills with exactly that kind of sensitive information, where aggressive high-tech criminals can readily scoop it up.

According to the latest statistics from the EPA, 205 million computer products were disposed of in 2007, with a paltry 48 million of those recycled. That leaves plenty of identities in the garbage stream just waiting to be poached.

Indeed, many computers are being mined for Social Security numbers, credit card information, bank statements, investment records and various other tidbits that open the door for everything from credit card fraud to full-on identity theft. While exact numbers are difficult to come by, there’s no doubt it’s happening with ever more frequency.

“I’ve personally met hundreds of people who have had their identity stolen this way,” says John Sileo, identity protection expert and author of “Privacy Means Profit,” available at thinklikeaspy.com. “The thing is, if thieves are smart — which they are — it should be a massive problem, because it’s such an easy way to get data.”

You don’t have to be a victim. Taking these three simple steps when discarding a desktop or laptop computer virtually guarantees your private information can’t be stolen.

Click Here to read the entire article.

Facebook’s Law Enforcement Phone Option | Sileo

Facebook: Press 2 For Law Enforcement

Click Here to reach Facebook’s Law Enforcement Page

PLEASE NOTE: WE DO NOT HANDLE ANY FACEBOOK COMPLAINTS OR QUESTIONS, AS WE ARE NOT AFFILIATED WITH FACEBOOK IN ANY WAY. THANK YOU. 

I received an email last night from a well-known TV anchor wanting my input on a new Facebook issue.  He’d read that when calling Facebook Headquarters, the automated attendant comes on and gives you options to reach each department, and the second option was to press 2 for “law enforcement.”

It could seem odd to many, but it’s true. If you call the Facebook Headquarters (650-543-4800) and reach the switchboard, the 1st option is “For customer support, press 1” and the second option is “For Facebook law enforcement, press 2”. Law enforcement comes ahead of business development, marketing, press, and employment verification in the list of options.  When you press 2, the next message says: “This message is only for members of law enforcement. Please note that due to a very large volume of incoming calls, the current call back time is two to four business days. For a faster response, please leave your work authorized email address… A member of Facebook’s security team will email in a timely manner.” Which means that Facebook is very busy fielding calls from law enforcement.

The anchor, and the rest of us, want to know why!

Facebook receives all kinds of requests by law enforcement, as it is essentially a diary of each and every user. Don’t confuse it with a typical diary of the pre Web 2.0 era. The modern diary (or dossier, as I more commonly refer to social networking profiles) is a photo journal, video log, friendship org chart, location status, written history, browsing analyzer, that is so effective because it can be so addictive. In other words, the Facebook activity of an average user is a digital representation of  that user’s identity. So, to net it out, here several reasons law enforcement officers call Facebook:

  • Tracking listed sex offenders for inappropriate use of the Internet
  • Civil dispute subpoenas (domestic cases, child custody, harassment, etc.)
  • Evidence used in the discovery process (establishing intent, state of mind, relationships, etc.)
  • Cases of libel or defamation
  • Terrorist activity tracking and fundraising
  • Background checks for local, regional and federal governmental positions
  • Background checks on potential jurors (see tomorrow’s story about a juror who was dismissed because of a Facebook post)

This is a fascinating and under-reported aspect of social networks – they are providing an open book on people (for good and evil) that used to take investigators (and scammers) weeks or months to collect. All you really need is a subpoena, or to friend the person on whom you are collecting data.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

Child Identity Theft Expert – Part II

 

Were you surprised the other day when I said that your children are highly attractive targets of identity thieves because they have untouched and unblemished credit records?  Let me tell you just how easy it happens.

How Does It Happen?

All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.

“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask.

Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.

All too often, background checks involve simply matching the name and the Social Security Number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.

In no time at all, your child could have a maxed out credit card, unpaid bills and a huge mortgage for beachfront property across the country. You might not discover the illegal purchases until your child opens a bank account, applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Do the gaping holes in our current credit system and the audacity of criminals leave you enraged? Me too. And it is imperative that you use your anger as fuel to protect and prepare your children’s future before it is too late.

