This blog post is submitted by Tim Rohrbaugh, Vice President of Information Security, Intersections Inc., following a panel discussion for the Practical Privacy Series hosted by the International Association of Privacy Professionals.

What do you get when you cross a Privacy Professional, Security Professional, and a Government official?  Anonymity in your own house after a year of hard fought policy effort.

Okay, for some reason my comedic career never really took off, but I’ve been known to collect attorney jokes and pull them out at the most inopportune time. Please, send me your favorite attorney joke in the Comments section of IDGuardian…and you’ve been a lovely audience…

But seriously…

Just last week, I was asked to speak on a panel that occurred this week at the International Association of Privacy Professionals (IAPP).  I looked forward to being the only private sector member.  Not that I like to debate for debate sake but I am known to appreciate a lively discussion with active minds.

As I looked out across the members in attendance and listened to some of the questions, I was struck by the fact that, by and large, most US citizens don’t realize that there are many professionals who spend their days thinking about how to keep personal data secure because they care about the subject.  Some people make it their professional career because of a personal experience while others have found an area that they are passionate about for business reasons. Regardless of why, when I try to summarize the intersection between what the people in the room care about and what the general informed netizen cares about, it’s “Anonymity”.  We all want to reduce fraud and create an agreed upon trust model with technology and policy. Businesses trust you most of the time, and you as a consumer trust businesses all of the time.

Before we reach that utopian happy place, we the general Internet users just want to search for information online without feeling like we are going to get spammed with targeted emails based on those searches.  Is that too much to ask?

How about phrasing it another way: We want “selective anonymity”.

I admit, that is my own, original term so allow me to define it: an Internet user using a browser either through a smartphone, tablet, or PC should have the right for privacy when they gather information but  give up that right when they want to transact business. For example, if you are researching the history of running, you should not expect to suddenly find your mailbox full of unsolicited emails from “The Finish Line” or some other runner’s online boutique. However, if you go to The Finish Line’s website and purchase a pair of running shoes, it should come as no surprise that advertisements will follow you unless you’ve opted out from receiving them.

That does not mean that one business can misuse information provided to it for a trusted transaction, but the trusted business may use the information (any and all) in the course of business (anti-fraud, deliver goods, deliver services, provide access to bank records and transactions…). Simple ,right? We all wish it was so.

Unfortunately there is a grey area in-between “gather information” and “transact business”.  That grey area is best defined as using “services that are free”, better known as “freemium” services.  Remember that old adage nothing is free in life?  Services are rendered at no cost to you other than the collection and reselling of information. Your information.

What can we learn from this?  It is better to pay for services and demand protections.  Would you like to know how much work it is today to really limit the amount of information about you that is being collected and contextualized?

Stay tuned and IDGuardian will have that answer.

My child, the Digital Native.

Her grandfather (my dad) is constantly amazed at what she can accomplish on the iPad. He claims it’s because the apple (pardon the pun) isn’t falling far from the tree. “I can’t do what you do,” my Dad tells me often. “You just sit behind a computer and just figure it out.” He’s right in one respect — it is what I do. I get my hands on a new tech device and just figure out how it works. So does my daughter.

The problem is she’s doing it much faster.

When I decided to purchase an iPad for my child, mistakenly, I did not consider what she would have access to — or more to the point, what she would access — until one day when I found her hopping around YouTube. There is a running joke that YouTube is nothing more than a haven for funny home movies involving one’s pets.

Well, no. There’s a lot of stuff on YouTube and not all of it is child-friendly.

In fact, there are many things about the iPad (and its cousins the iPhone and iPod Touch) that are not child-friendly. Even the devices alone, in your child’s possession, could make her a mark for a crime. Setting those fears aside, these Apple devices and apps installed might ask your child for information (current location, iTunes password, etc.) best kept private. In a survey sponsored by the mobile security firm Adaptive Mobile, 75 percent of smartphone users are giving away their physical location when downloading apps. In polling over a thousand of their customers, 69 percent found this unacceptable, but three-quarters of these customers had not bothered to read the apps’ Terms and Conditions. Furthermore, a Wall Street Journal investigation found that of 101 popular apps for both Apple and Android operating systems, 56 of these downloads shared private data (name, email, current location) without the users’ awareness or consent.

The good news is that there are parental controls for these devices.  These options allow you to keep some data private and assure limitations on what your child can access online. If the child is good this year and will be getting a device, or if you’re loaning them your own iPhone or iPad for a few rounds of Angry Birds or Crimson Steam Pirates, there are options in your Apple devices that grant parents full control over their child’s experience.

First, on the matter of YouTube and other default apps like Safari, iTunes, Video, and Mail. You might notice that when you tap-and-hold down your fingertip on one of the default applications, the option to remove it is not offered. In fact, you cannot remove, disable, or delete any of the default apps this way. So you’re stuck with them, right?

Not exactly.

