Grandma and Grandpa are vulnerable to many strains of financial crime, but not because they’re senile or clueless. Quite the opposite really.

According to a 2011 report from the U.S. Department of Justice’s Bureau of Justice Statistics, identity theft is rising among those ages 50 and up. Identity thieves target seniors for selfish financial reasons and their motives are quite clear.

Do you remember the famous quote by the notorious bank robber Willie Sutton? When asked why he robbed banks he answered “Because that’s where the money is!”

Not only are seniors more likely to enjoy the  peace of mind that comes with financial stability, they are also more likely to have better credit, higher credit limits, more cash in savings and the luxury of home ownership and equity. It all adds up to an attractive lure in the eyes of the ever-watchful criminal underworld.

Those familiar with schemes such as “The Grandparents Scam” are aware of the tactics often used in this kind of fraud. Predators call by phone pretending to be caregivers for supposedly sick or injured grand-kids in need of “emergency funds”. The caller says that your loved one needs to pay for emergency medical or legal bills due to any an injury or accident.  Check and double-check before sending emergency funds to those seeking assistance and using time and emotions as the pressure points.

The AARP crowd (yes I’m now a part of this crowd) gets targeted and fleeced because “That’s where the money is!” Medical fraud is an area where seniors remain highly vulnerable due to more doctor visits and trips to the pharmacy. Medical record keeping is not keeping pace with the privacy needs of an aging U.S. population.

In addition to the volumes of medical and financial data we must protect, the complexity of Medicare and health insurance questionnaires and forms leaves many folks weary when sharing non-public personal information with healthcare providers. “Form fatigue” is wearing us down.

We’re weary when we should be wary.

Last week, MasterCard and VISA rang the alarm bell to warn banks and credit unions across the country about a new data breach discovered in March.

It seems that Atlanta-based credit card processor Global Payments Inc. has been the victim of a potentially significant data breach, reminiscent of the Heartland Payment Systems breach in 2009.

The size and scope remain to be seen in comparison to that of earlier massive breaches. Heartland’s breach reportedly exposed in excess of 130 million accounts, while the Global Payments breach is estimated (by company officials) to involve about 1.5 million accounts.

Global Payments Chairman and Chief Executive Paul Garcia says his company is ” working around the clock literally”, to get back into good standing with VISA, who removed the card processing company from their list of approved vendors.

Security experts warn that this breach is a reminder that no single layer of protection is sufficient to keep data safe from today’s most determined and sophisticated financial criminals. It is also sobering to keep in mind that many intruders are insiders who may already have full-access to consumer’s so-called KBA (knowledge-based authentication) secrets.

This means that those clever little questions you are often asked in order to “authenticate” your identity, do not by themselves provide sufficient protection of your data. In many cases, the bad guys already have your answers!

For companies to remain compliant with PCI (Payment Card Industry) standards, multiple layers must be in place to defend against determined fraudsters. We trust that the vendors who hold our data are doing all they can to protect it. It bears repeating that TRUST is the new currency for those looking to buy financial peace of mind.

How can you protect yourself as a consumer? Here are 3 ways.

1. Examine you monthly credit card statement for even the smallest irregularities and report them immediately.
2. Check your personal credit report for free year-round, by staggering requests every 4 months at: http://www.annualcreditreport.com
3. Visit VISA’s fraud prevention website for tips and insight at: http://www.visasecuritysense.com

Fighting fraud is a winding road. By remaining informed and vigilant, you can put up a good defense at every turn.

Who do you trust with YOUR data?

Dale Penn is an Identity Theft Speaker and author of the award-winning book Identity Theft Secrets: Exposing The Tricks Of The Trade.
Follow him on Twitter: @dalepenn

I can’t recall if it was high school science class or later in life that I learned the health benefits of sexual abstinence before marriage.

“Wait, what do STD’s have to do with my private data?” Here is the connection.

The safety message to my generation was a stern warning and more than a few follow-up reminders that if we engaged in pre-marital relations, we were being physically linked to every person our partner had ever been with and so on and so on. Get the picture? And so on…..

The safety message in our digitally wired, overly connected world is that the financial institutions, internet providers, cell providers and other merchants we do business with are presumed to be keeping our data safe.

Despite our safety assumptions we are still “connected” to every other entity our vendors have done business with…despite their potentially nasty viruses, bad privacy-protection habits, corrupt employees and other menacing threats resulting from our mutual connectivity.

If you own a smart phone, a laptop, a Mac, a PC, a new iPad, a flash drive, a game console or just about any connected device, you’d better button up because you could easily catch more than a cold.

Even if you don’t own one of the devices just mentioned, guess where much your personal data resides? It resides on someone else’s device of course.

