Friday, June 19, 2015

How Cybersecurity and Privacy Affect Us All

Data security is a hot topic these days, and with good reason. Whether it’s news of the latest corporate data breach, hackers in foreign countries, or legislation aimed at protecting citizens’ privacy, we’re living in a world that is clamoring to keep up with the technology… and with criminals.

But while we wait for the government to take action and the business world to catch up, there’s no reason we can’t take action ourselves. Cybersecurity all starts with the behaviors that fuel your online activity, and with the right attention to what you share, you can protect yourself from a lot of the threats.

  1. Oversharing – One of the most common culprits in cybercrimes can be oversharing. Whether it’s giving out too much of your personal data to entities that don’t really need it, or posting far too many pieces of your privacy puzzle on social media, oversharing gives criminals the information they need to connect the dots and steal your identity.

    Whenever you’re asked for your personal information, ask yourself why the entity needs it and what they plan to do with it. Have you paid attention to how many stores now ask for an email address when you go to checkout at the register? Of course, they’re collecting it for marketing purposes, and truthfully, if you already shop there, you might actually want to receive updates and coupons. But another option is to go to the company’s website yourself and sign up to receive these emails. You’re not risking others overhearing you, and you’ll know where you entered your data. That kind of defensive habit can make you stop and think about who you give your data to.

    Online, are you giving out more information than strangers need to see? One of the more common social media mistakes for female Facebook users is to post their maiden names, as in “Jane Turner Smith.” This is obviously so friends who knew her as Jane Turner can find her. But when that information is coupled with the common practice of posting news and photos from your child’s birthday—“My little boy turned six today! He’s growing up so fast!”—you just provided the entire internet with your son’s birthdate and his mother’s maiden name. The pieces of his identity are coming together, all because you gave out information that people really don’t need to have.

  2. Securing your network – Whether it’s from home, on the road, or from a mobile device, are you accessing sensitive information like your bank account over an unsecured Wi-Fi network? Once you’ve accessed that account, are you logging out completely and closing your browser? Or did you just go to a different webpage and continue surfing the web?

    If you don’t know the network you’re on, don’t use sensitive accounts. Even your email account can be under threat from a hacker. If a cyber thief accesses your email account and then changes the password, he can lock you out of your email; from there, he goes to all of your accounts, simply clicks “forgot my password” to receive the email to reset it, and changes your Amazon account, your banking account, your credit card account… and you can’t stop him. You may not even realize he’s done it until it’s too late.

  3. Monitoring your statements – Many of us receive paperless statements now from a variety of sources, and it can be easy to overlook them. They’re sitting safely in our inboxes, right? But there are couple of problems there, too.

    First, if a thief accesses your email, then those statements contain a lot of information. You need to monitor them, look them over carefully, and destroy them securely, just as you would if they’d been mailed to your house. If you do need them later, download them to your computer and save them on an external hard drive to keep prying eyes away.

    But while you’re monitoring any incoming statements, make sure you’re looking for suspicious activity. This holds true for any kind of statement or report, not just your bank or credit card statement. Check your utility bills to make sure someone hasn’t opened up a utility account somewhere else. Check your tax and medical statements to make sure you’re the only one using your identity. And finally, check that credit report throughout the year to make sure nothing funny is going on in your name.

It may seem time consuming to protect yourself, especially if you can’t rely on others to protect your data for you. But by developing good overall habits with regards to your personal information, you can do a lot to keep yourself from becoming a victim of a cybercrime.

Monday, May 11, 2015

FTC to examine privacy issues with 'cross-device tracking'

By Mark Pribish
Vice President and ID Theft Practice Leader

Imagine a private investigator watching your every move and listening along the way as you go about your daily activities. Welcome to "cross-device tracking," the digital investigation and tracking of our entire online lives, from social media to general Web searches, regardless of the device or platform used.

Nearly every time you use the Internet from laptops, smartphones, tablets and wearable devices that interact with applications, platforms, publishers, and software, you are being tracked by advertising and marketing companies. This is called cross-device tracking.

It's almost impossible to protect your privacy as a consumer when businesses are targeting you for marketing and advertising purposes, whether you are using multiple devices or not.

The Federal Trade Commission has taken notice. It announced last week that it is going to examine privacy issues related to advertising and marketing companies that track consumers across devices connected to the Internet.

In the simplest of terms, this tracking is done by researching consumers' search engine habits and then customizing a marketer's value proposition for each one.

Big data (as in database research, analytics and marketing) has been going on for decades. One example of big data is the use of cookies, in which marketers target potential customers by tracking their browsing habits, including sites visited, age, marital status and political and religious affiliations.

