Tag Archive for: John Sileo

5 Business Survival Lessons from Google’s Spying

A few months ago, Google got caught sniffing unencrypted wireless transmissions as its Street View photography vehicles drove around neighborhoods and businesses. It had been “accidentally” listening in on transmissions for more than 3 years – potentially viewing what websites you visit, reading your emails, and browsing the documents you edit and save in the cloud.

Public opinion blames Google, because Google is big and rich and and scarily omnipotent in the world of information domination. It’s fashionable to blame Google. What Google did was, to me, unethical, and they should eliminate both the collection practice and their archive of sniffed data.

But the greater responsibility lies with the businesses and homes that plugged in a wireless network and did nothing to protect it. Don’t tell me that you don’t know better. When you beam unencrypted data outside of your building, it’s no different than putting unshredded trash on your curb – YOU NO LONGER OWN IT. In fact, when you take no steps to protect the data that flies out of your airwaves and into the public domain, you really have no claim against someone taking it. It’s like finding a $100 bill on an abandoned sidewalk – you can claim it or the next lucky person will. Tom Bradley of PC World agrees:

The lesson for businesses and IT administrators is that you have to put forth some effort to at least give the appearance that you intend for the information to be private in order for there to be any inherent expectation of privacy. The burden should not be on Google, or the general public to have to determine whether the data you let freely fly about unencrypted is meant to be shared or is intended for a specific audience.

The Google story illuminates 5 Business Survival Lessons:

  1. This, like so many other business issues, is not a technology problem. The technology to keep out unwanted eyes exists (unless a government wants to tap you) and is accessible and affordable. The problem is human — someone has decided to ignore what they know should be done (especially having read this article)
  2. Private information that you fail to protect is no longer your private information (pragmatically and probably even legally).
  3. In the marketplace of data, just like in business, it is your responsibility to control what you can. Not everything is in your power, but safe wireless transmissions are. Whether it’s trash in a dumpster, posts on Facebook or wireless signals, the responsibility is yours and your business’s, not just Google’s, Facebook’s and corporate America’s. You must do your part.
  4. If you don’t employ at least WPA2 encryption currently on your wireless networks, I can nearly guarantee your data is being watched. And the expense of upgrading is minor compared to the prospect of breach, so lose that excuse.
  5. Prevention isn’t sexy, but it’s profitable. Whether your are preventing data leakage, budget shortfalls, or a heart attack, the key is to do the hard work before it happens.

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Facebook Announces New Privacy Settings

Last week we announced that Facebook was changing their privacy settings – again! Well the new changes have arrived and should be active on your Facebook the next time you log in. The Instructions that will lead you through the new settings will be posted at the top of your mini-feed.

By clicking on the Learn More button you will be directed to the Controlling How You Share Page.

This page will contain a long list of descriptions of your privacy settings, what you can control and what is made public and out of your control.  Click Edit your privacy settings to make the appropriate changes to protect your information and what you want to share on Facebook.

Take the time to make sure you go step by step. Missing one option or click could mean sharing more information than you would like. Make sure you visit your Applications and Websites, Block Lists (if there is a specific person you are hiding your page from), and your Basic Directory Information.

Keep in mind, while the ability to understand your privacy settings has been made simpler, the settings themselves have not changed. You are still sharing information with businesses and advertisers with every “like” you click. Your interests are still linked and by choosing friends of friends you are still basically allowing everyone to view your profile.

Also, one of the main gripes about the recent Facebook Changes was the new “Instant Personalization” feature, which provides information about you to Yelp, Pandora, and a new Microsoft service called Docs.com to help them customize your experience. The main issue was that it was turned on by default – and it still is! If you don’t want to share this information, make sure you visit the Privacy Settings for Instant Personalization and turn it off.

Although these settings will help you keep your Facebook Profile protected, it isn’t foolproof. We offer a Facebook Safety Survival Guide that can help you protect yourself and your children online.  The best way to protect yourself while on social networking sites is to limit what you post and use your common sense.

John Sileo helps businesses tackle social networking privacy concerns. His clients include the Department of Defense, the FTC, Pfizer and the FDIC. John also wrote the Facebook Safety Survival Guide. To learn more about having him speak at your next meeting or conference or working directly with your business, contact him by email or on 800.258.8076

Medical Identity Theft Increasing

Medical records are one-stop shopping for identity thieves. There is no need to slowly gather bits and pieces of someone’s personal information – it’s all packaged together: Social Security number, name, address, phone number, even payment accounts. Crooks have received everything from medication to a liver transplant using a stolen identity. And that’s only the tip of the iceberg! More than just medical treatment is at stake. Once a thief’s medical information is entered into your records, it’s extremely difficult to get rid of that information. It’s conceivable, for example, that at a later date, you’ll need a Type A blood transfusion but be given the thief’s Type B with dire consequences.

