Sunday, August 22, 2010

Cash Only Restaurants

Many times I've been asked how to reduce risk of Credit Card Fraud when paying your bill at a restaurant for lunch or dinner and I've replied, paying Cash is an option to consider.

Apparently, for other reasons, some restaurants are making this an easy option because as "Eateries go cash-only," "Plastic's now off the menu."

Saturday, August 21, 2010

12 Character Super Passwords

The 12-character era of online security is upon us as summarized in this article summarizing this published case study from the Georgia Tech Research Institute.

A quick search online let me find a whole list of 12 character words and I came up with this example, which I will never use, but it is an example of a 12 character, alphanumeric word with a special character:

Thursday, August 19, 2010

Facebook location tool

Facebook has a lot of issues. I will try to organize them but I have a search feature for this Blog and you can search on terms like "Facebook" and I'll continue to try to keep the best keywords in the Title.

But regarding the Facebook location tool...Google did something like this previously.

George Orwell may be rolling in his grave but it may be from hysterical fits of laughter.

Now Facebook will show your friends where you (or your GPS Phone) are.

So if I'm your friend on Facebook and you send me an email I can use Google to find your house by your email and Facebook to see if you are there or maybe 100 miles away.

I have another post about this issue that you should look at as well.

Wednesday, August 18, 2010

Former identity thieves confess the tactics

If you have been in one of my trainings as far back as 2006, then you know we have discussed most of these already. But it is good to see these 26 Tips again and the 10 Online tips link is a good review as well:

13 Things An Identity Thief Won't Tell You

13 More Things An Identity Thief Won't Tell You

10 Ways to Protect Yourself Online

Thursday, June 10, 2010

More records than people

I mentioned this recently at a speaking engagement so here is the documentation as promised.

There have now been more records compromised than there are people living in the country.

According to the U.S. Bureau of the Census, the resident population of the United States, projected to 06/10/10 at 13:52 UTC (EST+5) is

Scroll down to the bottom to get the current number of compromised records according to the Privacy Rights Clearinghouse, today it is 355,868,866.

Bank of America data stolen

Do you have a Bank of America account?

BofA call center worker pleads guilty to data theft

AT&T iPad data breach

Well, this didn't take long to happen:

iPad owners' e-mail addresses exposed

Wednesday, June 9, 2010

You may have heard this from me 3 years ago

Interesting but not new news, I have probably already alerted your staff to this issue if I trained them in the last 3 years (I know we covered it in one of my most recent trainings and a single parent was shocked to learn of these issues):

Financial abuses of deadbeat parents

NEW YORK ( -- For parents who've wrecked their own credit rating, cashing in on junior's clean financial history is increasingly tempting.

Sunday, May 30, 2010

Excellent Source - Your Identity News

My friend, John Public runs a site called Your Identity News which is an excellent resource for Identity Theft and Privacy News. I recommend it.

Honestly, a lot of what I post here, comes from there.

Thursday, May 20, 2010

Lifelock fined $12 Million for Deceptive Advertising

UPDATE 12.14.13
(the article is older I just added to my blog on 12.14.13 and previous posts are below)
This is too relevant not to share:

"LifeLock's Fraud-Alert Service Banned Forever in Settlement With Experian"
LifeLock, the ethics-bending, Tempe-based firm covered in two 2007 New Times feature articles, has been permanently banned from performing what used to be its most basic service.

The link to "permanently banned" takes you to this article by Patrick O'Grady

But here is an excerpt just in case "LifeLock Inc. and Experian Information Solutions Inc. have settled their lawsuit, and the agreement permanently blocks the original process LifeLock used to protect its clients."

I'm adding my first LifeLock post from Jan. 14, 2009 to the bottom of this one to keep all the info in one place.

I think this newspaper has written about Lifelock before. I even called a reporter once who did a story on them because, well, it was incredible that Phoenix/Arizona knew so much dirt about this company but that they were still advertising on TV and the Web so heavily, but here is another news item that should give anyone pause who may be a customer of Lifelock.