1. Find and tap the application marked “Settings.” The Settings app is where you set preferences for your iPad, iPhone, or Touch; and where you can set preferences for individual apps, as well. There appear to be a great deal of options to choose from; but for this particular exercise, we will simply focus on disabling YouTube.
2. Tap on the “General” option, then tap on “Restrictions.”
3. Tap the “Enable Restrictions” option. Before locking down the device, you create a 4-digit passcode. This passcode should be different from your devices main passcode. (Your device does have a main passcode, right? We will discuss that later.)
4. Turn Applications ON or OFF. This interface is asking “Do you want this app on or off?” Work down the list and decide what apps you want running and which ones you do not.
5. Tap “Location” to override Location Services. If you are not keen at all on you or your child being tracked via Location Services (offered in many apps), you can easily disable this feature by turning the Location Services option to off. WARNING: By doing this, you disable one of the features of FindMyiPhone. (More on this app in Part 2.) Much like with apps you wish to remove, you can also choose individual apps to keep running Location Services and which ones to disable.
6. Set your preferences for “Allowed Content.” In this section, you are able to set up specific preferences to content you are allowing. You can also disable solicitations from apps, as well.

While it may seem frighteningly easy to simply go in and disable these settings, the truth is that, yes, your Digital Native can easily release these restrictions, provided they know the four-digit passcode you set up. This is why it is important to not only password-protect your iPad, but also create a unique passcode for restrictions so that your Digital Native doesn’t figure it out.

At this point we have effectively secured our Apple device. So long as your Digital Native doesn’t crack your passcode (so avoid 1-1-1-1, 4-3-2-1, and the like…) you can police what they can and cannot access. Now that we have gotten our Apple device revealing exactly what we want when we use it, in Part 2 we will address how we protect our most sensitive data on the device with one free application and its settings.

Black Friday has come and gone, leaving in its wake record numbers, a hint of optimism on the stock market, and at least one story concerning overenthusiastic shoppers. Just because Black Friday 2011 is done, though, does not mean that holiday shopping has concluded. With a mere eighteen days remaining (and while that sounds like a lot of time, those eighteen days will fly by), consumers are still shopping for that perfect holiday present. According to the National Retail Federation’s 2011 Holiday Consumer Intentions and Actions Survey, conducted by BIGresearch, holiday shoppers say they plan to spend an average of $704.18 on holiday gifts and seasonal merchandise. Additionally, nearly six in 10 holiday shoppers (59.9 percent) say they plan to take advantage of retailers’ sales and discounts to make additional non-gift purchases for themselves and their families during the holiday season.

Once your purchases are made, though, there are still concerns to keep in mind. As reported by Bloomberg Businessweek, MSNBC, and this blog, many cases of identity theft happen after purchases are made, originating from within the business or service where a transaction has occurred. Just last month, New York authorities shut down an identity theft ring where waiters were skimming credit cards of their patrons in order to make counterfeit cards for themselves.

One way of preventing identity theft and credit fraud is awareness. You as a consumer should not only remain aware of what you are spending but where you are spending your hard-earned money and what is happening in your bank account after a transaction has happened. Whether purchasing merchandise online or at the mall, IDGuardian offers a few tips that can help you stay within their budget and help protect you and your accounts from potential fraud.

1. Double check your email inbox.  It is often reported that email scams from retailers will appear to be legitimate when sent to the consumer; however, savvy fraudsters have designed these “fake” emails to steal the consumer’s personal information by having them click on a fraudulent link.  When in doubt, do not respond.  The safer option instead of clicking on the link, is to enter the address directly into the address bar.  Most retailers will not ask for personal information via email.
2. Beware of Public Wi-Fi.  With the increase in popularity of mobile gadgets, they have made shopping at your fingertips more convenient.  But keep in mind that your local coffee shop or hotel lobby may not be secure. Know your device settings, and double check that your network is secure before you type in your credit card information.
3. Create a secure environment. Before shopping online, make sure your computer is up-to-date with the latest anti-virus software, updated regularly. Make sure the anti-virus package you install prevents viruses, malware, and keylogging to keep the fraudsters from capturing your most private information like passwords and user IDs.
4. Keep a close eye on your accounts for suspicious activity.  As you do your holiday shopping, you need to constantly monitor bank statements and accounts to detect any fraudulent or suspicious activity. Save your receipts to help compare your purchases against your bank and credit card statements.  Fraud does happen and can happen to anyone.  If you suspect fraudulent activity, immediately contact your bank or credit card company.
5. Be careful about where you shop online.  As more and more people turn to the Internet for their holiday shopping, it’s important to make sure the websites they are using are secure and legitimate.  Check to see if there is an “s” in the website address (https:// instead of http://).  Look into anti-virus software packages that can also verify IP addresses you are logging into to make sure it’s legitimate.

Particularly around the holidays and the closing of a year, it is sometimes difficult to remember to take a breath; but when it comes to your identity, it only takes a moment to protect yourself. And with that moment taken, you can now have peace of mind as you wish “Peace of Earth” to friends and family this holiday season.

Recently, I decided to get back into the world of credit cards. It was only a few years ago that I paid off my credit card debt and swore off the powerful plastic in order to live without the debt accumulated across those cards. Then, on looking at my credit score and seeing how terrific it was, I applied for and was granted two new credit cards.

I quickly re-discovered the convenience of a credit card.

