People who have been victimized by identity theft often have a difficult time functioning as a result of their circumstance. Some deal with minor administrative annoyances whiles others suffer financial devastation and legal nightmares.

No one is immune to identity theft:

A woman contacted me who was previously a very successful real estate agent and the president of her local real estate group. She had climbed the ranks from sales to broker/owner and oversaw dozens of employees. A former boyfriend stole her Social Security number and his new girlfriend used it to assume her identity. Over the course of five years the ex-boyfriend and his new girlfriend traveled the world on stolen credit and destroyed the real estate agent’s ability to buy and sell property. Her real estate license was suspended and her life was turned upside down.

Awareness is key:

Do you carry your Social Security number or a Social Security card in your wallet? Do you provide this number to anyone who asks for it? The most commonly dispensed advice in response to these questions is: don’t carry the card and don’t give out the number. But in reality, there are many times when you have to use your Social Security number. Because this number is our primary identifier, we have to put it at risk constantly. Refusing to disclose your Social Security number under any circumstances is like refusing to eat because the food might be bad for you. There are always risks. The key is managing those risks and making smarter decisions.

Do you know what ATM skimming is? Have you seen a skimmer? Have you been phished? Would you know what a fraudulent auction looks like? Do you put your name on a “stop delivery list” when you travel? Do you know how to update the critical security patches in your computer’s operating system? Do you know if the doctor’s office your child just went to has done background checks on all the employees who handled your and your child’s Social Security number? Most people struggle to answer questions like these.

We live in a technologically dependant time and we rely on all these tools and modes of communication, and most people do not understand the risks. The good news is, I do. And McAfee does. And what we do is keep you informed of your options, so that you know how to protect yourself and your family.

The most important thing you can do right now is not worry about this stuff. But you do need to take some time to educate yourself.

Download McAfee’s eGuide,“What You Need to Know to Avoid Identity Theft.”

Take five minutes to assess your risk of identity theft. Fill out the Identity Theft Risk Assessment Tool to get your “risk profile.”

I’ve Been a Victim Too
In the mid ‘90s, my small business qualified for merchant status and began accepting Visa, MasterCard and American Express. Within weeks my business received its first fraudulent credit card order. Because the money was ultimately coming out of my pocket, I subsequently tracked the criminal down at home, and over the years I went on to investigate and expose many others who had targeted my business.

A Friend’s Story
Around the year 2000, a good friend’s identity was stolen. A woman had stolen her mail and used her personal information to open a charge card at a local retail chain. My friend got a phone call notifying her that $3000.00 in curtains were ready for pick up. At the time, identity theft was so new that law enforcement wasn’t sure how to respond. But after we found out where the curtains were supposed to end up, law enforcement checked on the address and discovered that the woman who lived there had 45 prior convictions for fraud. She was arrested and eventually prosecuted, but only received a one year suspended sentence.

My Life’s Mission
I knew then that identity theft was on its way to becoming a major ongoing threat. From the late 90’s up through the present I’ve witnessed the exploding growth of identity theft fueled by Internet access, the overuse and availability of Social Security numbers, the speed of technology outpacing that of security, and a fundamentally flawed system of identification.

Personal security has evolved beyond smash and grabs in the physical world to criminal hackers and identity thieves in the virtual world. This new breed of criminal is savvy and technologically proficient, and is able to find the holes and flaws in our existing systems. The rise of the identity thief has resulted in a global crisis, in which anyone can pose as anyone else, at any time, for any reason. From simple credit card fraud to an adult stealing a child’s identity or a terrorist using your data to enter the country, identity theft is as close as it gets to the perfect crime.

Robert Siciliano – Identity Theft Expert and McAfee Consultant on Security Insights Blog

A peer-to-peer, commonly abbreviated to P2P, is any distributed network architecture composed of participants that make a portion of their resources (such as processing power, disk storage or network bandwidth) directly available to other network participants, without the need for central coordination instances (such as servers or stable hosts).

In simple terms, P2P is software installed on your PC and others PCs that allows the sharing of data from each others computers.
Computerworld reports, “One of the more than 3,000 files discovered by the researchers was a spreadsheet containing insurance details, personally identifying information, physician names and diagnosis codes on more than 28,000 individuals. Another document contained similar data on more than 7,000 individuals. Many of the documents contained sensitive patient communications, treatment data, medical diagnoses and psychiatric evaluations. At least five files contained enough information to be classified as a major breach under current health-care breach notification rules.”

In my own research, digging through P2P networks, I’ve uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire families. I’ve found Christmas lists, love letters, private photos, videos, and just about anything else that can be saved as a digital file.

