The U.S. is being targeted at the highest levels of our nation’s critical infrastructure. You’re a target too.

Sadly, there are at least three privacy snipers out there, who have our valuable data in their sights. You can choose to ignore them, deny them or avoid them; however they are relentless and they aren’t  planning on going away any time soon. Informed security experts clearly acknowledge this reality. We should too.

I recently watched two compelling TED.com talks given by security gurus Bruce Schneier and Mikko Hypponen. Their distinct messages and points of view shared a very common theme. Digital crime has emerged as one of our nation’s greatest security threats. These rogue attacks are neither diminishing, nor are they under control.

Bruce Schneier believes that our preconceived notions of security have lulled us to sleep. We believe that the hotels we trust, the food we eat, and the planes we board are safe. According to Schneier, that feeling of security bears little resemblance to actual security, we have just talked ourselves into believing that those activities are what he refers to as “models of safety”. Those models, Schneier says, are hard to dislodge. This thinking makes us more vulnerable to the tactics of relentless identity thieves and hackers.

Hypponen on the other hand, sees value in identifying the three types of online attackers who rule the digital underworld. They are:

1. Criminals worldwide, enriching themselves with trojans, viruses and botnets
2. Hacktivists, who punish political rivals for not complying with their “demands”
3. Nation-states, are governments with a political, military or judicial hacking agenda

Meanwhile, USA Today reported last week that the Central Intelligence Agency was infiltrated by hackers claiming to be affiliated with the hacktivist group Anonymous.
Another account of the C.I.A. hacking story from CNN,  seems to confirm one of our greatest concerns, that U.S. government sites remain vulnerable to outside attack.

In addition to protecting our personal, commercial and government interests, security experts like Hypponen, point to the vulnerability of the servers (PLC’s) that drive our nation’s critical infrastructure systems. Our nation’s power grid, utilities, transportation, communication, and military all depend on PLC’s  (programmable logic computers).

You can raise help raise your own privacy awareness level by reading this blog. Share this blog with others. Lets start a dialogue.

If the global scope of identity crime is on the upswing, raising your privacy awareness level seems like a logical next step don’t you think?

I have three quick questions for you to consider.

1.) Is a debit card your payment tool of choice?

2.) Is it financially irresponsible to use a credit card and incur fees and interest rates?

3.) Ask yourself: “How much am I responsible for if my card number is stolen and used, but I don’t report it promptly?”

In my book Identity Theft Secrets: Exposing The Tricks Of The Trade, I plead with readers to re-consider the dangers lurking in the shadows of the debit card jungle.

This week, an article at Bankrate.com convinced me that we need to re-examine the dangers of debit card dependency:

“Debit cards may look identical to credit cards, but there’s one key difference. With credit cards, users who spot fraudulent charges on their bill can simply decline the charges and not pay the bill.

On the other hand, debit cards draw money directly from your checking account, rather than from an intermediary such as a credit card company.

Because of that, even clear-cut cases of fraud where victims are protected from liability by consumer protection laws can cause significant hardship…“

I know the logic: “Who wants to pay another bill at the end of the month? I’ll just use my debit card and the funds come directly out of my account without generating another bill for me to pay.”

Some consumers proudly boast that they are practicing “good money management” by not using a credit card at all.  Admittedly in some cases, credit card debt can be crippling if it grows out of control.

Three Payment Card Tips You Should Know:

1.   Your money is SAFER when you use a credit card. Period.
2.  Check your monthly statement for unauthorized transactions, including small ones.
3.  Report suspected fraud and never tie a debit card to a large savings account.

The next time you “get carded” use a credit card, then pay it off. Don’t play electronic Russian Roulette with your savings.

Is this practical advice?  What do YOU think?

Google’s eye-catching twenty four hour “blackout” last Wednesday, protesting PIPA and SOPA sure got my attention.  How did it make you feel?

Watching sites like Wikipedia and Google go dark, reminded me of the media censorship I witnessed as a tourist in Asia a few years ago. Downright creepy.

Imagine not having online access to the information you need (assuming it is legal for you to own it). That’s the question we must face.

Do you and I have a right to freely acquire copyrighted content such as books, movies and music without paying?

Digital pirates think the status-quo is swell because the more we feast, the richer they get.

Law enforcement officials in New Zealand , in cooperation with the FBI, arrested the 38 year-old founder of one of the web’s largest file-sharing sites, also known as “file-sharing lockers” Megaupload on Wednesday.

The suspect, who had his name legally changed from Kim Schmitz to Kim Dotcom was in the middle of his own birthday bash when authorities raided his 25, 000 square foot home and took Mr. Dotcom into custody.

According to reports, the German national was found hiding in his “safe-room” clenching a shotgun. Officials noted that there were 18 luxury cars on the property, along with nine million dollars cash in U.S. currency.