It is easy — very easy — to find yourself staring at a mountain of debt come January 2012. While acquiring that “perfect gift” or preparing for that fantastic holiday party, it is easy to forget other expenses that rise such as electricity and heating bills. When the bills from decking the halls come in, paying the minimum payment that the credit card company suggests does little to chip away at this amassed debt, debt that is steadily growing interest. In a January 2011 poll, Consumer Reports found that the average spending on gifts, food, and entertainment around the holidays averaged out to nearly $600 per person. This poll also revealed that over 50 percent of these festive purchases were made with credit cards. Now, with the 2011 holiday season fast approaching, 14.1 million consumers are still paying off their 2010 holiday shopping debt, a slight bump up when compared to the 13.6 million consumers paying off holiday debt accrued back in 2009.

No matter how good it feels to make your child’s face light up at Christmas or finding that perfect gift for someone, the reality of satisfying those impulse buys is debt; and depending on your impulses, a lot of it. If you are currently managing a credit card balance of zero, or facing the threat of a large debt becoming even larger, here are a few tips to keep the spending in check:

• Make a List and Budget. You might think a list of gift recipients (including charities, mind you) and a hard-line budget turns you into a Scrooge for the holidays, but following both and accurately tracking them (more on that later) is a bit like keeping a “daily food log” when on a diet: It keeps you honest. Narrow down your gift exchanges, find a monetary value that you can reasonably afford, and stay within both your gift list and your budget.
• Avoid spending for the holidays on both a debit and credit card. This is the big trip-up for many (apart from straying free from the budget you just set for yourself), and here’s how people get tripped up: When buying gifts and other holiday purchases using both a credit and debit card, your spending doubles. The difference is, unlike a debit card where the money is taken out immediately, the credit debt is building. Then the bill arrives and you’re facing debt that is now accruing interest. Think before swiping the card and refer back to your budget.
• Track your receipts. Again, back to the budget — the best way to track your spending is by monitoring your receipts even after you return home with your purchases. Add up the numbers and compare them to the budget. Once that budget ceiling is reached, be honest with yourself. In the case of overspending, most stores will refund a sale if a receipt is brought in within 30 days of the original purchase.
• Take advice from the credit card vendors. With both of my new cards, I noticed that the credit vendors are offering a variety of formulas that show how long a card’s current balance (provided it is not used any more) will take to pay using the suggested minimum payment, and then how long the card will take to pay off with a substantially higher payment. Consider these formulas and follow their advice — cease activity on your credit card until the debt is resolved.
• Consolidate debt on a new card under certain caveats. If after the holidays you find yourself with mounting debt, you may be approached by other credit card vendors promising zero interest for a period of time. This is a fantastic opportunity to eradicate your holiday debt by consolidating it on one card.
  There are caveats to this tactic of debt reduction.What are those caveats? First, be certain you can pay off the debt before the new interest rate kicks in. Next, stop using the credit cards you are consolidating. They may sound like two simple details to meet, but much like the spending done with both a debit and a credit card, consumers can fall under a false security on seeing their cards at “zero” and start charging items and services on it again, building new debt on the consolidated debt on another card. Also, while debt consolidation sounds like a Avoid this pitfall, and follow these two conditions when consolidating credit debt on a new card.

The last tip we give may sound easier said than done, but it’s possible, especially when you have a brand new card.

• Pay off the card. Stay within your budget. Pay the full amount when the bill arrives. Keep your balance at zero. You get credit, interest free.

The holidays do not need to be a visitation from ghosts of Christmas Debts Past or Christmas Debt Present; and with just a bit of planning and some hard discipline, your holiday shopping need not be haunted by the Ghost of Christmas (or any other holiday, come to think of it) Debt Yet to Come either. The control over your debt still remains in your hands, something that should restore some happiness in your holidays.

There’s one thing worse than being talked about…and it’s falling for a phishing scam on Twitter.

By nature, when people tell you that there’s a rumor spreading about you or that someone is trashing your name, you will want to know details. It’s simple, human behavior: if people are trash-talking your name and your reputation, you want to know what is being said.

This could be the reason why phishers are trying this approach on Twitter:

You’ll note this tweet arrived in my personal Direct Message (DM) stream last night. I got an identical one this morning. Also identical to the tweet I received last week. Clicking on this link will take you to a verification site similar to Twitter’s login page. This will be your only warning to stop what you’re doing and get off that page as quickly as you can.

The reason so many of these phishing scams appear on Twitter and Facebook (Don’t worry, Google+, you’re probably next on the list…) is that they work. Back in 2009, ZDNet reported that phishing links receive a response rate of 45 percent. This was in 2009, and think for a moment of how many bogus links you’ve received in the past two years.

We keep getting these phishing links because they are effective and efficient in obtaining login information. Cybercrooks eager to get their hands on these credentials seem to be getting smarter in their tactics, playing on your psyche.

But here are a few tells to look for in malicious tweets:

• Watch for spelling and grammar errors in tweets. Even the ones that say “LOL. Is dis U in dis vid?” Does the person tweeting send out tweets like that? Phishers are paying more attention to detail, but consider the voice of the message.
• Does the sender of the tweet chat with you often? Many times, these phishing links come from complete strangers that rarely engage with me on Twitter. If they suddenly reach out to you, there’s nothing wrong with asking why.
• Check the sender’s Twitter feed. If you see little to no engagement, a long gap between the tweets’ timestamps, or nothing in the feed other than links and retweets, it stands to reason the Twitter user is not paying attention to their feed, and have no idea that their account has been compromised.