Identity theft of medical records has more than doubled since 2008, as stated in Javelin’s 2010 Identity Fraud Survey Report. It’s not difficult to imagine the misery that a million Americans have suffered during the past two years when their identities were stolen. And the Poneman Institute, in their National Study on Medical Identity Theft, states that another half million people loaned their insurance cards to uninsured family members and friends. The unsavvy lenders have incurred huge medical bills in this “friendly fraud”.

Larry Ponemon says that, on average, it costs $20,000 to resolve a medical identity theft case. Unlike credit card companies,where the banks incur the losses, the victims often have to pay for the fraudulent care and sometimes lose their health insurance or have to pay higher premiums to restore their accounts. Even though there are HIPAA laws to protect your privacy, not all health care organizations have strict safeguards in place.

The risk goes even further: if someone is treated using your identity, your medical records will more than likely be altered and could compromise your treatment and ability to get service.  According to Larry Ponemon, “stolen medical records offer a complete dossier to get a passport in a victim’s name that could be used for terrorism.”

Ways to Protect Yourself:

  • When you receive an Explanation of Benefits from insurers, read it carefully and save – don’t throw it away even when it says “this is not a bill”! If a treatment date or doctor’s name is not familiar to you, call the insurer and the billing physician to resolve.
  • If your wallet is stolen, contact your insurance company just as you would your credit card company. Don’t carry your Medicare card in your wallet. Carry a photocopy and black out the last four digits of the SS#.
  • Urge your health care providers to ask patients for photo ID’s.
  • Ask your doctors for copies of everything in your medical files, even if you have to pay for them.
  • Monitor your credit report at www.AnnualCreditReport.com. If you see medical billing errors, contact your insurer and the three credit bureaus, TransUnion, Experian, and Equifax.
  • Avoid Internet and storefront offers of free treatment and supplies.
  • Ask for a list of benefits paid in your name and an “accounting of disclosures” which shows who got your records.

John Sileo became one of America’s leading Information Control Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Social Engineering Expert Quoted in CSO Article

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

“I’m trying to inspire employees to care about privacy,” he said. “If they don’t care about it at a human level, they are not going to care about the company’s privacy policy or IT security. You’ve got to get it at a primal personal level.”

Sileo ran through some memorable social engineering scenarios he’s heard during his years as a security lecturer. The first is taken from his upcoming book

Continue Reading Social engineering stories: The sequel

If you are serious about training your staff on social engineering scams, fraud detection and protecting your business from a costly data breach, start with the items above and then bring a professional social engineering expert to your next meeting or conference. Email us for more information or contact one of us directly on 800.258.8076.

Spokeo: Scary Bad & How to Opt Out

I found out a way to get yourself off spokeo.com!

Go to the website and look yourself up, then click on your name… once you have done that copy the URL in your web browser. Now, go to the bottom of the page. In small faded blue text, click privacy (third from the left). At the bottom of this page, you will find an “Opt Out form” link. Select that and then paste the URL link you copied from the page you found yourself on and enter your email and the “I’m not a robot” box. This is a case where I would use a second email account (your designated junk-email account), not your main email to avoid the build up of possible spam emails that follow. It will then send you an email confirmation where you must click the URL to confirm removal.  Voila! You have been removed.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him regarding speaking opportunities directly on 800.258.8076.

Identity Theft of H&R Block Customers | Sileo Group

The number of identity theft victims rose 22% last year! Although it’s important to always protect your identity, tax season makes people more vulnerable to this crime and you should be especially cautious.

H&R Block identity Theft

A recent article in the New York Times uncovers an H&R Block office in the Bronx that was infiltrated by identity thieves (apparently it was not the only office affected).

Last year, Kevin Johns, a construction worker in the Bronx, did his taxes at the H&R Block store on Riverdale Avenue that he had used for the past 20 years or so. The next day, though, he got a call from the tax preparer: his return was rejected because he had already filed. Or at least, someone had filed in his name. That someone helped himself or herself to a $8,499 refund.

Sharon Hawa, a disaster-relief coordinator with the Red Cross and another longtime customer at the same office, had a similar experience. Ms. Hawa said she went to have her taxes done, only to be told that someone had already e-filed her taxes and collected $6,145.

