There is a New ID Theft Victim Every 2 Seconds

It’s not easy protecting your identity these days. According to a report from Javelin Strategy & Research, a new case of identity fraud occurred every two seconds in the U.S., in 2013.

idgraph

That’s a 33% increase over what was reported in the previous year’s Javelin report which calculated there was a new ID theft victim every 3 seconds in 2012.  That’s a shocking year-over-year increase, and 2014 doesn’t look any better.

So what is a consumer to do?

There is no single magic bullet. Instead, the best way to fight ID theft is to stay vigilant in all your actions – online and offline.

It means using a quality cross-shredder to destroy every piece of paper with sensitive personal or financial information every single time. It means keeping wallets, purses, bills, credit cards, Social Security cards, and any other sensitive material away from prying eyes – as up to 47% of U.S. identity theft victims each year can ‘thank’ family members, friends or someone else they know, for their plight. Learn more in What To Do When Your Identity Is Stolen By Someone You Know.

It means preventing malware on all your devices by ensuring you keep your security software up-to-date on every single internet-connected device. And, it requires understanding that security software alone is not enough to protect your devices; you also have to know how to identify spam, scams, malicious links, and dangerous attachments, so you don’t escort malware past your security defenses. Learn more in 11 Steps to Avoid Spam and Phishing Scams and How Scam Savvy are You? Smart Scammers Up the Ante.

It means always using strong, unique passwords and PINs for each account, and keeping this information private. Learn how in Password Perfect – Make Strong Passwords Every Time and 12 Steps to Stronger PINs. It includes restricting the number of accounts you create to those you actually need to minimize your risk of hacking. If you aren’t going to be a frequent user of a website, don’t create an account; just use the site as a ‘guest’. And, it means using a payment service like PayPal so that even if hackers break into the database of a company or organization with which you have an account, they won’t be able to access your financial information.

It means monitoring your bills, bank statements, and credit card expenditures at least monthly to check for suspicious or fraudulent charges and taking action immediately if something is wrong. And, it means proactively defending your credit by freezing your credit so that no new credit can be given without additional information and controls.

It also means managing the information you share online through social media, surveys, polls, quizzes, and contests, so that you keep sensitive information private. Think about it: if the ‘only’ information you share is your name, city, and birth date (‘today’s my birthday!’), a determined identity thief can look up your address, find your birth certificate, and look up the first and second sets of numbers on your Social Security card, and then the last four digits are not hard to hack, or find. To illustrate how quickly seemingly ‘harmless’ pieces of data expose highly sensitive data, look at how Social Security numbers are created:

socialsecgraph

SSNs have three sections; the first three numbers represent the state in which the SSN was issued (after 1972 they represent the zip code). Anything between 001-003 and before 1972 for example, is issued in New Hampshire.  The tables showing the mapping of location to these assigned numbers are public record. If I know where you were born, I know these digits.

The second set of numbers in the social Security String represents a specific window of time during which the number was generated, quickly identifying the age of the legitimate SSN recipient. If I know the year you were born, or your age, I know these digits.

The last four digits are the only random numbers – and ironically those are the ones you’re asked to provide most frequently.  Knowing how SSNs are created, criminals can easily hack the last four digits, but they can also likely find them online as most people share them so frequently.

Few consumers think through the sensitivity of, and the need to protect, information as seemingly harmless as email addresses, names, ages, locations, birth dates and their daily routines. Yet each piece of information, when combined with other seemingly harmless pieces of information can cause a great deal of damage. And this risk is compounded by the ever-increasing pool of ‘friends’ consumers accept into their social circle where they share even more information about themselves.

facebookfriendsgraph

In this newly released table by Edison Research, you can see that all but the 65+ age group increased the number of ‘friends’ they have on Facebook. It’s time for a reality check – 18-24 year olds do not have an average of 649 trusted friends who could be able to discover so much about them. I’d challenge the number of ‘friends’ that should have access to private information in every age group.

Yes, it is now a pain to protect your ID from theft, but the alternative isn’t nearly as pleasant. Identity theft protection services are a good tool to use, but nothing can replace your own caution and vigilance.

Frontier Does Not Turn Private Networks Into Public Hotspots

Hotspot The purpose of my blog has always been to deliver on one goal; helping you get the safety, security and privacy information you need to make clear, informed choices about protecting yourselves and your families online.

So in an unusual step, I want to address the great deal of concern consumers have about Comcast’s choice to turn their customer’s home modems into public WiFi hotspots.  While this behavior has been going on for some time, it was only last week that Comcast went past a ‘beta’ phase and formally announced it was turning “50,000 paying customer homes into public hotspots[i]” in the Houston area, and “the company says it’ll be in millions of homes across the country by the end of the year.[ii]

While some users are excited at the idea that wherever they are there is likely to be a hotspot available to them, others have real concerns about the security, privacy, cost, and bandwidth availability of this move. And for good reason.

The lack of consumer choice is disrespectful. Rather than allowing customers to opt into opening their homes to becoming hotspots, they are unilaterally making homes into hotspots and forcing customers to figure out how to opt out of this sharing if they don’t want to be a commercial hub for Comcast.

Customers have long been told there are bandwidth restraints that require throttling the speed in which you can download content. Now, Comcast is telling customers that having up to five additional users (as will be permitted by Comcast when they turn a home into a public hotspot) leveraging their network will not slow the home owner’s bandwidth.