If you do find yourself falling victim to a phishing scam, here are a few tips and resources to recover your security:

• Publically notify the sender that they have been compromised. Do not send them a direct message, but send them a Mention (the @ symbol followed by their username) that should grab their attention. Don’t block them for spam or call them out as spammers, but politely send them a tweet they need to take a closer look at their Twitter activity.
• Change your password immediately. Something complex, and not a password you share across multiple or data-sensitive accounts (like banking, shopping, etc.). Another good recommendation is to change your password frequently.
• Notify your network. Tweet about it. Post it on Facebook. And, much like us here at IDGuardian, blog about it.
• Check Twitter’s Help Center, @Spam, and @Safety for assistance, help, and latest news on any threats currently in the system.

The best tips we can give to you, though, concerning any URL’s received privately is:

• Confirm a DM, if it seems suspicious, was sent. Send a quick tweet to that person and ask “Did you just DM me?” If they don’t know what you are talking about, then let them know (by a DM, if you have a dialogue with them now) that they should look to their Twitter account.
• Don’t click the URL. Whether it is a wacky “vid” or a bad blog talking smack about you, it is best to walk away from the opportunity, notify that Twitter user there may be a problem, and then delete the offending DM’s from your feed.

The reflex is to click; and on feeling that reflex, that is to time to stop and consider what the intent of the tweet is and what could be waiting for you on the other end of that URL.

Take care, and remain vigilant.

This morning, the United States woke to news of escalating situations in Libya. From CNN, the report of Moammar Gadhafi’s death (along with a graphic image of the deposed leader) was finally confirmed at 10:36 ET. Earlier on Facebook and Twitter, while facts and images trickled out of Libya, IDGuardian posted the following:

With the news of bit.ly/pfHiUn (CNN) be wary of death video URLs floating around social networks. They may be openings for malware.

As our resident cybersecurity expect and ITC-founder Neal O’ Farrell has reported on our site before, events like this and the recent death of Osama bin Laden usually prelude a spike in cyberattacks that will try to exploit on the breaking news. The fall of prominent political figures are not the only catalyst for these events of social engineering. It can be natural disasters such as Hurricane Irene or the earthquakes in New Zealand and Japan. Even con artists posing as known charities “collecting for the holidays” will attempt to tap into social networks with fraudulent URLs; and while many “social media authorities” claim that these scam links are easily spotted, people continue to fall for them.

IDGuardian returns in light of the breaking headlines today to once again to remind you to set your vigilance high, whether you are on Facebook, Twitter, Google+, or any social network. Keep an eye out for the following scams that may try to exploit media headlines or prey on curiosities, morbid or otherwise:

• Explicit videos promising a glimpse of the dead Gadhafi supposedly filmed during or after the attack. On Google+, we have been told of at least one person who shared a malicious link. (And this is how it starts.) We have not seen any yet crop up on Facebook, but as with Google+ it only takes that one person to spread the virus. Get your news and images from trusted media outlets. Otherwise, instead of viewing a macabre piece of history, you’ll be inviting malware onto your computer.
• Web pages with tempting headlines. These link farms are popping up all over the web, using infected search queries to lure users to what appear to be legitimate news sites. Instead these sites are infected with malware that may warn you that your computer is already infected with malware, and demand payment for fake anti-virus software.
• A spike in spam. Security firm Symantec told SC magazine that they expect a spike of up to 100 million spam emails within 24 hours of the news breaking, and that upward trend could continue with the extensive post-attack analysis.
• “Gadhafi” and “Liberate Libya” Facebook pages. After Osama bin Laden’s death, “fan pages” celebrating his downfall went live, many filed with malicious links. As seen with the death of Apple pioneer Steve Jobs (and the bogus pages established in his honor), these tactics are still popular amongst cybercrooks.

It is easy to get swept up in the fact-checking and breaking headlines, but a few seconds of caution is all that is needed:

• If the link sounds too good to be true (example — “GADHAFI DEATH VIDEO! CLICK HERE”), it is. Don’t click it.
• Rely on established news resources for your facts, your images, and your video links.
• If your computer suddenly informs you that you have a virus, do not panic and click on links that offer you antivirus software. Instead, either run your current anti-virus package or purchase software that comes from a trusted vendor of anti-virus protection.
• If you suddenly hear from someone on your Facebook Chat or Wall, and the conversation starts with a link, be wary. Ask the friend in Chat or in a Message (or you could pick up the phone and call them, in some cases) if they meant to sent that. Don’t click the link right away until you get verification. Even then, be wary.

Neal O’Farrell is a name that you all have grown to know through IDGuardian. He is a man of many accomplishments, including the founding of the Identity Theft Council, a grassroots organization formed to help local law enforcement combat identity theft. He is a man of many answers to your questions concerning cybercrime and identity theft, and it is his prolific talent and know-how on these subjects that keep you in the know here on our blog.

Today is his birthday, and we at IDGuardian would like to wish our friend, regular contributor, and identity theft authority on call the happiest of birthdays.

Thank you, Neal, for all your hard work and time dedicated to fighting identity theft. We wish you all the best. Breithlá Shona Duit!

Today’s special blogpost — our 300^th by the way — is about facing opposition and taking a stand.