It’s no surprise data is still leaking. File sharing technologies are easier and more user friendly than ever. Faster broadband connections coupled with faster PCs and bigger hard drives make downloading files a snap. Insurance companies, doctor’s offices and hospitals all have computers and those computers are operated by people who like things that are free. Any bored employee who wants to listen to that song he heard on the way to work can simply download Limewire, eDonkey, BearShare, or any other P2P network. Within minutes, that song is on playing on the employee’s iPod, and his employer’s clients’ data is being shared with the world. This type of breech resulted in blueprints for President Obama’s private helicopter being leaked online.

The House Committee on Oversight and Government Reform has asked the Department of Justice and the FTC to help prevent illegal use of peer to peer networks, and in the same letter, asked what the government is doing to protect its citizens. But ultimately, it’s up to you to protect yourself.

Don’t install P2P software on your computer. If you aren’t sure whether a family member or employee may have installed P2P software, check for new, unfamiliar applications. A look at your “All Programs Menu” will show nearly every program on your computer. If you see one you don’t recognize, do an online search to see what it is you’ve found. You should also set administrative privileges to prevent the installation of new software without your knowledge.

If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.

The Smartcard Alliance has released an in-depth report called “Medical Identity Theft in Healthcare.”

Robert Siciliano, personal security adviser to Just Ask Gemalto, discusses Medical Identity Theft on CBS Early Show. (Disclosures)

Many single people have been turning to the Internet for dating services. You can meet someone with the same interests, hobbies, and lifestyle. Dating services allow you to browse profile pages to shop for a potential mate while chatting it up with potential dates. In the process you are selling yourself as they are deciding whether to buy. And like a car on a “pre-owned” lot that was recovered from the waters of hurricane Katrina, the truth is often suppressed. .

But what happens when you decide to meet someone and you begin to discover little white lies? Realize that little white lies are often a front for big darker lies.

What else is this person hiding? Are they married, have kids? Gone bankrupt, been arrested for violence? Or are they a registered sex offender? Are they unemployed when they said they have a job?

Sometimes the truth hurts and people innocently choose to adopt the “what they don’t know won’t hurt them” philosophy and simply don’t cough up the truth. Nothing good can come of this. This is why it is essential that you do your homework and find out as much about this person as possible to head off any potential heartaches.

Much of what you need to know about your new encounter can be found by doing a quick and easy background check. But don’t stop there. Google them, check out their Facebook page and dig as deep as you need to verify as much as possible to determine if their nose is growing.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. See him discussing Dating Security on E! True Hollywood Stories.

For more information see Intelius at Sex Offender Check and Date Check to reduce your chances of encountering a bad guy. (Disclosures)

When anything technology gets to the “normal stage” that’s also when scammers are well dug in. Scammers are usually much more ahead of the curve. When it was weird, they paid attention and the ones that had the foresight scammed, but when it was hot, they were figuring out all the different ways to pull the wool over their victim’s eyes and getting good at it. They ramped up and were beginning to perfect their craft.

Today, it’s a full time job for them. They know all the new scams and get better at revisiting the old ones.

Recently I signed up for a particular social network so nobody else would take my name. I was immediately contacted by a woman who enjoyed my profile on the social network. Problem was I hadn’t really set up my profile. But she liked it nonetheless.

So I responded “Thanks!” Then, she started to write me every day, and would put lots,and,lots of commas,in her sentances. Her spelling socked and HER capiTal leTTers were all,over,the,place. Plus,The spacing, of her,words was weird,and from experience,dealing with scsammers,overseas I could tell,she didn’t really,like,my,profile. She wasn’t really a she, But a he, probably named Zambabooboo.

After communicating with “her” for 2 days she was talking love and marriage. After 4 days she wanted desperately to see me. On the 7^th day she asked me for money for a plane ticket so she could come see me. I declined.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. See him discussing Safe Personal Dating on Tyra.

For more information see Intelius at Sex Offender Check and Date Check to reduce your chances of encountering a bad guy. (Disclosures)

Years ago, before my wife was my wife, she was traveling in Spain. She got off the plane, headed for the rental car terminal, rented her car, and drove off the lot. At the first stop sign, a man knocked on her passenger window and pointed, saying, “Tire, tire.” She put the car in park and walked over to the passenger side. The tire was fine and the man was gone. So she got back in the car and found that her purse had disappeared from the front seat. Her driver’s license, passport, cash, and credit cards were all gone. What a nightmare! When she went to the police, they asked, “Were you a victim of the flat tire scam?”