The Wall Street Journal reported:

“Mr. Dotcom was charged with criminal copyright infringement and conspiracy to commit racketeering. The Federal Bureau of Investigation shut down his Hong Kong-based website, which it claims was used to pirate half a billion dollars worth of entertainment content.

The husky Mr. Dotcom is a kingpin in a little-exposed side of the Internet economy, who profited by tapping changes in technology, roiling the entertainment industry.”

Congressman Darrell Issa (R-California) has introduced a new bill called the OPEN Act (Online Protection and Enforcement of Digital Trade Act). The tech-giants seem to be embracing the bill, but Hollywood executives don’t think Rep. Issa’s bill goes far enough to protect their interests.

This battle is far from over, but at the end of the day one thing’s for sure.

Someone’s going to be walking the plank soon.

Today I actually received what SEEMS to be good news via email  from the IRS.

After reading the subject line, the sender line and the smooth-talk line, I decided that today was NOT a good day to go “phishing”.

According to the sender, I’m entitled to an easy tax refund,  if I’ll just click on an attachment. (Hint: “NEIN! NYET! NOPE!”)

I received the following email today and want to point out several reminders for you when
opening email that requests your NPPI (Non-Public, Personal Information).

Internal Revenue Service [pustomer@irs.gov]
Debt for the period 2011 #ID4256
Tax_Refund.zip(38kb)

IRS notice,

The analysis of the last annual calculations
of your fiscal activity has indicated that
you are entitled to receive a tax refund
of $111.14

Please submit a request of the tax refund
and a processing of the request will take 7-14 days.
A tax refund can be delayed by different reasons.
For instance submission of invalid records or
sending after the deadline.

Please find the form of your tax refund attached
and fill out it and send a report.”

Sincerely,
IRS.

Clue #1.   The IRS never asks for personal information via email. They already have your details, trust me on this one.

Clue #2.  The IRS uses the U.S. Mail and when you get a notification from them, it will come in your snail mail box.

Clue #3.   Watch for “Scammer Grammer”. The sentence structure in phishing email is edgy enough to provide clues, if you read carefully.

Clue #4.  Requests to open an attachment from any unknown sender potentially carry malware, spyware and viruses.

Clue #5.  The “Japan Quake Relief” Scam and Facebook’s “Likejacking” Scam are tricky tax-related ripoffs to watch out for this year.

The IRS has actually set up an official email address posted on their site, where you can report phishing or other tax related scams.

Final reminder, rumors of a “friendlier and gentler IRS” are still greatly exaggerated.

Twitter now claims to have 50 million active users every single day!

Recently, a colleague complained that his Twitter account had been hacked not once, but twice in the past month!

There is really no reason for anyone to be that vulnerable to attack.

With 2012 upon us and the explosive growth of Twitter, I think the New Year is an excellent time for a review of easy, effective Twitter privacy practices.

5 easy (and tweetable) tips for better privacy protection.

1. Use a strong password that is at least 8 characters long and includes both numbers and symbols. [tweet this]

To avoid the simplest intrusions, make sure your password is not a word that appears in the dictionary. So called computerized “dictionary attacks” are easily capable of targeting and exploiting those words literally within a few seconds. For a great article on password tips and advice, check out this informative article from the folks at Google.

2. Make sure that www.Twitter.com is in the address bar whenever you log into your account. [tweet this]

Bogus sites, malware, spyware and viruses are often disguised as common links. Be cautious about clicking on any links in Twitter messages you read or receive, especially from people you don’t personally know and trust.

Hint: Any words that may appear between the word twitter and the extension.com are indicators that you are not connecting to Twitter!
(example – http://www.twitter.photobucket.com) Not so subtle now, is it?

3. Revoke all access for any suspicious, unrecognized or untrusted third-party Twitter applications. [tweet this]

Just go to “Connections” under the “Account Settings” menu and click “Revoke Access.”

Trusted apps should include only ubiquitous, reliable and trustworthy providers such as Facebook, TweetDeck and Hootsuite etc. Programs and applications built by 3rd party developers can be easy and convenient, but should be used with great care. A recent article in PC World magazine reported that Twitter may have solved this problem by rendering all 3rd party apps obsolete, thanks to their newly re-designed iPhone and Android apps.

4. Stay updated with the latest patches and updates against spyware, viruses and adware. [tweet this]

Keep all your computers, smartphones, tablets, and browsers continuously safeguarded with the latest patches and updates against malicious or harmful software. If you are not getting these updates DAILY (while you sleep) you are vulnerable.

5. Twitter will never email request personal info. If you receive such a request, its the boogeyman! [tweet this]

According to Twitter’s blog:

If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account. In this case, we’ll email you a link to where you can reset your password. Again, this link will always be on the http://twitter.com/ website, and we will never ask you to email us your old password.