As some history buffs (and fans of a visually stunning 2007 summer blockbuster film) can tell you, the number “300” is quickly associated with a legendary battle between an invading army numbering in the hundreds of thousands from Persia and the 300 Spartans, ordered by the Greeks to hold the pass at Thermopylae, the only road providing the invaders access to Greece.  Spartans were, without question, the ultimate warriors of their age, but even this stand seemed hopeless. The odds were against them, but they held their post and kept the invading Persian forces from marching on to Athens.

So what does this legendary battle have to do with IDGuardian and our 300^th blogpost?

Sometimes, when you read headlines concerning identity theft and credit fraud, when you see the reoccurring news of children discovering that they are now victims, and when you hear the stories of how hackers are devising new ways of infecting your computer, smartphone, or mobile data device, it is very easy to feel outnumbered, outgunned, and outwitted—especially when under attack by cybercriminals that you cannot see.

But here is where we learn a lesson from the 300: Take a stand, and become that first line of defense.

Much like when the Persians faced the Spartans at Thermopylae, cybercriminals think you are probably an easy mark, and you are if you don’t protect yourself. You have the abilities and the resources to fight a good fight.

• Invest in anti-virus software for your home computers. There are many products out there that can protect your Mac or PCs. Do a little homework and find out what works best for your budget and your home network. Take a look at some solutions offered by our own Matt Hines for PC solutions and options for the Mac.
• Secure your home router and network. This may sound like something more appropriate for a “Geek Squad” technician or an IT guy willing to do you a favor one weekend, but it is very easy to establish the basics of security for a home network. Find the original documentation for your wireless router and look up “Security Options.” Come up with a tricky password or passphrase (e.g., “I love my dog Mac he is 5,” translates in to: IlmdMhi5) and enter it for your network.  For the computers, use the security option to enter in a password once you wake up from “Sleep” mode or power up. This is an easy layer of security you can add to your computers. The tighter your security, the easier it is to avoid troubling home invasions from cyberspace.
• Every three to six months, change your computer’s password, and protect that password. This could be looked upon as a bit of a hassle, but think of the hassle if someone hacks into your home network or computer. Let your family or your roommates know when a change is about to happen and remind them that these passwords are for the home only. If friends or guests want to jump onto your network while visiting, don’t give them the password but manually enter it, and then politely ask them to remove it from their computer before they leave. And even with changing passwords often, avoid using passwords that — while easily remembered — are easily cracked.
• Protect your Personally Identifiable Information (PII). We do talk about it often, but it is worth repeating. With portable devices like smartphones and tablets, invest in software that allows you to remotely lock down your device or remotely wipe it if necessary. With hard copy PII, invest in a fireproof safe where Social Security cards, passports, and other valuable documents can be kept. Protect your PII no differently than you protect your home, family, and loved ones. It is just as valuable and can be devastating, if compromised.

These tips are just a few of the simple, cost-effective measures you can take to make a stand, and these are only a few resources at your disposal. There are countless others out there, ready and willing to defend your identity with you.

Here is another lesson from the 300 at Thermopylae: You are not alone in this fight. While director Zach Snyder and writer Frank Miller did help to introduce the legend of the 300 Spartans to a whole new generation, there is one detail that they tend to omit — the 300 Spartans were also backed up by 6,700 other soldiers of the Greek city-states. (That also included a navy.) There are blogs, podcasts, antivirus software and identity protection services like Identity Guard^® and ITAC Sentinel^® that are out there ready to answer your questions and help fortify your defenses against identity theft.

And you also have IDGuardian. After 300 posts we are still taking a stand, offering you options, answers, and solutions.

Don’t worry. We have your back.

About an hour ago, this appeared in my Facebook News Feed. Here are a few things to note about how this is revealed as a clickjacking scam:

1. This is a supposed video tweet, but note under the link the main “home” for this URL is heading back to LinkedIn.com. An odd correlation.
2. Poor punctuation. There’s not apostrophe in Justin Bieber’s name.
3. This unflattering photo hit headlines on March 2, not today (or “20 minutes ago” as this link claims)

These may all seem like minute details, but these details are what hackers and spammers are counting on you glossing over. In the “speed of one click” you can easily surrender control of your Facebook account credentials, counting on you to race to see who can share a sensational link first in your network. Whenever you have shared URL’s like this appear in your News Feeds, it is best to stop and think before you click. Many of these scams can be caught right away from the small image (or thumbnail) associated with the link. (Obvious malicious links will be displaying intimate parts of male and female anatomy.) So if something like this pops up in your News Feed, don’t click just yet. you may regret it.

Remember that clickjacking is a hackers’ tactic technique of tricking users into clicking on a link possessing code that can surrender personally identifiable information without the user’s knowledge, allowing hackers to take control of an online account (or, more dramatically, their computer). The reason why these scams are so prevalent on Facebook is that 20 percent of Facebook users click on these links. This is according to a study, reported by CNET, in 2010.

Continuing this week’s attention to  National Small Business Week, IDGuardian has stepped back into its video archives to present a special video replay of Neal O’Farrell and his advice for small businesses and strategies against identity theft, credit fraud, and security breaches.

These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office. Neal is also the co-founder, with Intersections Inc., of the Identity Theft Council, a community-based initiative founded to help police departments across the country combat identity theft.