You’d think the rental car agency could have warned her. But the lesson here is that you cannot rely on others to protect you. You are ultimately responsible for your personal security.

Fortunately, she is a resourceful person and was able to handle the crisis quickly and efficiently. If your passport is ever lost or stolen in a foreign country, you can apply for an emergency replacement at the nearest embassy. Generally you’ll need to show up in person, and it helps to have a traveling companion to vouch for you. The embassy will need to see some type of verification of your identity, and they’ll likely request a copy of the police report.

When traveling, consider carrying your essential documents in a money belt or one that hangs from a lanyard around your neck, hidden under your shirt. You should always carry photocopies of your identification, but they won’t do you any good if they’re stored in the same purse that was just snatched from your rental car. One smart option is to scan all your pertinent documents in full color and upload them to a secure web-based encrypted digital vault. Some of these services are free, while others charge a small fee. In a pinch, you can download the necessary document from any computer with Internet access, and print a new copy.

For more information on coping with a lost or stolen password, see this list of frequently asked questions.

A lost or stolen credit card requires a different course of action, and its effectiveness largely depends on your preparation. Before traveling, call your card issuer and inquire about their policy for replacing a card. Pack a copy of your credit card that includes the front and back impression. If your credit card is lost or stolen, call the issuer and cancel the card as quickly as possible to mitigate any losses. In the best case scenario, the company should issue a replacement card and ship it overnight at no charge. Most card issuers will accommodate you, and if you find out ahead of time they won’t, find another card issuer.

In an emergency, you can always ask a friend or family member to wire you money. When a U.S. citizen encounters an emergency financial situation abroad, the Department of State’s Office of Overseas Citizens Services (OCS) can establish a trust account in the citizen’s name to forward funds overseas. Upon receipt of funds, OCS will transfer the money to the appropriate U.S. embassy or consulate for disbursement to the recipient. The State Department’s travel website offers more details on emergency money transfers.

And always be sure to carry some spare cash. Tuck it in that money belt so even if your purse or wallet is stolen, you’ll be in good shape.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses travel security on Fox News. (Disclosures)

You don’t need to own a house to become a victim of mortgage fraud. Heck, you don’t even need to be older than 3 to be a victim. As long as the thief has a Social Security number, they can apply for loans in your name.

Lexis-Nexis Mortgage Asset Research Institute in Chicago shows that the incidence of fraud in 2009 increased 7 percentage points over 2008’s levels. In 2008, fraud reports rose 26 percentage points from the previous year. The institute collects and provides data – suspicious-activities reports, or SARS – to subscribers, including mortgage lenders. If you want to compare numbers, there were 67,190 such reports collected in 2009, compared with 63,713 in 2008, and 46,717 in 2007. The 2009 increase was small, but officials say they believe a lot of scam artists are going high-tech.

Law enforcement activities surrounding mortgage fraud across the U.S. have resulted in the arrest of thousands, according to reports. The utility of Social Security numbers as a means to obtain credit fuels the pervasiveness of mortgage fraud.

Some of the most devastating instances of mortgage fraud involve identity theft. Consumers not only have to be leery of questionable mortgage lenders, but also of others who might buy a home in their name.

Data from the U.S. Treasury Department’s Financial Crimes Enforcement Network has revealed that instances of suspected mortgage fraud have risen by 1,000 percent over the past six to seven years, reported the article in thisisyourmoney.co.uk, which went on to say the FBI’s financial crimes section has seen an 800 percent increase in its case load since 2003.

The apparent spike in mortgage fraud reveals one more line of attack that thieves exploit to hijack the financial identities of consumers.

The results of a research investigation by the Federal Bureau of Investigation recently revealed an apparent, significant upward trend in the incidence of mortgage fraud. Furthermore, homeowners who have Home Equity Lines of Credit (HELOCs) are prime targets for financial fraud, suggested a related statement from the Identity Theft Assistance Center (ITAC).

The best way to combat the threat is to transform Social Security numbers into something useless to thieves, who use these universal identifiers to obtain financial identities. Social Security numbers’ de facto role as universal identifiers has fueled a massive increase in financial fraud—simply because these numbers allow criminals to assume others’ identities. Given the scope of financial fraud, which costs billions of dollars every year, consumers need a way to deprive thieves of the ability to gain access to someone else’s finances. They must implement measures that render those Social Security numbers useless to thieves.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)
Robert Siciliano Identity Theft Speaker discussing the Social Security numbers on Fox News.

