Posts

Roommate Identity Theft? Beware and Be Wise

It’s time for young adults to head off to college or move away from home for the first time. This is by far the highest risk group for identity theft for several reasons.  When these kids leave the nest, it’s the first time they are getting true financial independence, which they might never have been trained to handle.  They have access to credit cards, new bank accounts, and they’re managing it themselves.  That may be a huge red flag that there’s going to be trouble.  Secondly, they’re going into an environment where their stuff is not particularly protected.  They’re in a dorm room or apartment, they’ve got roommates that may need extra cash; they know they can take advantage of them.  So it’s a high risk environment.  The third reason is because they do so much online.  There’s so much social media interaction and that’s where tons of information is stolen. Take the steps listed below and talk to your newly-independent kids about implementing them.  It will help them out not just this year but will also help them build their financial future going forward.  Your identity is pretty much everything in terms of your net worth. You’ve got to take care of it now.

  • Secure Your Information: invest in a safe box and lock up any documents that contain private information such as bills, bank statements, checks, and credit card info.
  • Be Wise with the Information You Share: it’s our nature to trust our friends, family and roommates but they’re often the very people who assume your identity and wreak havoc with your financial future. Don’t make reference to any information that might be used as part of a password such as your mother’s maiden name, a childhood pet’s name, or the street on which you were born. That could be just the key that unlocks a private account.
  • Use Secure Passwords and Don’t Share Them: It’s vital to create secure passwords using upper and lower case letters, numbers and symbols. Be careful when logging in to inadvertently share your password with others (shoulder surfers).
  • User Paperless Billing or Get a P.O. Box: you’ll be sure to keep bills, bank statements and other personal information private if your roommate has no access to them.
  • Be Careful When Conducting Personal Business: wait until you are alone to call your bank to resolve an account issue or log into your student loan website.
  • Log Out of Accounts: if you share a computer, protect your personal accounts with passwords and always close your session by logging out. Though it might be convenient, don’t let your computer store user names or passwords. Keep personal computers locked and password protected when they aren’t in use.
  • Beware of Friends of Friends: roommates aren’t your only risk when living with others; remember that although you may have chosen your roommate, you haven’t chosen their friends and you can’t vouch for their integrity. If your roommate has no access to your private information, neither will their friends.

Your credit rating, your financial future, ability to borrow, job opportunities, even a criminal record can all be affected by identity theft. Why take the risk? Do everything in your power to protect your most valuable asset, your identity. Don’t become a victim of “friendly fraud.”

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

$10 Buys Thieves Access To A Dead Person's Identity

You may think your deceased loved ones are safe from having their identities stolen. Not true! The Death Master File contains data about millions of deceased people including the full name, Social Security number and other personal information. Though you’d think this would be carefully guarded, the Social Security Administration provides the file to the Department of Commerce’s National Technical Information Service (NTIS). NTIS, in turn, distributes it to more than 450 entities including state and local governments, hospitals, universities, financial institutions, insurance companies and genealogy services. Even worse, anyone can access the information through the NTIS website. The cost? $10 for one person or an annual subscription with unlimited access to all of the files of deceased individuals costs $995.

The Social Security Administration created the file to help financial institutions and businesses prevent identity theft by using the file to cross-reference applicants and customers to verify they’re not using a dead person’s identity. According to CNN Money, Senator Bob Casey, Democrat, Pennsylvania, said the agency is “inadvertently facilitating tax fraud” and has called for restrictions to be placed on access to the Death Master File. The IRS has been adding protections but it’s struggling to keep up with a surge in tax fraud. The Treasury Inspector General said in May that the IRS could end up doling out $26 billion in fraudulent refunds over the next five years. In a congressional hearing in May, IRS deputy commissioner Steven Miller said that as of mid-April, his agency had already flagged 91,000 tax returns that were filed under the names of recently deceased individuals.

About 2.4 million deceased Americans each year get their identities stolen according to ID Analytics. Besides taking revenue from the government, thieves steal the personal information to apply for credit cards, cell phones and anything that requires a credit check. And think of the toll it takes on the families that have just lost a loved one. Their grief is compounded by having to rescue that person’s identity. 