The beauty of cookie tracking is that it's not limited to when a consumer is on a particular site but throughout the entire time a consumer is browsing. This means that marketers now can direct offers and advertisements that are specific enough to motivate a product purchase.

The FTC is soliciting public comments on these questions:

  • What are the different types of cross-device tracking, how do they work, and what are they used for?
  • What types of information and benefits do companies gain from using these technologies?
  • What benefits do consumers derive from the use of these technologies?
  • What are the privacy and security risks associated with the use of these technologies?
  • How can companies make their tracking more transparent and give consumers greater control over it?
  • Do current industry self-regulatory programs apply to different cross-device- tracking techniques?

Your comments can be submitted online via the following link:

The FTC will use your responses to examine the privacy issues and security risks created by the use of cross-device tracking.

Digital private investigators are watching your every online move. Let your voice be heard by submitting your comments to the FTC on cross-device tracking.

Tuesday, March 24, 2015

Understanding Social Media Identity Theft

Despite the critics who fear that social media sites like Facebook, Twitter, Instagram, and others is making us less connected and less a part of live interactions, the internet really is a great tool for connecting people around the world. Whether it’s catching up with high school friends who’ve moved away or joining an online group who shares a common hobby, career, or interest, the internet is helping us find and engage with people we might have otherwise never met. Social media in a business setting is gaining more popularity, and with that, the opportunity to become a victim of identity theft is rising as well. The potential for compromising your identity is very real, especially if you’re not taking steps to protect it fully.

Even if you have the highest privacy settings set on your social media accounts such as people who aren’t on your friends’ list not being able to see your Facebook posts that doesn’t stop your approved friends from sharing your content. Even if they literally cut and pasted the picture you just posted, they can share it with all of their friends, who can share it with their friends, and so on. Think of every post you make online whether it’s pictures, birthday announcements, or any other kind of personal sentiment, you have no idea where it may spread next.

So does that mean you should never post anything? Of course not. But it does mean that you have to be careful about what content you post, and make sure that it’s only content you wouldn’t mind ending up in millions of strangers’ inboxes.

Another concern about social media involves posts that you see. Whether it is funny questions, online quizzes, or shared articles, many of them are gathering your information. The strange thing is it is information you willingly provided in order to participate. Make sure you stop and ask yourself who is receiving your information and what harm could they possibly do with it before you click.

If you have the highest privacy settings and you behave online in a very safe way, you’re 100% protected, right? Not necessarily. A thief or hacker can still gain enough information about you to take over your accounts and post content pretending to be yours. Even worse, they can create whole new accounts that look like you or your business, only instead of posting your content they’re used to smear your professional reputation, damage your relationships, or otherwise harm you.

Finally, there are a number of scams that are perpetrated on social media platforms. You may not be clicking on content, but what about the messages you receive? If someone reaches out to you through social media and begins a discussion, never share your personal information. This may seem like a harmless interaction, but scammers are adept at confusing people enough to gather the relevant information necessary to steal an identity – your name, location, age, and pet’s name can be enough to break through password security protocol’s and access email, online banking, and files on your business’s server. This is a heartless crime, but a reality. Scammers are using the internet disarm you enough to gather the information they need, and then leave you confused and unsure of what happened.

In order to keep yourself as safe as possible online, remember some basic guidelines. Ensure that you’re using strong, unique passwords on all of your online accounts in order to keep hackers from gaining access. Be sure that the content you post isn’t anything you wouldn’t want shared across the internet. The ITRC will be co-hosting a Twitter chat on April 2nd with Merchants Information Solutions, Inc. and the Better Business Bureau, sharing more information on social media identity theft.

Thursday, February 19, 2015

Tax Season Theft & Fraud

Tax season seems to be one of the most stressful times of the year. Not only is there a lot of paperwork to prepare, but now we have the added fears of fraud and identity theft. This year, we’ve already seen a significant increase in fraudulent filings, and tax identity theft is one of the most difficult to detect. Usually, the only way you know a crime has been committed is when you attempt to file a legitimate tax return. Instead of receiving anticipated refunds, though, you receive a notice that a return has already been filed under your Social Security number.

In 2014, 34% of calls to the Identity Theft Resource Center involved government identity theft. This is a very specific type of identity theft, as it can encompass any scenario involving using someone’s information to gain government services, benefits, or filings. This type of crime can be anything related to government-overseen services, such as filing a fraudulent tax return with a stolen Social Security number, trying to get a job using someone else’s information, applying for any kind of government issued benefits, and more.