In an interview with the folks at Bank Info Security, The Identity Theft Resource Center reports:

“The main thing that we were seeing throughout 2011 were breaches that were occurring as a result of hacking and in 2011 that represented nearly 26 percent, which is a significant jump from 2010. The insider employee threat we consider to be malicious attacks, data on the move ( stolen laptops etc.) we consider to be accidental. Hacking is again malicious.”

The point here is that whether the attack is intentional or not, we are all vulnerable to the data-hygiene habits of those we “entrust” with our non-public private information.

The ITRC goes on to report that the business sector (when compared with the military, educational, government and medical sectors) makes up the majority of “victimized” data repositories.

Businesses that we all blindly trust, have the largest number of reported breach incidents. This is disturbing given the fact that the number of breaches which are actually reported, make up just a fraction of the actual data mishaps.

Again, the ITRC says that despite the mandated breach incident reporting laws in 47 states, we are only seeing the “tip of the iceberg” as far as reporting goes.

This is why it is essential we consumers monitor our credit reports year round, without relying on merchants to report potentially self-incriminating data breaches to us.

You can get a free copy of your credit report from the federally mandated website at: www.annualcreditreport.com

Remember that by staggering your requests for one report every few months, you can actually enjoy free uninhibited year-round updates whether you’re single or married.

And so on….

Pass these tips on to those you care about. Share this post!

Dale Penn is an award-winning Identity Theft Speaker, Author and Trainer.
Follow his regular updates on Twitter:@dalepenn

Ol’ Blue Eyes is back…. and he’s not Frank Sinatra.

In my last post, we discussed this wolf’s current barrage of savage and relentless attacks on private data repositories.

The crimes range from the theft of individual NPPI ( Non Public Personal Information), to raids on corporate data,  to the recent malicious hack into servers at the Central Intelligence Agency.

The culprits could basically be described and motivated in one of three ways:

• Criminal tricks – Thieves
• Juvenile kicks -  Hackers
• Rogue politics -  Enemies

We went on to look at the observations of two of the world’s leading privacy/security thought leaders (Bruce Schneier and Mikko Hypponen) discovering that they not only acknowledge the on-going war, but they are eager to explain the modus operandi  and general motivation that drives each of these blood-thirsty intruders.

Fast Company reported this week:

” The one thing no one is really able to explain is why cybercrime’s booming. According to a recent Norton study, cybercrime cost(s) the global economy (in both direct damage and lost productivity time) $388 billion in 2011–significantly more than the global black market for marijuana, cocaine, and heroin combined. Officials at the Department of Homeland Security have reported exponentially increasing demand for cybercrime assistance–something confirmed by this reporter in anecdotal discussions with online security experts.”

Based on a line of reasoning from the 2010 film The Social Network, I’ve concluded the following:

“Privacy may be a relic of the past, but trust is the commodity of the future.”
- Dale Penn

Who do you trust with your money, your mobile devices and data, your computer’s connection, your personal information and ultimately… your good name?

The U.S. is being targeted at the highest levels of our nation’s critical infrastructure. You’re a target too.

Sadly, there are at least three privacy snipers out there, who have our valuable data in their sights. You can choose to ignore them, deny them or avoid them; however they are relentless and they aren’t  planning on going away any time soon. Informed security experts clearly acknowledge this reality. We should too.

I recently watched two compelling TED.com talks given by security gurus Bruce Schneier and Mikko Hypponen. Their distinct messages and points of view shared a very common theme. Digital crime has emerged as one of our nation’s greatest security threats. These rogue attacks are neither diminishing, nor are they under control.

Bruce Schneier believes that our preconceived notions of security have lulled us to sleep. We believe that the hotels we trust, the food we eat, and the planes we board are safe. According to Schneier, that feeling of security bears little resemblance to actual security, we have just talked ourselves into believing that those activities are what he refers to as “models of safety”. Those models, Schneier says, are hard to dislodge. This thinking makes us more vulnerable to the tactics of relentless identity thieves and hackers.

Hypponen on the other hand, sees value in identifying the three types of online attackers who rule the digital underworld. They are:

1. Criminals worldwide, enriching themselves with trojans, viruses and botnets
2. Hacktivists, who punish political rivals for not complying with their “demands”
3. Nation-states, are governments with a political, military or judicial hacking agenda

Meanwhile, USA Today reported last week that the Central Intelligence Agency was infiltrated by hackers claiming to be affiliated with the hacktivist group Anonymous.
Another account of the C.I.A. hacking story from CNN,  seems to confirm one of our greatest concerns, that U.S. government sites remain vulnerable to outside attack.

In addition to protecting our personal, commercial and government interests, security experts like Hypponen, point to the vulnerability of the servers (PLC’s) that drive our nation’s critical infrastructure systems. Our nation’s power grid, utilities, transportation, communication, and military all depend on PLC’s  (programmable logic computers).