Because of the Freedom of Information Act, it’ll take legislation to restrict access to the file unless the Office of Management and Budget finds a way to limit access and cut down tax fraud. The best action you can take to protect your private information while you’re alive (and that will carry over in death) is to freeze your credit. A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

User Distrust at Heart of Facebook Troubles

Satisfaction with social-networking powerhouse Facebook has slumped, according to the latest survey from the American Customer Satisfaction Index — hitting a new record-low score in the social media category that placed it in the five lowest-scoring companies out of more than 230 surveyed. There are several immediate factors that undermine user trust:

  • Inconsistency. Facebook’s user interface changes constantly (think Timeline) and this inconsistency leaves users feeling like they don’t know what to expect next from the social media site. Consistency builds trust, but Mark Zuckerberg doesn’t seem to have much vision for consistency.
  • Lack of Transparency. The average user has very little comfort with or knowledge about how Facebook is collecting, analyzing, using and selling their personal data. While Facebook has a range of privacy and security settings, most users still don’t comprehend the enormity of the information that Facebook collects on them. This lack of transparency leaves users with a bad taste in their mouth, like they are being cleverly deceived for the sake of profit.

Facebook is staring down some potentially unnerving obstacles when it comes to key areas of monetization and growth: public distrust and display ad apathy.

Look at these highly revealing statistics:

  • 59% of Facebook users said that they had little to no trust in Facebook to keep their information private according to a recent AP-CNBC poll.
  • Despite these ongoing concerns, the number of users continues to increase. Facebook has grown to 900+ million monthly active users worldwide. This paradox (that Facebook continues to add users even though most of us don’t trust them), suggests a level of reliance bordering on addiction.
  • 54% of Facebook users declare that they don’t trust Facebook using the platform for financial transactions like purchasing goods or services.
  • 83% of Facebook users say they never, or rarely ever, click ads or other sponsored content when they use the site.

Facebook is facing a crisis of trust. For now, they are masking it well and continuing to grow, unless that is, if you judge their success by revenue rather than users.

John Sileo is an award-winning author and data security speaker on social media over exposure. He is CEO of The Sileo Group, which advises organizations on privacy strategy, data security and fraud prevention. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Yahoo Hacker Wake-up Call WILL FAIL (Data Breach)

Yahoo BreachA hacking group known as D33Ds Company leaked about 453,000 hacked email addresses and passwords of Yahoo Voices users in order to send a “wake up call” about poor data security practices at Yahoo. The information posted online was NOT restricted to YahooMail login credentials, but included Gmail, Hotmail, Aol and Yahoo user information. In the past few weeks, there have been similar breaches at LinkedIn, eHarmony, Formspring, Nvidia, and AndroidForum. Whazzzup?

Corporations are clearly ignoring warnings that are now commonplace from privacy and security experts: protect your customer data or lose stock value, subscribers and ultimately, your brand reputation.

The average business will NOT take responsibility for preventing a similar breach of their data until AFTER THEY GET HIT. Which is why 95% of companies will hit the snooze button on the wake-up call.

Here is a short list of the mistakes made by Yahoo (and lessons learned) that your company should implement (unfortunately, only 5% of forwarding-thinking companies will do something about):

  • The credentials file (which contained the usernames and passwords for Yahoo sites as well as Microsoft, Google and others) was stored in both an encrypted (good) and unencrypted (bad), text format. Translation: Yahoo started to take steps to protect themselves but didn’t finish the job of applying a secret code to the sensitive parts. Lesson: Intention isn’t good enough in business, you must have follow-through and accountability built into your culture of privacy. 
  • Yahoo didn’t adequately protect against one of the most damaging and common types of attacks (known as a SQL injection attack), which suggests that they didn’t have all of their operating system and security software up to date. Lesson: New year, same old story. For years, businesses have been skipping the simplest of anti-hack fixes – update your software.
  • Yahoo failed to require their users to implement strong passwords (hey, that’s our fault as users, too – we have a responsibility to use strong passwords). In this case, it would have done nothing to protect the end users, but in most cases it does. Lesson: Force strong passwords on your users. They’ll get over the pain and will thank you when they don’t get breached. 
  • Yahoo didn’t salt the passwords as part of their protection. Lesson: Don’t even ask what salting is, just have your tech team implement it as part of your encryption.
  • Yahoo was counting on a third-party to provide security software for their assets. Remember, no one cares about your data like you do, and that doesn’t mean you shouldn’t get the right help when you need it. Lesson: If you use a third party, make sure that you perform the correct due diligence when choosing the vendor and implement proper oversight to make sure they’re doing their job.

If you don’t hand this article to your techies and ask them to prevent the same from happening to you, you will have missed the wake-up call just like everyone else.

John Sileo is an award-winning author and keynote speaker on data security, breach and online privacy. He is CEO of The Sileo Group, which helps raise the PrivacyIQ of organizations of all sizes. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentations or watch him on Anderson Cooper, 60 Minutes or Fox Business.

