Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    Background Checks Don't Tell the Whole Story

    Friday, September 14, 2018, 11:40 AM [General]
    0 (0 Ratings)

    When it comes to background checks, the National Crime Information Center is the gold standard. It is only available to law enforcement agencies and is the most accurate and complete database tracking convictions and arrests in the US. That sounds pretty great, right? Unfortunately, it’s not all as it seems.

    The Department of Justice

    The Department of Justice recently released a report based on a two-year study of convictions and arrests from 2016. The report shows that a very low percentage of convictions and arrests actually make it to the National Crime Information Center. What does this mean? It means that even if a commercial background check company is using the best information, it’s only able to get information on about 13% of all crimes. On top of that, there is a pretty standard 30% error rate on background checks based on factors such as typos, misspellings, and data entry errors. Yikes.

    The Reliance of Background Checks

    It doesn’t matter if you are an employer, a landlord, or even a private citizen hiring a babysitter or contractor, odds are good that you think a criminal background check is a good idea. But, the fact that we not only rely on these checks, but also believe that they are fool-proof, is quite problematic.

    Other Implications of Background Checks

    The inaccuracy of background checks is only one of the issues associated with them. Another issue is that there is a big possibility that these commercial background checks could violate the Fair Housing Act because it might be seen as intentional discrimination. Additionally, though people with criminal records are not protected under the Fair Housing Act, statistically, this creates a disproportionate impact on minorities. According to the Fair Housing Act, minorities are protected.

    Though it seems like a great idea to run a criminal background check, as you can see, it’s not always a black and white result. Criminal history databases are not complete, there are high rates of errors, and these background checks might be violations of the Fair Housing Act. At the very least, someone could have a good case against it if you use a criminal background check as a basis for a housing decision. When thinking about if a background check is worth it or not, it probably is, but you also have to be aware of the possibility that you are not going to get the entire story.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    A "Credit Profile Number" is a fake SSN, and it Works

    Wednesday, September 12, 2018, 11:27 AM [General]
    0 (0 Ratings)

    Cyber criminals are constantly trying to stay one step ahead of the good guys, and there is now another scam out there that you should know about: synthetic identity theft. Basically, the criminals take information from someone, and then make up the rest. They also often use fake Social Security numbers, called CPNs, or “credit profile numbers,” or names.

    This type of identity theft shows us that our credit system is more vulnerable than we might think. Basically, it is easy to create a credit file on these identities, and once they have that, they can get a credit card or loan.

    Of course, using a CPN like this on an application for credit card or loan is illegal, but lenders currently don’t have a conclusive way of distinguishing a real Social Security number from one of these fake ones. The Social Security Administration generates SSNs randomly. This makes it difficult for a lender to notice a fake one. Technically, a lender can contact the SSA and cross-check, but most of them don’t. Why? Because the SSA requires a handwritten signature from the person who has that SSN, and this is a pain in the neck for lenders.

    So, of course, the best thing to do is to create a way for lenders to instantly check to see if a Social Security number is valid or not, and as of now, they do not have the capacity to do this. Lenders do, however, use their own fraud-detection tools, but these requests for credit still fall through the cracks.

    This practice also has created more open windows for fraudsters, because they know that the system is vulnerable. It’s true that many lenders won’t accept a credit application from someone with no history of borrowing, which is the case with a CPN, but some still do, and the more activity the file sees, the more likely it is that credit will be given. Once credit is approved, a full credit report is created. Though it likely won’t be a high amount of credit, many lenders take a chance on new borrowers, and at a minimum, extend a couple of hundred dollars. Some people will even get a card that has, say a $300 limit, and use the card for a time. Once they establish a good payment history, they can get a credit increase, and that’s where the fun really begins.

    This is just one more scam that you should be aware of, and one more reason to keep your private and personal information safe.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    2017 Was the Worst year for Data Breaches EVER!

    Friday, September 7, 2018, 10:11 AM [General]
    0 (0 Ratings)

    It seems like 2017 broke records for all the wrong reasons…one of them being the worst year for data breaches in history.

    According to reports, hacking was the most common way to collect this data, but almost 70% of exposures occurred due to accidental leaks or human error. This came down to more than 5 billion records. There were several well-known public leaks, too, including the Amazon Web Services misconfiguration. More than half of the businesses using this service were affected, including companies like Verizon, Accenture, and Booz Allen Hamilton. The scariest part of this, however, is the fact that the number of breaches and the number of exposed records were both more than 24% higher than in 2016.

    Big Breaches of Big Data

    Another interesting thing to note is that eight of the big breaches that occurred in 2017 were in the Top 20 list of the largest breaches of all time. The top five biggest breaches in 2017 exposed almost 6 billion records.

    Part of the reason for the big numbers is because huge amounts of data were exposed from huge companies, like Equifax. There was also a huge breach at Sabre, a travel systems provider, and the full extent of the breach isn’t even known at this point. All we do know is that it was big.

    When looking at all of the known 2017 data breaches, almost 40% of the breaches involved businesses. About 8% involved medical companies, 7.2% involved government entities, and just over 5% were educational entities. In the US, there were more than 2,300 breaches. The UK had only 184, while Canada had only 116. However, until now, companies in Europe were not forced to report breaches, so things could change now that reporting is mandatory.