This podcast is copyrighted 2010-11, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Do you have any inactive smartphones or cellphones in your house? Chances are you do; and as there is credit to be earned towards a brand new smartphone or a deduction to add to your tax report, donating an old cellphone to a charitable organization or recycling an older model phone is the smart, responsible, and environmentally friendly thing to do. Upgrading our conveniences though, can sometimes have us suspend our common sense and put ourselves in precarious situations where our private data is at risk.

Just in the past five years, between the Blackberry blazing the trial, the iPhone defining it, and the Droid making a claim for the “digital heavyweight champion,” the mobile phone has dramatically changed from a small pocket device armed with basic Personal Digital Assistant (PDA) abilities to computers able to access the Internet from the palm of your hand. Like any technology, upgrades promise better communication, better connectivity, and state-of-the-art apps. These new advancements pose new challenges and new responsibilities, and these responsibilities begin with your previous cell phone.

As reported by MSNBC, a British study revealed that over half of second-hand mobile phones obtained in random purchases from eBay and brick-and-mortar stores still carried sensitive data on them, including credit and debit card PINs, passwords, bank account details, and friends’ phone numbers. Adding to the confusion as to “how” and “why” this personal identifying information (PII) had remained on these previously-owned phones, this study also revealed that 81 percent of the people donating their old phones believed the devices were clean of personal data.

The later models of mobile phones — the HTC, Apple’s iPhone, Samsung’s Galaxy — are referred to as smartphones due to their expanded capabilities via apps. Smartphones offer you all the conveniences of bill pay, flight tracking dining out, and shopping right in the palm of your hand. It is difficult not to take full advantage of your smartphone’s capabilities, and here at ID Guardian we try to encourage and empower users with tips and resources on being responsible with what is stored on your smartphone.  When you are ready to upgrade your smartphone, check to see if you have:

• Logged out of e-commerce apps?
• Logged out of apps for paying bills?
• Logged out of your banking apps?
• Logged out of your dining out apps?
• Disabled your “Save password” option?

That last item on your checklist is important as part of the convenience of smartphone apps is the ability to remember your login data automatically.

These are the essential considerations you must keep in mind when upgrading your smartphone, but what if you’re upgrading from the more basic cell phone models? These phones are usually offered for free when signing up for a contract, or at a more economical price. The apps on a cell phone are more simplistic and the Internet scaled down to bare-bones basics.  The windfall for identity thieves if they get hold of these phones resides in your collection of contacts, usually found inside the phone or stored on the phone’s removable Subscriber Identity Module (or SIM) card. Even the low-resolution cellphone cameras provide a bonus for identity thieves as the contacts now have faces to go with the names. Finally, simple memo applications allowowners to enter in sensitive data such as security PINs, passwords, and the like under the guise of a harmless reminder to ones’ self. While not as sophisticated, the basic mobile phone models offer their own unique vulnerabilities when being recycled or donated.

“This report is a shocking wake-up call and shows how mobile phones can inadvertently cause people to be careless with their personal data,” stated CPP Group’s mobile data expert Danny Harrison. CPP is an English data-protection company that commissioned the study cited in this column.

As we have reported on this blog before, identity thieves can accomplish a lot with a legitimate cell phone number. Add to that images and names, the possibilities increase. Bring in password and login credentials and the danger becomes less speculative, more real. So here is a checklist to follow on how to clean out your mobile phone’s data:

• When activating  your new phone, backup your data from your previous phone and then attempt to transfer your old data on to your new phone.
• Once the previous phone’s data is backed up and/or transferred, find the “Settings” feature of your phone (usually this is where you customize your phone with ringtones, personal messages, wallpapers, and the like) and look for an option labeled “Restore to Factory Settings,” “Reset,” or simply “Erase.” (It may be different from model to model. Consult your phone’s user guide, the phone manufacturer’s website, or your cellular provider’s site for details.)
• Confirm you have erased your data. Power up your phone and go through it. If you cannot find your applications, your login credentials, or any PII present, you have successfully removed your data.
• If applicable, remove the phone’s SIM card. If you are no longer using that SIM card, destroy it. Do not simply throw it away but destroy it, preferably by shredding or cutting it to pieces.

Any investment in technology means eventually there will be a need and desire to upgrade to something better, something more powerful. To be green we should recycle, but a cell phone or previous smartphone model is not an empty milk jug or soda can. Sensitive data on the recycled phone is merely a USB connection away so make certain to remove PII before tossing that phone away.  Security should always be your first consideration.

Administrators’ Note: Just last month, we ran this article concerning tax preparation and the scams found cropping up around this time. With deadlines fast approaching, we present a re-post of our March 8 posting, complete with tips that will keep you safe before and after the 2010 tax season.

Tax season involves the exchange of a lot of documents and communications which contain sensitive personal information including addresses, Social Security numbers (SSN), employer information, and bank account numbers, all of which can be used to compromise or steal the identities of their owners. Identity thieves will use various scams and schemes this year to either forcibly gain access to this information or con taxpayers into willingly and unknowingly handing it over. And with new IRS regulations, within two years, all paid tax preparers will be required to submit all returns electronically. Adding to this digital deluge of incoming data, the IRS has reported that the majority of income tax refunds will be sent to taxpayers electronically, making your computer and electronic networks everywhere a prime target for identity thieves.