Both Ms. Hawa and Mr. Johns said they were told by police detectives investigating their cases that at least 20 customers of the branch and possibly many more had been robbed by identity thieves who were very likely H&R Block employees. Both said the fraudulent filers used their previous year’s adjusted gross incomes as proof of identity.

Top Tips for Tax Time Identity Theft Protection Safe Preparation

Your greatest risk of identity theft during tax season comes from your tax preparer. In this case it was because they are dishonest, but sometimes it is because they are careless with your sensitive documents. Just ask yourself how easy it would be for your tax preparer or anyone in their office to walk off with a few client folders containing mounds of profitable identity. Here are a few effective solutions:

Choose your preparer wisely

How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau? Don’t be afraid to ask for references.

Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a strong privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?

Asking professional tax preparers these questions sends them a message that you are watching. Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood. When it comes to the case with H&R Block it causes a huge loss of clients due to a damaged reputation.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=A0fcQyqBtfQ&rel=0]

Facebook Privacy: Hide from Google

The New York Times recently published an article that discusses the severe changes Facebook has made to privacy settings. This is the last post on these changes and each post gives you details on how to manage these new settings so that you can gradually accumulate your Facebook Privacy.

What Can Google See? (Keep Your Data Off the Search Engines)

When you visit Facebook’s Search Settings page, a warning message pops up. Apparently, Facebook wants to clear the air about what info is being indexed by Google. The message reads:

There have been misleading rumors recently about Facebook indexing all your information on Google. This is not true. Facebook created public search listings in 2007 to enable people to search for your name and see a link to your Facebook profile. They will still only see a basic set of information.

While that may be true to a point, the second setting listed on this Search Settings page refers to exactly what you’re allowing Google to index. If the box next to “Allow” is checked, you’re giving search engines the ability to access and index any information you’ve marked as visible by “Everyone.” As you can see from the settings discussed above, if you had not made some changes to certain fields, you would be sharing quite a bit with the search engines…probably more information than you were comfortable with. To keep your data private and out of the search engines, do the following:

  1. From your Profile page, hover your mouse over the Settings menu at the top right and click “Privacy Settings” from the list that appears.
  2. Click “Search” from the list of choices on the next page.
  3. Click “Close” on the pop-up message that appears.
  4. On this page, uncheck the box labeled “Allow” next to the second setting “Public Search Results.” That keeps all your publicly shared information (items set to viewable by “Everyone”) out of the search engines. If you want to see what the end result looks like, click the “see preview” link in blue underneath this setting.

Read more from the New York Times article that discusses the Facebook settings that every user should be aware of. Be proactive about what you share on Facebook and protect your online privacy!

Read The first 2 articles –

Facebook Privacy: Videos, Photos, and Status Updates

Facebook Privacy: Your Personal Info

Order your copy of the Facebook Safety Survival Guide to make sure you and your children are protected online.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Facebook Privacy: Your Personal Info

The New York Times recently published an article that discusses the severe changes Facebook has made to privacy settings. This is the second post on these changes and each post will give you details on how to manage these new settings so that you can gradually accumulate your Facebook Privacy.

Who Can See Your Personal Info?

Facebook has a section of your profile called “personal info,” but it only includes your interests, activities, and favorites. Other arguably more personal information is not encompassed by the “personal info” setting on Facebook’s Privacy Settings page. That other information includes things like your birthday, your religious and political views, and your relationship status.

After last month’s privacy changes, Facebook set the new defaults for this other information to viewable by either “Everyone” (for family and relationships, aka relationship status) or to “Friends of Friends” (birthday, religious and political views). Depending on your own preferences, you can update each of these fields as you see fit. However, we would bet that many will want to set these to “Only Friends” as well. To do so:

  1. From your Profile page, hover your mouse over the Settings menu at the top right and click “Privacy Settings” from the list that appears.
  2. Click “Profile Information” from the list of choices on the next page.
  3. The third, fourth, and fifth item listed on this page are as follows: “birthday,” “religious and political views,” and “family and relationship.” Locking down birthday to “Only Friends” is wise here, especially considering information such as this is often used in identity theft.
  4. Depending on your own personal preferences, you may or may not feel comfortable sharing your relationship status and religious and political views with complete strangers. And keep in mind, any setting besides “Only Friends” is just that – a stranger. While “Friends of Friends” sounds innocuous enough, it refers to everyone your friends have added as friends, a large group containing hundreds if not thousands of people you don’t know. All it takes is one less-than-selective friend in your network to give an unsavory person access to this information.

Read more from the New York Times article that discusses the Facebook settings that every user should be aware of. Be proactive about what you share on Facebook and protect your online privacy!