Some of the highlights of the several page article include fines from the FTC for False Advertising, the criminal history of the founder, and several examples of how Life Lock failed to prevent the Identity Theft of CEO Todd Davis:

In the interest of keeping all the Lifelock info on one post, here is another related article that has some good quotes, such as:
LifeLock did nothing to protect against or monitor misuse of existing financial accounts --- by far the biggest source of online identity theft.

...the FTC and states AGs may in fact have taken all of LifeLock’s cash on hand to settle the suit...

ADDED 12.14.13 this link to the FTC Press Release

Which includes this great quote "“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz."

Lifelock Issues (from earlier post Jan 14, 2009)
Here is citation for much of what I've heard about Lifelock, it is a good summary of what I've heard and read in my own research:
In the most recent class action, it alleges that Lifelock doesn’t protect it’s customers from all forms of identity theft. It also alleges that putting repetitive alerts on a credit report might hurt a person’s ability to get credit. Last but not least it alleges that Todd Davis — the CEO of Lifelock who plasters his own social security number all over the place as a marketing tool — has himself been an identity theft victim several times."

Tuesday, May 11, 2010

"more than 100 people were using the same Social Security number"

This article is a great discussion of the issue of Social Security Identity Theft and how it can tie into Financial and Character/Criminal ID theft, in multiple states and countries and why an attorney may be very useful:

Identity theft opens door to woes

South Florida teens among latest victims

The investigation began in 2007, when detectives discovered that more than 100 people were using the same Social Security number as a fugitive they were tracking. The number actually belonged to the Chicago teen. Ultimately, 27 workers across Florida were convicted in the case.,0,4948712.story?page=1

Monday, May 10, 2010

Change your Facebook Password

You should probably change your facebook password now if you haven't already done so because of this (apparently I posted this to my Facebook site but not this blog back on Apr 26) :

Kirllos is offering the user names and passwords of 1.5 million Facebook users for between $35 and $62.70 per 1000

Monday, April 26, 2010

Google and your MAC Address now with Street View

10.27.10, I've updated this article to include some recent news about Street View below.

Google CEO apparently has a total disregard for your privacy:

... have long desired the ability to cross reference the Mac address of a user's connection with their real identity and virtual identity, such as their Gmail or Facebook account.

... Google CEO Eric Schmidt recently said internet users shouldn't worry about privacy unless they have something to hide.

Update 10.27.10.
Here is a related article about Street View and how Google has appointed a "director of privacy" (a bit late I think) regarding after

Google announced that it had accidentally collected passwords, e-mails and other personal information from random Wi-Fi users while working on its Street View feature.

They go on to say

said employees will get enhanced privacy training during orientation, and starting in December, all employees will be required to take part in a security-awareness program.

Also a bit late I think, they have been required to have Privacy and Security Training since 2003. has a collection of articles on this topic here


I meant to post this earlier when I heard of it through a more direct source, but again, buyer beware it seems, and I may post more soon about Google and them showing your house online based on your computer's MAC address which is commonly tied to email and other online activity, but back to Blippy:

several credit card transactions shared on social networking site Blippy have been exposed -- with full credit card numbers included -- in Google search results.

Sunday, April 4, 2010

Free credit reports: not so free

As many of you know, I was telling you this at least two years ago:

As part of the new CARD Act of 2009, companies advertising free credit reports are now required to clearly disclose that what's being marketed isn't the free credit report you're entitled to receive by law. is the official site to help consumers to obtain their free credit report.

Fighting identity theft not a priority, report says

Apparently we need to be vigilant looking out for ourselves, as many of you know.

Ten million Americans a year are victims of identity theft. It's a growing problem in the United States, but fighting it doesn't appear to be a priority, a new report says.

Friday, March 19, 2010

Medical Information Bureau (MIB)

If you have a Medical Identity Theft issue, you may need to contact the MIB about your records. Information on how to do that is here on their website where they describe themselves and their mission:

Dead but not because of Identity Theft

This is not an Identity Theft article but it could have been. I have met and trained people who were listed as Deceased on their credit reports. A dead person can be a good target for an Identity Thief.

Being dead can be a real drag, especially if you're alive.

Just ask Doris Temple, 85, a Navy veteran who learned in January that the government had declared her deceased. Strongly suspecting an error, she protested, but not before she lost her health insurance and thousands of dollars in income - Social Security benefits as well as private insurance and pension payments.