You can raise help raise your own privacy awareness level by reading this blog. Share this blog with others. Lets start a dialogue.

If the global scope of identity crime is on the upswing, raising your privacy awareness level seems like a logical next step don’t you think?

I have three quick questions for you to consider.

1.) Is a debit card your payment tool of choice?

2.) Is it financially irresponsible to use a credit card and incur fees and interest rates?

3.) Ask yourself: “How much am I responsible for if my card number is stolen and used, but I don’t report it promptly?”

In my book Identity Theft Secrets: Exposing The Tricks Of The Trade, I plead with readers to re-consider the dangers lurking in the shadows of the debit card jungle.

This week, an article at Bankrate.com convinced me that we need to re-examine the dangers of debit card dependency:

“Debit cards may look identical to credit cards, but there’s one key difference. With credit cards, users who spot fraudulent charges on their bill can simply decline the charges and not pay the bill.

On the other hand, debit cards draw money directly from your checking account, rather than from an intermediary such as a credit card company.

Because of that, even clear-cut cases of fraud where victims are protected from liability by consumer protection laws can cause significant hardship…“

I know the logic: “Who wants to pay another bill at the end of the month? I’ll just use my debit card and the funds come directly out of my account without generating another bill for me to pay.”

Some consumers proudly boast that they are practicing “good money management” by not using a credit card at all.  Admittedly in some cases, credit card debt can be crippling if it grows out of control.

Three Payment Card Tips You Should Know:

1.   Your money is SAFER when you use a credit card. Period.
2.  Check your monthly statement for unauthorized transactions, including small ones.
3.  Report suspected fraud and never tie a debit card to a large savings account.

The next time you “get carded” use a credit card, then pay it off. Don’t play electronic Russian Roulette with your savings.

Is this practical advice?  What do YOU think?

Google’s eye-catching twenty four hour “blackout” last Wednesday, protesting PIPA and SOPA sure got my attention.  How did it make you feel?

Watching sites like Wikipedia and Google go dark, reminded me of the media censorship I witnessed as a tourist in Asia a few years ago. Downright creepy.

Imagine not having online access to the information you need (assuming it is legal for you to own it). That’s the question we must face.

Do you and I have a right to freely acquire copyrighted content such as books, movies and music without paying?

Digital pirates think the status-quo is swell because the more we feast, the richer they get.

Law enforcement officials in New Zealand , in cooperation with the FBI, arrested the 38 year-old founder of one of the web’s largest file-sharing sites, also known as “file-sharing lockers” Megaupload on Wednesday.

The suspect, who had his name legally changed from Kim Schmitz to Kim Dotcom was in the middle of his own birthday bash when authorities raided his 25, 000 square foot home and took Mr. Dotcom into custody.

According to reports, the German national was found hiding in his “safe-room” clenching a shotgun. Officials noted that there were 18 luxury cars on the property, along with nine million dollars cash in U.S. currency.

The Wall Street Journal reported:

“Mr. Dotcom was charged with criminal copyright infringement and conspiracy to commit racketeering. The Federal Bureau of Investigation shut down his Hong Kong-based website, which it claims was used to pirate half a billion dollars worth of entertainment content.

The husky Mr. Dotcom is a kingpin in a little-exposed side of the Internet economy, who profited by tapping changes in technology, roiling the entertainment industry.”

Congressman Darrell Issa (R-California) has introduced a new bill called the OPEN Act (Online Protection and Enforcement of Digital Trade Act). The tech-giants seem to be embracing the bill, but Hollywood executives don’t think Rep. Issa’s bill goes far enough to protect their interests.

This battle is far from over, but at the end of the day one thing’s for sure.

Someone’s going to be walking the plank soon.

Today I actually received what SEEMS to be good news via email  from the IRS.

After reading the subject line, the sender line and the smooth-talk line, I decided that today was NOT a good day to go “phishing”.

According to the sender, I’m entitled to an easy tax refund,  if I’ll just click on an attachment. (Hint: “NEIN! NYET! NOPE!”)

I received the following email today and want to point out several reminders for you when
opening email that requests your NPPI (Non-Public, Personal Information).

Internal Revenue Service [pustomer@irs.gov]
Debt for the period 2011 #ID4256
Tax_Refund.zip(38kb)

IRS notice,

The analysis of the last annual calculations
of your fiscal activity has indicated that
you are entitled to receive a tax refund
of $111.14

Please submit a request of the tax refund
and a processing of the request will take 7-14 days.
A tax refund can be delayed by different reasons.
For instance submission of invalid records or
sending after the deadline.

Please find the form of your tax refund attached
and fill out it and send a report.”

Sincerely,
IRS.

Clue #1.   The IRS never asks for personal information via email. They already have your details, trust me on this one.

Clue #2.  The IRS uses the U.S. Mail and when you get a notification from them, it will come in your snail mail box.