Mobile Internet access and mobile service usage is growing rapidly and cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for innovation created by application developers and other content creators who are increasingly demanding more device access. As their requests grow in numbers and they distribute their products more widely, security breaches will be inevitable.

Mobile phones used to be bulky and cumbersome; they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Clearly, cell phones have evolved. Today’s mobile phone is a compute, that rivals many desktops and laptops being manufactured today. I’m continually blown away at the capabilities of my iPhone.

What makes Mobile phones vulnerable is the speed and advancement of technology and businesses continued demand for products and services that work on a phone. In other countries almost all banking is done on a phone.

Complicating matters is spyware. Spyware was created as a legitimate technology for PCs. Spyware tracks and records social network activities, online searches, chats, instant messages, emails sent and received, websites visited, keystrokes typed and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. As a virus, spyware on a PC or phone is an immediate compromise of that phone’s data.

When anti-virus vendors like McAfee introduce anti-malware solution to secure Android-based smartphones, then you know mobile phone hacking has gone mainstream. The McAfee® VirusScan® Mobile technology is available now for users of Android and Windows Mobile-based smartphones providers.

The scary part is mobile phone spying software is affordable and very powerful. I worked with Good Morning America (GMA) on this issue.

GMA found thousands of sites promoting cell phone spying software, boasting products to “catch cheating spouses,” “bug meeting rooms” or “track your kids.” Basic cell phone spying software costs as little as $50.“ Someone can easily install a spyware program on your phone that allows them to see every single thing you do all day long, via the phone’s video camera. GMA spent $350 to get the features that remotely activate speaker phones, intercept live calls and instantly notify you every time a call is made.

Not all spyware is bad. Certainly if you install spyware on your 12 year old daughters phone, it’s to monitor and protect her, but when installed unknowingly on a phone that’s used for mCommerce, or business applications, then there is cause to be concerned.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

There seems to be a groundswell of people who are anti-Facebook today.

Google “Facebook” and “Privacy” and 761,000,000, that’s seven hundred and sixty-one million results come up in a quarter second. WHY? BECAUSE THERE IS AN OBVIOUS ISSUE WITH FACEBOOK AND PRIVACY. The major issue here is not that Facebook isn’t private, it’s that some people want it to be private and its not and they can’t have their cake and eat it too. Privacy has always been a hotbed media grabbing issue that sells news too, so the few privacy pundits that there are, get all this attention by pointing the finger.

Mark Zuckerberg, Facebooks head dude said “people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.” Then he went on to say “that social norm is just something that has evolved over time.”

Nick Bilton a New York Times writer interviewed a Facebook employee and shortly after tweeted “Off record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.”

So if the head of an organization is telling you straight out, privacy isn’t really a concern, then why expect anything different? If you are about to book a cruise and you are told the captain of the ship likes to drink ALOT and he has a habit of hitting icebergs, would you get on the ship? If you don’t like the way things are done at Facebook either shut up or delete your profile.

I personally have no hard feelings towards Facebook, I also don’t share intimate details of my life and I understand the implications of the service. My angst is towards its users who say and do things that make themselves vulnerable to crime and online reputational disasters. Like Howard Stern’s dad used to say to him “I told you not to be stupid you moron.”

And now that politicians are stepping in and making a fuss, Facebook is now the new privacy battle ground. These same politicians won’t do anything or accomplish anything. They just love the attention. And with 400 million people on board, I think privacy is deader than dead, a rotting corpse that just smells bad and we will complain as long as the stink lingers. Openness and transparency along with sharing too much information is the norm. But that doesn’t exclude you from at least understanding the risks, taking some responsibility and being smart about how to use it.

Protect yourself:

Use URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave your networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

The FBI reported that last year, organized criminals made double what was reported in 2008. Phishing emails containing the name and logo of the FBI were one of the top money makers for scam artists.

Successful scams included auction scams where products were bought and paid for but product was not delivered. Advanced fee scams also topped the list.

Scammers will say and do anything to get a person to part with their money.

Never automatically trust over the phone or via the internet. Unless the business is one that is well established online; don’t ever send money that you can’t get back. Never send money in response to an email or a phone call or even a classified ad. Money orders and wiring money have less security than a credit card does.

Anytime the transaction involves wiring money, that’s a dead giveaway. In any virtual transaction, I’d suggest using a credit card, but not without first checking the legitimacy of the business or the individual. A quick scan online of a company, individual, or even the nature of a transaction can often provide enough information to make an informed decision.

Scareware was also a big player. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

The software is sometimes known as “AntiVirus2009” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Ransomeware on Fox Boston.