Like most forms of identity theft, you usually have no immediate way of knowing it occurred, giving the thieves a quiet head start. But unlike financial identity theft in which you receive a suspicious-looking account statement within a month or two, government identity theft can remain undiscovered until such time as you file for benefits or file your tax return, and you only learn about it months or even years after your data was stolen.

There are a few steps that consumers can take to reduce the risk of tax identity theft. The first step in limiting any kind of identity theft is always to safeguard your information as much as you can, while the next step is to be on the lookout for any unusual activity. Your Social Security statement, any medical statements or benefits reports, and even your annual W-2s can show you that someone is using your information for fraudulent purposes, but you have to stay on top of it in order to be aware. Report any strange activity immediately by contacting the Social Security office, the IRS’s fraud investigation department, or other pertinent government agencies.

Next, file your tax return as early as possible. Now is the time to begin gathering your necessary paperwork and filing documents so that you can submit your return as soon as possible, beating a thief to the punch. If you wait until the filing deadline and then discover that another claim has been filed under your Social Security Number, it becomes your burden to prove that the scammer is not, in fact, you. Not only is this a major problem to deal with, but if you count on the refund as part of your income, the delay will affect your ability to pay bills and routine expenses.

If you suspect that someone has fraudulently filed a return using your information, you can contact the IRS directly to report the crime by filling out Form 14039, Identity Theft Affidavit. You can also contact the IRS’s Identity Protection Specialized Unit for assistance.

15 tips to reduce your risk of ID theft

By Mark Pribish
Vice President and ID Theft Practice Leader

Whether you are a consumer or a small-business owner planning for a great 2015, help yourself by taking charge of your cybersecurity and personal privacy to reduce your risk of becoming an ID-theft victim.

Don't let the near-constant data breach news lull you into "breach fatigue" and therefore be unprepared when ID theft hits you or your business.

To help you reduce your exposure to and the impact of ID theft, here are "Mark's 15 Most Important ID-Theft Need-to-Knows":

  • Small businesses that ignore the big threat of a data breach are a bigger target for ID-theft criminals.
  • Businesses need to understand that a data breach is inevitable. Your business profits, brand, and reputation depend on your data-breach response plan.
  • You cannot stop identity theft and data breaches. Defend yourself or your business by increasing ID-theft awareness, ongoing education and taking actions to further protect yourself.
  • Create a data-breach response plan to safeguard your business against the insider threat by conducting pre-employment background screening, regularly testing your business and information-security access controls and regularly reviewing your data-retention policy.
  • Cyberinsurance may be a good option to help your business minimize today's cyber-risks. Work with your insurance broker to determine your cyber-risks and the best coverage for your organization.
 Personal privacy:
  • Ignorance is not bliss when it comes to privacy settings and social media sites.
  • Be more vigilant and hands-on with your personal-privacy settings and be aware that most apps lack basic security defenses and create some sort of a privacy issue.
  • Stop ignoring terms and conditions. Read, understand and use privacy settings and be diligent about your social networking. Beware of fake accounts, unless you want to be a partner in your own identity theft.
  • Protect your vehicle documents as if they were cash and regularly check for unusual activities after purchasing a vehicle or after it's been in the possession of others.
  • You need to read and understand the privacy policies of every organization you have a relationship with to know how your information is protected, saved, analyzed, sold and/or disclosed.
Identity theft:
  • Assume you will be an ID-theft victim, even as you do more to protect yourself and are vigilant with all of your personal information.
  • Synthetic-identity theft and fraud is an emerging threat as well. Check your credit-bureau report quarterly at no cost through
  • When you swipe your credit or debit card, there is always a risk of giving ID-theft criminals what they need to steal your money through what is known as "skimming" – when criminals install electronic devices at locations at which we use cards, such as an ATM, a grocery store or a gas pump.
  • While no password is "unbreakable," don't make it easy for ID-theft criminals by using weak passwords, or the same passwords.
  • The best defense against phishing is to be aware that it happens every day. Assume you're being "phished" until you verify the source of an unexpected e-mail or call.

Mark's most important: ID-theft criminals are ramping up for 2015. Make sure you know what you need to know to reduce your risk of ID theft.

Tuesday, January 27, 2015

ID theft criminals love tax season

By Mark Pribish
Vice President and ID Theft Practice Leader
Internal Revenue Service officials aren't the only ones excited about taxpayer season — ID-theft criminals are, too, because it's one of their most lucrative windows of opportunity each year.