How to Prevent Child Identity Theft

Why are our kids, the very people we most want to protect, so vulnerable to identity theft? Because they have unused, unblemished credit profiles. According to Carnegie Mellon University’s CyLab 10.2% of the children in a recent report had someone else using their Social Security numbers. That figure is 51 times higher than the rate for adults of the same population.

Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it. If it’s not discovered in time, fraudulent use of your child’s identity could mean the loss of educational and job opportunities and starting off adulthood at a serious disadvantage with someone else’s bad credit in her name.

Oddly enough, credit checks do not have any way to match your child’s date of birth with that listed with the Social Security Administration. Therefore, the criminal can put down any date of birth and gain access to your child’s credit. The most unsettling part is thatthe age of the applicant (in this case,the person posing as your child) becomes official with the credit bureaus upon the first credit application.This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is a child and not responsible for thousands of dollars of debt.

In most cases, you won’t discover the illegal purchases and identity theft until your child applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Common Sources of Child Identity Theft

  1. Undocumented Workers who need identities to keep working in the US (see NBC News Video Above).
  2. Organized Criminals who reap huge financial gains with little risk of prosecution.
  3. Friendly Fraudsters (friends and relatives) who abuse their relationship with the child to cover debts and expensive habits.

Here are some of the ways your child’s information is stolen:

  • When registering for daycare, schools and recreational sports
  • On medical, dental and hospital records
  • When joining organizations like the Girl Scouts, Boy Scouts, etc.
  • When their identity is stored and accessed by volunteers or employees
  • When one of the above organizations is breached by a hacker or malicious software
  • When an adult befriends your child on a Facebook and socially engineers private information out of them

For parents, cleaning up the disaster of identity theft for their children is costly and incredibly time consuming. Getting a new Social Security number is almost impossible, and rarely the best option. Taking steps right now to protect your child from this horrible crime is one of the greatest investments you will ever make in their financial and emotional future.

Consequences of Child ID Theft

Acting now on behalf of your child will protect them from consequences common to child victims:

  • Starting adulthood with a credit rating low enough to scare away the hungriest of loan sharks.
  • Being denied a loan, credit card or apartment rental because of a crime committed 10-15 years earlier .
  • Being denied access to college, financial aid or a new job based on a past criminal record, falsified earnings or tarnished reputation.
  • Having an arrest warrant for crimes your child didn’t commit.

Protecting Your Children

In the same way that you can’t protect your children from every bruise and scrape, you can’t entirely remove the risk of identity theft. You can, however, prevent or soften the fall if it does happen. Take these steps first:

  1. Watch for mail in your child’s name. This is a potential sign that credit has been established using their identity. The most common types of mail that signal identity theft are financial (pre-approved credit cards, etc.).
  2. Consider ordering a free credit report for your child. If you suspect foul play, write to the three credit reporting bureaus (Equifax, Experian and TransUnion) to see if your child has a credit profile (no profile, no chance that it is being used illegally). If they do have an active credit profile, you will need to resolve this with the specific credit bureau. Please note that requesting your child’s credit report repeatedly can actually establish a credit profile in their name. For a more convenient option, use an identity monitoring service for you and your family that alerts you when credit is established in any of your names.
  3. Stop giving out your child’s personal information. Until you are confident that it is absolutely necessary to receive the services desired, withhold their personal information. More than 80% of organizations that ask for your child’s Social Security number don’t actually need it to establish services. If you must give it, ask them how they will use it, how long they will keep it and how it will be protected while they have it.
  4. Protect your child’s identity documents. Birth certificates, passports, bank account information, wills and trusts involving children should all be locked securely in a fire-safe or bank’s safety deposit box. Physical document theft is one of the most prevalent ways kid’s identities are stolen.
  5. If you find evidence of fraudulent activity, contact the police, the source of the fraud and all three credit bureaus. Filing a police report helps to establish your child’s innocence in an official way.Have the credit bureaus FREEZE your child’s credit for maximum protection. Keep detailed records of all correspondence between yourself, the police, the merchant and the credit bureaus. It will come in handy should you ever find yourself in court, as I did.
  6. Educate your children on the importance of protecting their personal information. Teach them about the value of their personal information: their name, address, phone numbers, email address, Social Security Number and any passwords and PIN numbers. Reinforce that they own their private information and that it should not be shared with friends, over the internet or with anyone whom they don’t know or trust.Education is absolutely the best financial gift you will ever give to them.

In the case of child identity theft, an ounce of prevention is worth a lifetime of financial security. Don’t let the center of your universe become just another statistic. Because you love and protect your children as much as I do, start this process immediately.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.