Clue #3.   Watch for “Scammer Grammer”. The sentence structure in phishing email is edgy enough to provide clues, if you read carefully.

Clue #4.  Requests to open an attachment from any unknown sender potentially carry malware, spyware and viruses.

Clue #5.  The “Japan Quake Relief” Scam and Facebook’s “Likejacking” Scam are tricky tax-related ripoffs to watch out for this year.

The IRS has actually set up an official email address posted on their site, where you can report phishing or other tax related scams.

Final reminder, rumors of a “friendlier and gentler IRS” are still greatly exaggerated.

Twitter now claims to have 50 million active users every single day!

Recently, a colleague complained that his Twitter account had been hacked not once, but twice in the past month!

There is really no reason for anyone to be that vulnerable to attack.

With 2012 upon us and the explosive growth of Twitter, I think the New Year is an excellent time for a review of easy, effective Twitter privacy practices.

5 easy (and tweetable) tips for better privacy protection.

1. Use a strong password that is at least 8 characters long and includes both numbers and symbols. [tweet this]

To avoid the simplest intrusions, make sure your password is not a word that appears in the dictionary. So called computerized “dictionary attacks” are easily capable of targeting and exploiting those words literally within a few seconds. For a great article on password tips and advice, check out this informative article from the folks at Google.

2. Make sure that www.Twitter.com is in the address bar whenever you log into your account. [tweet this]

Bogus sites, malware, spyware and viruses are often disguised as common links. Be cautious about clicking on any links in Twitter messages you read or receive, especially from people you don’t personally know and trust.

Hint: Any words that may appear between the word twitter and the extension.com are indicators that you are not connecting to Twitter!
(example – http://www.twitter.photobucket.com) Not so subtle now, is it?

3. Revoke all access for any suspicious, unrecognized or untrusted third-party Twitter applications. [tweet this]

Just go to “Connections” under the “Account Settings” menu and click “Revoke Access.”

Trusted apps should include only ubiquitous, reliable and trustworthy providers such as Facebook, TweetDeck and Hootsuite etc. Programs and applications built by 3rd party developers can be easy and convenient, but should be used with great care. A recent article in PC World magazine reported that Twitter may have solved this problem by rendering all 3rd party apps obsolete, thanks to their newly re-designed iPhone and Android apps.

4. Stay updated with the latest patches and updates against spyware, viruses and adware. [tweet this]

Keep all your computers, smartphones, tablets, and browsers continuously safeguarded with the latest patches and updates against malicious or harmful software. If you are not getting these updates DAILY (while you sleep) you are vulnerable.

5. Twitter will never email request personal info. If you receive such a request, its the boogeyman! [tweet this]

According to Twitter’s blog:

If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account. In this case, we’ll email you a link to where you can reset your password. Again, this link will always be on the http://twitter.com/ website, and we will never ask you to email us your old password.

Twitter says their goal is “increased security and a better experience.” The folks at Twitter may have taken a page right out of the TSA’s manual for handling airline passengers.

Fly little Twitter birdie, fly!

What Twitter safety practices could you share? Leave a comment!

[Don't forget to follow me on Twitter for frequent privacy tips!]

According to data from Neilsen, approximately 38% of American adults now own an iPhone, Blackberry or other mobile device that runs the Android, Windows or Web OS operating system.

Your digital productivity is an attractive lure for financial attackers looking for easy pickings. The more connected you are, the more attractive your data and devices are. Your phone now contains your contact list, your documents, your photos, your history of conversations and a chance for a peek inside your wallet.

One persistent challenge is this; the security holes that leave you vulnerable, often go undetected and create a gaping hole in your mobile security armor.

Because many smartphone devices do double duty both at home and in the workplace, web security firms and company IT departments are hard at work guarding corporate
firewalls from the army of employees who innocently use their smartphones for both company business and personal pleasure.

What can the average smartphone user do to effectively fight the battle against financial data thieves during the busy holiday season?

Keep these 9 tips  in mind to become a smaller target:

1. Money saving coupons are often fake and may contain sneaky digital intruders.
2. Apps that do comparison shopping are often just open doors for malware.
3. Shopping only with merchants you know and trust is a practice you can’t ignore.
4. Bots and malware are at work looking for a way into your world 24/7. Stay alert.
5. Ringtones, games and music are very risky purchases.
6. Androids get targeted most, but iPhones are subject to ”jailbreak me” vulnerabilities.
7. Get a free antivirus app from your carrier or a commercial app from Norton or AVG.
8. Physical security is effective only if you routinely hide, lock and secure your devices.
9. Shop only with merchants you know and trust. (Yes, I said it again.)

This season, the only thing you should NOT lock, hide or protect are the traditional plate of cookies and milk for the “Big Guy”.

What smartphone safety tips or horror stories would you be willing to share with our readers?