    What were the biggest breaches of all time? Here they are, in order:

    • Yahoo (US company) – 3 billion records
    • DU Caller Group (Chinese company) – 2 billion records
    • River City Media (US company) – 1.3 billion records
    • NetEase (Chinese company) – 1.2 billion records
    • Undisclosed Dutch company – 711 million records

    Though none of this is great news, there is a silver lining here: none of the breaches of 2017 were more severe than any other breach in history, and overall, the occurrence of breaches dropped in the fourth quarter.

    Because of so many breaches occurring due to human error, it’s very important that businesses of all sizes enact security awareness training, including helping staff understand what makes a business a target and what type of info the hackers want.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    15 Year Old's Naked Photos Spread Like Wild Fire

    Wednesday, September 5, 2018, 9:35 AM [General]
    0 (0 Ratings)

    You have probably heard the story before. Teenage girl takes some scantily clad photos and sends them to her latest boyfriend. “What could go wrong?,” she thinks. Well, a lot could go wrong, and an article on Vice.com really lays that out. You might think that the boyfriend is to blame for this 15-year old’s photos spreading like wildfire, but the truth is this: he deleted them soon after getting them…the photos got out because the teen kept them on her phone and some classmates took that phone.

    Ultimately, the photos got into the hands of the victim’s best friend. At this point, you probably think “Phew…the photos are safe.” Wrong again. Her “best friend” ended up posting the photos to a blog. Many years later, the victim found out why…her “best friend” was mad that she had sent some angry texts to her the night before, and that her main motivation was to simply hurt her friend because of those texts. That’s all it took for a teen’s life to be effectively ruined for months.

    When things like this happen, many women are made to feel guilty that they took these photos, and this is a type of digital violence. In fact, more women are now seeking counseling to help to combat these feelings. The thing is, if you have a nude photo, you are certainly not immune. Teens often become victims here, but so do adult women and celebrities. In most cases, someone else is spreading these photos, but the victim is often blamed.

    In late 2017, the EU passed new laws that help to better protect people who find themselves in this situation, and in 2015, the British government made these actions a crime, too. However, in most other countries, no such laws exist.

    In this case, the victim ended up forgiving her classmates, but as an adult, she still has not overcome the invasion of her privacy. She also still struggles with the fact that most people in the community blamed her…not the boys who stole her phone, nor her friend, who posted them on the internet. She says that people came up to her for years after the incident and told her they saw those photos, too, and she still has that feeling that she did something wrong.

    Finally, as a society, we have to find ways to make sure that victims of these crimes are taken seriously, and ensure that video sites, like YouTube, and social media sites, like Facebook, respond immediately when notified of content like this.

    And, please, I’m not blaming the victim here, and a bit of advice, no naked pics of yourself, girlfriend, husband or wife please. It’s a bit too risky and can have significant consequences.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    10 Tips on Discussing a Screwed Up World with Kids

    Wednesday, August 22, 2018, 11:49 AM [General]
    0 (0 Ratings)

    Do you have children? How do you talk to them when something like a mass shooting happens? What about a robbery in your neighborhood? Do you talk about nuclear weapons? If you are like most parents, you don’t know where to start. Here’s 10 tips that you can use to talk to your kids about our screwed up world:

    Young Kids – Ages 2 to 6

    Parents Are in Charge – We control the “information flow” which means we can restrict what information they have access to. No mobile phones, no tablets, no TV news or conversations in the house or others homes on topics to intense for young kids. We ask questions before we send them to others homes and tell them our requirements.

    Don’t Expose Them – Don’t watch adult-themed shows until they are in bed.

    Don’t Bring it Up – It’s also recommended that you don’t even bring it up…unless, for some reason, they bring it up to you. If you do have to talk to them about it, keep it simple.

    Tell Them You are Safe – If you do have to address a situation like this, make sure that you tell your kids that they are safe. Give them a hug and assure them.

    Older Children – Age 7 to 12

    Parents Are in Charge – We control the “information flow”. Don’t give me a BS excuse “I already gave my 11 year old a mobile phone and he has a TV in his bedroom. Stop the madness and start parenting.

    Talk to Them if They Talk to You – For older kids, you should talk to them about these incidents, but only if they know about the event. Tell them that you would love to talk about it with them.

    Listen – Talking it out is only one part of this. You also have to be a good listener. Ask them questions, too, such as what they heard, how they know about the incident, and how they feel about it.

    Be Honest – When dealing with tweens, you should make sure that the truth comes from you, not from their friends nor the television or internet. You don’t have to go into great detail, and you should explain it in a way they will understand, i.e. explaining that the mass shooter/terrorist/predator etc likely is mentally ill.

    Discuss the Media – It’s likely that kids this age will get information from the media, but make sure they know that the media likes to sensationalize things to get people’s attention.

    Teenagers

    Assume They Know – Teens likely know that an event has happened, but don’t assume that they have the whole story. They often get their news from friends or social media, and that information is often incomplete.

    Engage Them in Conversation – Talking it out can help teens come to terms with these incidents.

    Give Them Hope – Finally, give your teenager hope that things will be alright. A lot of teens are focused on the dark side of things, so make sure to bring in a bright light.

    No matter their age, engage their schools administration. Most schools have systems in place to deal with and discuss tragic events based on the age and grades of the students. Often, parents will feel better that their schools have a good handle on these discussions. But it’s also up to the parents to put it out there, to let the schools know what the parents expect.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 52  •  1 2 3 4 5 6 ... 52 Next