Friday, March 5, 2010

Identity Theft is a very complex issue

This is an excellent article illuminating the complexity of the Identity Theft Issue although that is not the primarly focus of the article:

Some interesting quotes:

...the whole get-the-bad-guys effort, while it makes for good drama, is a futile way to secure the Internet, some computer security experts say.
...On Wednesday, Spanish authorities announced the arrests of three men in connection with a "botnet" network of nearly 13 million infected computers, which is believed to be one of the largest in the world. The infected network, called Mariposa, or "butterfly" in Spanish, was used to steal financial or personal information from people in at least 190 countries.

...The people who actually write these programs -- the keys to cybercrime -- are almost impossible to catch and prosecute....

...Lindner said it's unclear if the authors of malicious code are doing anything illegal.

..."The U.S. doesn't have jurisdiction on the [entire] planet Earth, so even if you can identify the author [of the malicious program], that doesn't give us the legal authority to get him, one, and two, it's not clear he's committing a crime," he said. "It's not illegal to write bad software. It's illegal to use it."

I'll end with this quote as it relates directly to the purpose of my blog and my profession
"The weak link in all this is still the user education," he said.
Feel free to contact me for information on protecting yourself, your company or your government agency. And please also share this blog address. Thank you.

Thursday, February 25, 2010

Informative ID Theft Websites

These two websites both have good information on them

Overview of the issue particularly as it relates to a company/employer

news video to supplement discussion of the issue and a product comparison chart

Wednesday, February 17, 2010

The government has your baby's DNA

The government has your baby's DNA

By Elizabeth Cohen, CNN Senior Medical Correspondent
February 4, 2010 9:11 a.m. EST

This looks like a very good citation for claims that the Government tracks people's DNA.

"..the Mankato, Minnesota, couple wondered how the doctor knew about Isabel's genes in the first place. After all, they'd never consented to genetic testing.

It's simple, the pediatrician answered: Newborn babies in the United States are routinely screened for a panel of genetic diseases. Since the testing is mandated by the government, it's often done without the parents' consent, according to Brad Therrell, director of the National Newborn Screening & Genetics Resource Center."

Saturday, February 13, 2010

Google Buzz Issues

Google Buzz has issues. Just an example of companies have a disturbing lack of concern for your privacy and the security of the data you give them to operate with.

For example, on this Buzz list, the people who EMAIL ME the most, including some solicitors (spammers) I just don't filter to Spam (mostly out of curiosity) are automatically on my default list. This is not a service to me at all. I ignore these emails mostly.

I will soon be ditching my Gmail account. I opened it because my 13 year old Yahoo mail was choked with Spam, but this may be worse. I'll go ahead and set up another webmail with a whitelist because I'm spoiled to being able to check my email in different locations.

I should take this opportunity to plug HUSHMAIL.COM I guess. I need become an affiliate of theirs. I'm not, but it seems to have a good, private, secure way to handle webmail and email in general.

This article has a good discussion and set of linked articles if you want to see what all the "Buzz" is about.

Saturday, January 16, 2010

Debit-Card and Gas Pump 'Skimming' Scams

If you have been to one of my classes in the past 2 years, this will sound very familiar. I highlight this scenario in most classes that I teach:

Be especially vigilant at gas stations, Litan says. "Gas pumps are notorious for skimming because they're produced by only a couple of different manufacturers, and if someone gets the key to one from a disgruntled employee, they can insert a skimming device inside the pump where it can't be seen," she says. She recommends using a credit card rather than a debit card when you fill your tank.

If you know someone who runs an business and would like to educate their staff, as you have been educated, contact me anytime.

Here is another article on this same topic and highlights the motivation for some of these crimes pretty clearly I think:

A bogus east Orange County trucking company was a front for an illegal business that stole credit-card numbers and diesel fuel that yielded an estimated daily profit of $10,000, the Sheriff's Office said Monday.


Welcome to my blog. The primary purpose of this Blog is to provide links to source material that I may have quoted in a presentation or training or researched in answer to a question I have been asked.

I hope this site helps you share this information with others and/or conduct your own research. Please contact me with any questions. Thank you for visiting.