Order your copy of the Facebook Safety Survival Guide to make sure you and your children are protected online.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Detection-Fraud: 15 Signs You’re a Victim of Identity Theft!

Detection: Fraud and Identity Theft.

“Consumers are spending considerably more time on fraud Resolution, up to an average of 30 hours in 2008. This increase may be attributed to the increased sophistication of fraud schemes.”
–    2009 Identity Fraud Survey Report, Javelin Strategy & Research

Most cases of identity theft are discovered by the victim, which reinforces the importance of monitoring your various accounts for suspicious behavior. Here are a few of the most common warning signs for the detection of fraud, identity theft or data breach:

The Top 15 Ways Victims Detect Identity Theft

  1. You receive a data breach notice in the mail from a company you do business with.
  2. Your bills or statements are not arriving in your mail (or email) on time.
  3. You notice unauthorized charges on your credit card bill or debit card statement.
  4. You notice new accounts or erroneous information on your credit report.
  5. You are denied credit for a purchase.
  6. You receive credit card bills for cards you don’t own.
  7. You are contacted by a collection agency about an item you didn’t purchase.
  8. You receive bills for unknown purchases, rental agreements or services.
  9. Businesses won’t accept your check or credit card.
  10. You are unable to set up new banking, loan or brokerage accounts.
  11. You notice withdrawals on your checking, savings or brokerage account that you didn’t make.
  12. The checks listed on your bank statements don’t reconcile with those listed in your check register. Many times these checks are made out to “Cash.”
  13. You notice a downward trend in benefits on your Annual Social Security Statement.
  14. The police show up at your door.
  15. A subpoena to appear in court arrives in the mail.

According to Javelin Strategy & Research, over the past 3 years, stolen data being used in less than one week jumped from 33% to 71%.  Identity thieves count on our lackadaisical attitude toward monitoring our wealth. Remember, actively monitoring your accounts, credit reports, and other identity documents is the best strategy to catch identity theft in its earliest stages, before it becomes a problem.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Discover and Recover Quickly from Identity Theft in 2010

Picture 16

Since you can’t protect yourself 100% from identity theft, make sure that you Monitor the Signs! Heading into a new year people make many resolutions that they may or make not stick with, but protecting your identity should always be a top priority. Here are 3 effective tips to help discover and recover quickly if you become the victim of identity theft:

  1. Create a Dossier – A dossier is a collection of documents that are stored in a fire-safe and that you regularly review and update. It is a paper summary of your identity as the outside world sees it (businesses, organizations and governments). It is made up of several key documents: your credit report, bank and credit card statements, Social Security statement, wallet photocopies and your password list. Virtually any of your vital documents could be included in your dossier as well (birth certificates, marriage licenses, etc.). A dossier is a place where you can quickly access a complete record of your vital information in case your identity is stolen and you will have the necessary account and phone numbers at hand to cancel credit cards, bank accounts and to file credit disputes. And you can do it quickly.
  2. Order and Monitor Your Credit Report and Set up regular calendar reminders every 4 months for your next Credit Report. A credit report is a historical record of how you pay off money you borrow from others. There are currently three main credit bureaus in the United States—Equifax, Experian and TransUnion. Credit bureaus track your credit history, generate credit scores and produce credit reports—all for sale to other businesses. If you own a home, have a credit card, lease a car, or apply for or use credit of any sort, this information is reported to one, two or all three of these credit bureaus. In addition, they collect information on how timely you pay your bills, how often you are tardy, how frequently your credit is checked by companies and any changes of address, employment, or personal information. By monitoring these reports closely, you will know when someone else is using your credit file to their benefit. If an identity thief opens a new credit card or loan on your Social Security number, you will see it on your report. The quicker you spot the problem, the less trouble it will cause. You can also sign up for an Identity Monitoring Service and Identity Theft Insurance.
  3. Set up Account Alerts bank, credit card and investment accounts and make sure you check your monthly statements for any suspicious activity. Account alerts automatically notify you by email or text message (to your cell phone) when a transaction is made on your account. For example, if you make a purchase on your credit card, it will automatically send you an alert detailing how much was spent, where you spent it, and on what date. They will also alert you when a payment is due or is not received on time or when private information is changed on the account (often a sign of fraud). Alerts are a simple way to keep track of credit card usage, bank transfers, low account balances, investment moves and a handful of other helpful tasks without doing any extra work.

These 3 simple changes make a world of difference when it comes to protecting your Identity. Early detection will save you time and money in the long run. Make it a priority to protect your identity in 2010 for a safe, successful and headache free year!

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.