In years past, fraudsters have used a number of methods to steal or obtain personal information. Fraudsters commonly masquerade as the IRS, calling and convincing unsuspecting tax payers to turn over their Social Security or bank account numbers in order to correct a factual error on their return or expedite the deposit of their refunds.  Fraudsters have also distributed emails claiming to be from the IRS with attachments or links that contain Trojans or other malware that can easily empty the victim’s bank account. Consumers need to be cautious not just of scammers working under the mask of the IRS, but also of emails or phone calls from property tax appraisers or local county tax assessors, which could just be another rouse employed by identity thieves.

In order to help you avoid even the best laid identity theft traps, we have compiled a list of tax season safety tips to guide consumers this year.

Top 13 Tips for a Safe & Secure 2010 Tax Season:

1. Be suspicious of any calls or emails purporting to be from the IRS, no matter what the issue. For example, some scams claim that someone else has already filed tax returns in your name or with your SSN.  The IRS will always write to you first, will rarely call, and will never email you.
2. Never confirm your SSN or bank account details by email or over the phone.
3. If your bank or employer has been taken over lately, be wary of any calls asking you to confirm your tax information or employment status.
4. Guard your mail because it’s especially attractive at tax time.  Ideally, have your mail delivered to a P.O. Box and mail tax returns and sensitive information directly from the post office.
5. If you plan to use an online tax preparation service, make sure you stick with a reputable one that has adequate security measures in place.  And be careful when typing in the URL or web address of an online service in case you misspell the name and end up on a fraudulent site that looks like the real one. Invest in software that can help you stay safe by alerting you to questionable sites when you type in URLs.
6. If you plan to use online tax preparation software and intend to keep a copy of your return on your computer, you should immediately rename your return with a different file extension.  It is also highly recommended you use a USB external drive to save your information instead of storing it directly on your computer.
7. Make sure your computer is free of malware like computer viruses and spyware that can steal a copy of your SSN or bank account password.
8. Choose your tax preparer carefully and don’t be afraid to ask them important security questions, such as how your information is protected at their offices during and after preparation, how long they will keep a copy of your tax return, and whether they conduct background checks on their employees.
9. If you owe money to the IRS, try to pay online through their system.  If you have to pay by check, spell out the name “Internal Revenue Service” because it’s harder to forge than the letters IRS.
10. Don’t email tax information or returns to your accountant.  Email is not a secure way to send any document.
11. If you make copies of your return on a photocopying machine, be aware that many machines keep a copy of your pages in short term memory!  Using photocopiers in public locations is not recommended.
12. Don’t forget to shred any unnecessary documents or copies when tax season is over.  Dumpster divers will be on the prowl to get your banking account details and SSNs.
13. Finally, check your credit report immediately after tax time and again a few months later to make sure your personal information wasn’t stolen and is not being used against you.

For more information concerning tax safety please see our other IDGuardian blog posts:

• Phising: A Demise That Has Been Greatly Exaggerated (Jerry Thompson)
• A Re-Routed Refund (Anne Madrid)
• Tax Season 2011: Making Identity Theft Far from “EZ” (Neal O’Farrell)

Remember to use extra caution and care when filing their taxes this year.

March ushers in warmer temperatures, a deep-seeded passion for college hoops, and a change from the bleakness of Winter to something brighter and livelier. March also means students begin planning for their Spring Break destinations. Some may head down south to Key West or even further into the tropics. Some may set their week-long respite for destinations abroad. With online venues like Expedia, Priceline, and Orbitz, incredible deals on airline tickets and hotel rates are only a click away, offering stress-out students exciting opportunities for fun in the sun.

In the excitement of planning a trip with your closest friends on campus, it is easy to forget how the Internet and vacation sites are also hotbeds of opportunity for scammers, identity thieves, and organized crime gangs. Perhaps you are more concerned about how you look as opposed to how vulnerable you are, which stands to reason. A lot of things are happening — and happening fast — before you and your friends even hit the road or reach the departure gate for your Spring Break getaway.

The good news is that planning for your safety while traveling does not have to be the “buzz kill” of your Spring Break. Making sure you and your friends are safe only takes a few minutes to implement.

Before your departure date:

• Avoid travel deals that are too good to be true. While the earlier cited travel sites offer incredible deals, you might find better ones on Craigslist, Backpage, or Epage. Just because a deal is online, has an up-to-date timestamp, and might even link back to some really tantalizing images doesn’t mean the deal is legitimate. Stick with reliable sources, or check to see if the vendors offering these price-busting packages are endorsed by organizations like the American Society of Travel Agents, U.S. Tour Operators Association, or the Better Business Bureau.
• Discuss in detail your travel plans. How deep you go into the explanation of the trip will depend on the agreed itinerary and how flexible you want to be with it. Print up your travel plans (hotel, planned stops, etc.) and leave a copy with your parents or trusted contact, complete with hotel and mobile phone numbers. When traveling overseas, temporarily upgrade mobile plans to include international calls, but be clear this is for emergencies only.
• Apply for your passport early. Regardless of a student’s age, applying for a passport should happen no less than three months before your departure date. Routine processing time for a passport takes 4-6 weeks, while expedited service takes just under three weeks. There are express services online that may promise you a passport within a week, or even faster; but these services are expensive and require you to provide personally identifiable information (PII) in a rush capacity. If you do need expedited passport services, make sure you use a service suggested by the U.S. Department of State and not some random website offering “the best deal.”
• Make two photocopies or digital scans of sensitive PII. Sensitive PII is defined here as your driver’s license, your passport, and the primary credit card you’re using while away. Leave one copy at home in a safe place. Pack the other photocopy in a different bag from where you keep your PII. If your wallet or identification is stolen, immediately contact the local authorities or (when abroad) visit your home country’s embassy with photocopy in hand. If your photocopy is damaged or lost, contact a trusted friend or family member. Let them know where to find your photocopied PII and have them either fax or email it to you.