Twitter says their goal is “increased security and a better experience.” The folks at Twitter may have taken a page right out of the TSA’s manual for handling airline passengers.

Fly little Twitter birdie, fly!

What Twitter safety practices could you share? Leave a comment!

[Don't forget to follow me on Twitter for frequent privacy tips!]

According to data from Neilsen, approximately 38% of American adults now own an iPhone, Blackberry or other mobile device that runs the Android, Windows or Web OS operating system.

Your digital productivity is an attractive lure for financial attackers looking for easy pickings. The more connected you are, the more attractive your data and devices are. Your phone now contains your contact list, your documents, your photos, your history of conversations and a chance for a peek inside your wallet.

One persistent challenge is this; the security holes that leave you vulnerable, often go undetected and create a gaping hole in your mobile security armor.

Because many smartphone devices do double duty both at home and in the workplace, web security firms and company IT departments are hard at work guarding corporate
firewalls from the army of employees who innocently use their smartphones for both company business and personal pleasure.

What can the average smartphone user do to effectively fight the battle against financial data thieves during the busy holiday season?

Keep these 9 tips  in mind to become a smaller target:

1. Money saving coupons are often fake and may contain sneaky digital intruders.
2. Apps that do comparison shopping are often just open doors for malware.
3. Shopping only with merchants you know and trust is a practice you can’t ignore.
4. Bots and malware are at work looking for a way into your world 24/7. Stay alert.
5. Ringtones, games and music are very risky purchases.
6. Androids get targeted most, but iPhones are subject to ”jailbreak me” vulnerabilities.
7. Get a free antivirus app from your carrier or a commercial app from Norton or AVG.
8. Physical security is effective only if you routinely hide, lock and secure your devices.
9. Shop only with merchants you know and trust. (Yes, I said it again.)

This season, the only thing you should NOT lock, hide or protect are the traditional plate of cookies and milk for the “Big Guy”.

What smartphone safety tips or horror stories would you be willing to share with our readers?

Lets examine 5 strategies which can help guard against holiday fraud this season.

The so-called Super Committee (Joint Select Committee on Deficit Reduction) just announced that they are unable to agree on the terms of a mandatory $1.2 trillion-dollar deficit reduction  plan. Are you wondering how their failure could possibly affect your gift-giving this year?

The stalemate in Washington, DC may put a damper on our already fragile economy, so protecting your hard earned assets and reputation are worthy goals this holiday season. This is also the time of year when record numbers of consumers  prepare to snag Black Friday and other seasonal shopping deals in malls and online.

With much at stake and our resources stretched like never before, fraudsters are licking their chops as they await the hoards of often distracted and rarely cautious holiday deal-snatchers. The shopping, shipping and selection alone are enough to entice even the most frugal and inexperienced buyers this time of year.

So with shopping in sight and awareness in mind, lets examine 5 strategies that can help you Deter, Detect and Defend against fraudsters lurking behind the holiday tree.

#1. Malicious mobile software is a reality in our smartphone-driven culture. Although iPhones are vulnerable, there has been a rise in the number of attacks on Android users.

#2. Bogus holiday promotions, electronic greeting cards and savings coupons can lure buyers who believe that the offerings are real. Shop only with retailers you know and trust.

#3. Mac users are not immune. According to McAfee Labs, there are over 5000 known versions of Mac malware. That number is increasing by 10% per month.

#4. Phishing emails with holiday themes are common this time of year. Best not to open email from anyone you do not know.

#5. Before buying, always look for the HTTPS (Secure Sockets Layer) padlock in the status bar at the bottom of your web browser, or right next to the URL in the address bar.

Happy holidays, Merry Christmas and safe shopping to the “deal-lover” in all of us!

Los Angeles tilted on its axis last week, with the arrival of thousands of eager internet marketing and social media conscious conference seekers. (Tongue twister not intended.)

BlogWorld Expo 2011 and Joel Bauer’s Passion 2 Profit, each convened separately this past week in the City of Angels.

Tech-savvy attendees at both gatherings feasted on expert advice from noted gurus, coupled with the concentrated learning modules and intimate networking that they (we) all crave. Both events are getting stellar reviews.

Each event trains corporate executives, entrepreneurs, online marketers, bloggers and content creators to achieve maximum impact and an optimal connection to their target niche’ markets.

BlogWorld is the conference where more than three thousand “new media” evangelists, online journalists and social media experts gather to share marketing ideas, current trends and critical branding insights. Speakers included author Guy Kawasaki, blogger Darren Rowse, social media guru Chris Brogan, and Facebook marketing expert Mari Smith.

Passion 2 Profit is the brainchild of marketer, mentor, and author Joel Bauer. Bauer’s event attracted nearly 400 attendees representing dozens of professions, who  learned to connect, communicate and convey their brand message to the marketplace, under the structured guidance of one of the nation’s most successful business coaches.