Child Identity theft is the fastest growing sector of the identity theft “industry,” and the numbers are staggering. Although it’s difficult to estimate exactly how many children lose their identities since the crime can go undetected for years, the FTC states that 5% of identity theft cases target children, which translates into 500,000 kidnapped child identities per year, and growing. The Identity Theft Resource Center discovered that in 54% of the cases, the child was under the age of six.

In my next blog, I’ll talk about Who Does This.

Identity Theft Speaker, John Sileo

Nigerian Scam Takes a New Form

Nigerian scams happen everyday to thousands of victims in various ways: email, snail mail, fax, Facebook and for the first time in our experience, the “Contact Us” page on our website. This is significant because it shows the the technology of the Nigerian crime rings has advanced enough to foil the Captcha device on our website.

Nigerian scams (more accurately known as advanced-fee fraud) have been around for ages and were named because they originated in Nigeria. To create the scam, criminals generally claim that there is a large sum of money that can only be released to a relative of some deceased member of royalty.  Victims are asked to provide a bank account into which the money can be transferred and are promised a large percentage of the money for performing the service. In some cases, victims may also be asked to pay a fee or a series of fees for the release of the money.  Once the victim has provided account information, the criminals will often drain their bank accounts, and occasionally use that information to open new, fraudulent accounts.

If you have never seen one before I highly recommend you read this. They change frequently and recently have been taking more complex forms, but the intention is always the same: to steal your money in exchange for the prospect of wealth that never materializes.  After seeing how they try to lure you into helping them with a compelling story,  you will be able to spot them with ease and protect yourself form becoming a victim.

From: refugee camp (helise)
Date: July 24, 2010 4:11:08 AM MDT
To: john@192.241.219.145
Subject: Contact Submission [ThinkLikeASpy.com]

===================================================================
Below is a contact request from ThinkLikeASpy.com
===================================================================

Name: helise
Email: refugee camp
Phone:
Company:
Location:


Comments:
Dear friend,
My nane (sic) is Miss Helise Mambo Robert.I am constrained to contact you because of the maltreatment I was receiving from my uncle since the death of my parents. She has taken away all my late father’s treasury and properties from me since the unexpected death of my beloved parents. Meanwhile I wanted to escape to the Europe but he hides away my international passport and other valuable traveling documents. Luckily, He did not discover where I kept my father’s file which contained important documents. So, I decided to run to the refugee camp where I’m in a the Refugee now.
My late father of blessed memory deposited the sum of Fifteen Million five hundred thousand US Dollars.(US$15.5M)some where with my name as the “next of kin”.The money was inherited from my father who was the Chairman of the Zimbabwe Gold Mining Corporation before he was assassinated by the country’s president, Robert Mugabe. However, I shall forward you with the necessary documents on confirmation of your acceptance to assist me receive the fund in your country for further investments on my behalf. As you will help me in an investment, and I will like to complete my studies when I will come over to your country as I was in my 1st year in the university when the crisis started.This is the reason why I decided to contact you.
The money has been lodged with a company, since 2008. I now want to move this money abroad and invest it in Profitable ventures, as the time is now ripe for such move.I was in the school when my father and mother were assasinated (sic) by the president.Our houses and other properties were distroyed (sic).The group pretended to be rebels but we knew that it is the president that sent them because he has disagrement (sic)with him on the issue of killing the white people who are farmers in my country.My father opposed the killing and my father told him that he will expose him if he goes ahead in killing the with farmers.

WHAT I ASK YOU TO DO:

1.Firstly to assist me move this money to any stable country abroad.
2.To assist me invest the money in profitable ventures in your country or any other suitable country where you have good connections.
3. To help me re-locate me to the suggested country.
4. To manage the money in a profitable manner, preferably a joint venture deals with you. It is risk free.
Immediately I hear from you I will detail you on the procedure of moving the money to your country.

For your assistance you will get 30% (Thirty Percent) of the total amount.
You can contact me through my e-mail above for more details.
Sincere regards

Miss Helise Mambo Robert
===================================================================

John Sileo became America’s top Identity Theft Speaker after he lost his business and more than $300,000 to identity theft and data breach. His newest Book Privacy Means Profit:Prevent Identity Theft and Secure You and Your Bottom Line is available now. His clients include the Department of Defense, the FTC, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.