Tax filing season begins soon, and to help you protect yourself and your family, this week's column is focused on guidance and caution in filing taxes, selecting a preparation service and increasing your awareness of IRS-related scams to guard against identity theft.

Since 2008, the IRS has struggled to curb taxpayer identity theft and refund fraud, with more than 1.2 million tax-related identity theft incidents.

A September 2014 General Accounting Office report stated that the IRS paid $5.2 billion in refunds based on fraudulent tax returns in 2013.

Also in 2013, nearly one-third of all ID-theft complaints pertained to taxes or wages.
Identity-theft criminals steal Social Security numbers and taxpayer-related information to file fraudulent tax returns and to steal refunds. When you, the real taxpayer, files, your refund will not be paid until the IRS resolves your individual case, potentially delaying your refund for up to a year or more.

First, ID-theft criminals know a large number of tax-filing documents from employers, financial institutions, financial-services firms, health-care providers and insurance companies often are sent via the U.S. Post Office and/or e-mail.

Thus identity-theft criminals will try to steal your personal information from the U.S. Post Office, your mailbox or by hacking into your personal and business e-mail accounts. Stay vigilant on how and when you receive your tax documents.

Second, research your tax preparer for any negative past history, as there have been numerous news stories of tax preparers being convicted of stealing tax refunds using stolen identities.

Think about it. We give our tax preparer our most personal information, including our Social Security number and those of our family members. Your preparer knows about your financial assets, your bank-account information, information about your kids and even your marital status – so be vigilant on who you trust to do your taxes.

If you believe you are an ID-theft victim or are at risk of becoming an ID theft victim, you can take the following action:
  • Contact the IRS Identity Theft Division at 800-908-4490.

Wednesday, April 30, 2014

Secret consumer scores threaten privacy and increase risks for ID theft victims

By Mark Pribish
Vice President and ID Theft Practice Leader

When it comes to ID Theft and data breach, most people only think about financial ID theft and their credit scores.

According to a new report released last month by the World Privacy Forum (WPF) - a public-interest research group with a focus on privacy and the data broker industry - consumers may want to learn more about their "secret consumer scores."

Consumer scoring, while not new, has increased in size and scope due to big data and technology. At the same time, consumer scoring is "largely unregulated either by the Fair Credit Reporting Act or the Equal Credit Opportunity Act where thousands of pieces of information about consumers' pasts predict how they will behave in the future."

The WPF report continues by stating "the scores are typically secret in some way. The existence of the score itself, its uses, the underlying factors, data sources, or even the score range may be hidden. Consumer scores with secret factors, secret sources, and secret algorithms can be obnoxious, unaccountable, untrustworthy, and unauditable. Secret scores can be wrong, but no one may be able to find out that they are wrong or what the truth is."

This is important to know because "victims of identity theft may be at particular risk for harm because of inaccurate consumer scores," according to the report.

In fairness to financial institutions, retailers and other users of consumer scoring - some of these consumer reports provide benefits that can help individual consumers.

For example, the idea of individual consumer modeling, in which retailers and creditors try to identify and separate profitable customers from unprofitable customers - along with predicting purchasing patterns and customer loyalty - can help consumers save money through discounted pricing and targeted sales.

Another example is the transaction score which is used to identify fraudulent credit/debit card use based on your regular credit/debit card buying habits, including the average dollar amount of each transaction, type of transaction and transaction location. If your transaction amount, type and/or location creates a red flag like using your debit card in China, your debit card company might decline future activity until they have spoken directly with you to confirm your travel to China or your debit card is being fraudulently used.

To conclude, here are some additional examples of consumer scores:

  • Attrition risk score is a retention tool to help retain existing customers
  • Bankruptcy score that measures the likelihood of your declaring bankruptcy
  • Behavior score where good or bad behavior motivates the retailer or creditor to a specific action
  • Churn score where many companies, such as wireless carriers and cable companies, create scores that predict how likely you are to take your business to a competitor
  • Collection score determines which delinquent customer will pay off their past due amount
  • Consumer profitability score predicts how quickly you will pay your debts
  • Job security score where employment and unemployment data, economic trends and forecasts predict the probability that you will lose your job
  • Medication adherence score predicts your likelihood of following a prescription plan and your doctor's orders
  • Response model score can help a retailer anticipate purchasing patterns, enhance the customer experience, and cross-sell new products/services
  • Revenue Score can predict how much revenue and profit will be generated through each customer

Not all consumer scores are bad. Consumer scoring offers benefits to both users and consumers. But regulators like the FTC need to make consumer scores public and transparent to the consumer.