Just yesterday at another event I was invited to speak at, my wife and I visited with a young woman who dreams of sharing her passion and talents as a professional pastry chef, but fears losing her “privacy and anonymity” if she begins her own blog. Her concerns are legitimate.

With over 100 million blogs up and running on the internet these days, here are four great reminders about how to protect your  identity, your assets and your privacy while making your impact in the online world.

(Just think of the word S.C.A.M.)

1. S- Be Stingy about giving out non-public personal identifying information in a blog post, email, marketing or social media engagement.

2. C- Check your blogging and social media privacy settings regularly (at least monthly) for updates, revisions or irregularities.

3. A- Ask for your free credit report at least three times per year. Consider spacing them out by ordering one report every four months. (www.annualcreditreport.com)

4. M- Manage your blogging, social media and other passwords with a free and foolproof password generator like LastPass.

Bonnie Raitt’s hit song lyrics “Lets Give Em’ Something To Talk About” were never meant to imply that your private, personal details should be fodder for your fan base.

Facebook, Twitter, Google Plus and other social networking sites often have all the glitter, glamour and allure of a star-studded event.

I’m talking about the kind of event that we all dream of being invited to.

The good news for social butterflies is that the social networking party has already started and the guard at the door will let almost anyone inside, including you and me.

The bad news is that the guard at the party’s door will let almost anyone inside including you and me.

You probably know that there is a long list of online celebrities who have been hacked or attacked including spotlight seekers such as Britney Spears, Rihanna, Khloe Kardashian and Ashton Kutcher.

Here are 7 tips for keeping your own party private and under your privacy controls:

1. Print, store and read the privacy policy settings of the sites you use. If in doubt, ask questions.

2. Any unguarded list of “friends” who you allow to view your posts and photos may include: employers, law enforcement, insurance investigators, cyber-thieves, etc.

3. Don’t forget that the information and images that you post on the internet are never guaranteed to be “delete-able” or “erase-able”.

4. Courtesy dictates that you obtain permission to post the photos and information of 3rd parties. You would want the same courtesy from them.

5. You should always maintain and utilize your right to determine who is in your group or circle of “friends”. If  that’s not possible, “shut er’ down”!

6. Accepting friend requests from people you don’t know is like opening your front door for a stranger. Share this with your children.

7. GPS or location based services (LBS) that allow you to “check- in” can expose you to danger. Do you actually want everyone to know when you are not at home?

Sharing information and photo albums can be loads of fun.  Keep in mind that as fun as it may be for you to crash other people’s events, you have a responsibility to keep a close eye on who steps on to your own front porch.

What is being called one of the largest identity theft busts of its type in U.S. history was announced today by police in New York.

The investigation code named “Operation Swiper”  unfolded like an international spy novel and involved thieves fluent in Russian, Mandarin and Arabic. The thieves had ties to organized crime syndicates in Europe, Africa and the Middle East.

Authorities indicted 111 people from five criminal enterprises in Queens, New York. At the time of this writing, 86 of the 111 people indicted are in custody, with the remaining 25 suspects still at large.

This massive operation is believed to have netted the criminals $13 million over a 16-month period of time.

According to reporter Laura Vess:

“Reports indicate that at least 3 bank employees, along with retail workers and restaurant staff, would steal credit card numbers by “skimming” them when a customer swiped their card for payment. Then the stolen numbers would be sold and manufactured into forged credit cards. “Shoppers” (actually thieves) would take the forged credit cards and buy high-end, expensive items at stores such as Apple and Macy’s.”

What does this bust reveal about your credit/debit card vulnerability?

1. Credit cards and debit cards that are easily swiped in restaurants and retail stores are extremely vulnerable to common “skimming” by corrupt clerks and waiters.

2. Even cards that consumers carry in their possession can be “drained” as a result of the data swiped from the magnetic strip when it was in the hands of  the thief.

3. Amazingly, not just corrupt employees but the actual owners of many retail stores were “in” on the scheme.

4. At least one banking institution has been implicated in the scheme.

5. NYPD Police Commissioner Raymond Kelly acknowledges that many of the victims feel the same impact as violent crime victims, even though they were not held up at gunpoint.

6. Stolen and “skimmed” credit card data has tremendous value on the international market, creating quite an appetite for new numbers from unsuspecting consumers.

7.This case demonstrates how easily our card data can be hijacked to pay for luxury hotels, luxury cars and private jets.

8. Thieves are getting more tech-savvy and imaginative than ever.

Even veteran NYPD Commissioner Kelly seemed surprised at the sophistication of these tech-minded thieves:

“The schemes and the imagination of these thieves is mind boggling…..These crimes are getting more sophisticated and thieves have an amazing knowledge of how to use technology.”

What dear reader is YOUR plan to stay one-step ahead of the growing number of skilled techno-thieves?