There either are bandwidth issues or there aren’t. The position of saying there are bandwidth issues for you, but not if there are up to five additional users of your bandwidth, doesn’t pass the sniff test.  As one article described it:

 “The more curious bit is Comcast’s assertion that this public hotspot won’t slow down your residential connection — i.e. if you’re paying for 150Mbps of download bandwidth through the Extreme 150 package, you will still get 150Mbps, even if you have five people creepily parked up outside leeching free WiFi. This leads to an interesting question: If Xfinity hotspot users aren’t using your 150Mbps of bandwidth, whose bandwidth are they using?[iii]

Customer privacy and personal security may be impacted. Comcast has created and released an Xfinity WiFi app allowing subscribers to find hotspots that are nearby. If your home’s modem has been turned into a hotspot for others, Comcast will show it on their map.

Then there is the question of cost. Of course it makes financial sense to Comcast, but what about the financial burden added onto their customers? It’s their customers who get stuck paying for the electric bill associated with other’s freeloading on their network. It’s their customers who get stuck paying for the location of Comcast’s modems – as they ‘host’ these hotspots in their homes. Customers are stuck with the cost of renting the Comcast modems that will be used by others. Customers are stuck with the hookup fees – the costs of potentially needing to run the fiber connection from the junction box on the street into their homes. If it doesn’t sound reasonable to you, it’s because it isn’t.

Comcast customers don’t have to accept the new role being thrust upon them as a public WiFi service provider.  At the very least you can discover how to opt out of being used in this fashion – see how to disable the WiFi hotspot feature @ http://customer.comcast.com/ and click on the “Users & Preferences” section, or you can switch to providers that are more respectful of their customers.

Kelly

Threat Alert: Botnet Targets Consumers and Businesses, Siphons Funds, Passwords and Sensitive information

UntitledIn what is being called an “extremely sophisticated” cyber-attack suspected of having infected a quarter of a million computers in the United States, and up to a million computers worldwide, the Justice Department announced on Monday that it had taken control of servers used to control the GameOver Zeus botnet[i] and CryptoLocker ransomware[ii].

Continue reading

Take 6 Steps to protect yourself in the wake of the Heartbleed bug

heartbleedThe general advice to consumers in the aftermath of the Heartbleed bug, a serious flaw, discovered in a piece of code (OpenSSL), has been to “log off of all your online accounts, then change your passwords … but only after you know the sites you use have fixed the security flaw.” This begs the question of “how am I supposed to know if the site has been updated with the fix?”
Continue reading

Don’t Let ‘Heartbleed’ Give You Heartache

heartbleedBy now, you’ve probably heard of the “Heartbleed bug”, or serious flaw, discovered in a piece of code (OpenSSL) designed to provide secure access to websites and used by at least 66% of internet sites[i].  Some security researchers even call Heartbleed the biggest web security threat ever.

The flaw allows hackers to steal the very information that the cryptographic security code was designed to protect – including “the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content [being sent]. This allows attackers to eavesdrop on communications, steal data directly from services and users and impersonate services and users” according to the Heartbleed.com website.
Continue reading

Protect Your Children from ID Theft

UntitledDid you know your child’s identity may be stolen even before they’re born? And, the likelihood that a child or teen’s identity has been, or will be, stolen before they reach adulthood is rising dramatically – it’s the fastest growing segment of ID theft in the U.S. Some estimates suggest that children are up to 51 times more likely to be a victim of identity theft[i].

Continue reading

Guess What? It Turns out We Can’t Walk and Talk at the Same Time

123The old insult, ‘that guy can’t even walk and talk at the same time’, may be closer to the truth than we might feel comfortable with in the digital age.

We’ve all had the experience of unavoidably hearing someone’s cellphone call, sometimes where very sensitive or embarrassing information is shared.

Then recently we learned from the National Safety Council that cellphone-related car crashes is among the top causes of fatal injury in the United States, particularly among teens. According to the report, “Young people are dying in crashes that appear to be related to cellphones and other distractions — not alcohol or drugs.” Continue reading

4 Data Security Questions to Ask Your Tax Accountant

One of the few people who will ever have complete access to all of your most sensitive personal information is your tax preparer.

And identity thieves know it.Untitled123

They know that the data stored by tax preparers about you and your family will be the freshest, most profitable, and some of the most sought after data in the world.

It is easy for someone to set up a website and claim they’re a tax expert open for business.  It’s also easy for them to create a bunch of fake recommendations to sprinkle though their site to beef up your comfort level. With this in mind, before you choose new tax accountant or preparer, it pays to do your research. Check them out with the Better Business Bureau, or ask friends who they use and recommend. Continue reading

Internet Companies Really DO NOT Need to Know Who You Are

It seems that no matter what website or web service you visit, you’re asked to register; some sites won’t even let you in without first registering. And I’m not even talking about subscription sites.Untitled

It’s easy to understand why companies generally want as much of your information as they can convince you to give them, as this allows them to make the most money. But, every consumer needs to ask whether providing personal information of any kind is:

a)     actually needed by the service or webpage to provide you with a good experience,

b)     will provide you a tangible benefit, and

c)     worth the increased risk of identity theft or data abuse Continue reading