During Your Trip:

• Use a credit card instead of a debit card. While it does feel like you’re spending money you don’t really have and interest rates tend to run high on credit cards, protection plans against credit card fraud tend to be better than bank-issued debit cards. As mentioned on CreditLoan’s The Credit Blog, credit card customers can contact their card issuer if the card is lost or stolen, and be fully reimbursed for fraudulent purchases.  Fraudulent debit card purchases, on the other hand, are subject to protection limits issued by the individual bank. This protection is eliminated if the fraud is not reported within a specified period of time.
• Protect your identification and technology possessing PII. Now that you have reached your destination, regardless if you are staying with friends or in a hotel, keep your identification and charge card on your person at all times. As reported by Neal O’Farrell, hotels tend to be a central point for criminal activity. While alarming news reports surface of hotel-related crimes, this does not necessarily mean that your hotel is a den of organized crime. However, this does not mean that you should leave sensitive PII out in the open. Check to see if your room has a safe. Secure your iPad, laptop, and other electronic devices before heading out to enjoy your destination and avoid bringing these valuables to the beach where they can easily be stolen.
• Secure your digital media devices. If there is no hotel room safe, or if your room safe does not have room for an iPad, tablet, or laptop, activate security measures on your mobile devices. Featured on ID Guardian are several security measures that can lock out others from your portable devices, and even remotely lock down or erase the data if your portable media is lost or stolen.
• When traveling overseas, find out the contact information of your country’s Embassy or Consulate in your destination country. If you find yourself in trouble at any time, your country’s Embassy should be the first number you call. Find out where the embassy is in relation to where you are staying. Also have on a small card, preferable attached to the earlier mentioned pre-paid phone card, the phone number of the Embassy, Duty Officer, or Consular Section.

More safety tips and travel information can be found online at the State Department’s website, Travel.State.Gov.

By investing in a few precautions, you only ensure you and your friends a stress-free respite from academic pursuits. Now pack your bags, bring extra batteries and media cards for your camera, and have fun!

Today, Javelin Strategy & Research released their eighth annual Identity Fraud Survey Report. Sponsored in part by Intersections, Inc., Javelin’s Identity Fraud Survey Report is the most comprehensive research study of identity theft cases in the United States. It assesses the effectiveness of methods used for fraud prevention, detection and resolution and provides the basis for fact‐based benchmarking and recommendations. Javelin Strategy & Research has produced this video as an orientation to their findings, and a resource for quick tips in staying safe.

The Javelin Strategy & Research 2011 Identity Fraud Survey Report is co-sponsored by Fiserv, Intersections, Inc. and Wells Fargo. Their findings have shown that in 2010, identity theft and fraud claimed fewer victims than in any other period since Javelin began conducting surveys in 2003; however, out-of-pocket costs to consumers increased.

Click here to find out more from the 2011 Javelin Identity Fraud Survey’s Consumer Report.

Welcome to the New Year! Around this time resolutions are made (and forgotten) and people are working on mastering their “big gift” from the holidays. If your Wish List included items from the Top Ten Most Wanted of 2010 Christmas Gifts, chances are you found an iPad under your tree, or an iPhone, Droid, or the new Windows Mobile in your stocking.   These tech toys keep us in touch with friends, family, work, hobbies—24/7—and now we can slip the power of a small laptop easily into our pockets and shoulder bags.

Intuitive as this mobile technology may be, there is a great deal of liability in owning and, yes, handling such devices. Your most important data, ranging from online billpay to addresses and phone numbers of those closest to you personally and professionally, are stored on these devices. As easy as it is to enter in your PII into an iPad or a Droid, it is equally easy to lose track of your device, whether by accident or due to theft. The mantra “With great power comes great responsibility…” rings true. especially when it comes to protecting your PII.

The good news is developers are well aware of the human element when it comes to technology, and there are services out there that can help you keep track of your new tech toys and protect the data stored on them. Some of these options are free while others charge a yearly subscription fee, but all of them help you in safeguarding your mobile technology.

Apple users are offered with their mobile devices the Find My iPhone service. Once your device is “paired” with the app, Find My iPhone will allow you from your computer or from another mobile device to “ping” your iPhone or iPad. You can have your device display a message, play a sound (even if it is in a “silent” mode), or both. If you find, though, that your mobile device is not where you last left it, you have two additional options. Remote Lock will initiate a full lockdown of your device, as if it were passcode protected. For additional security you can choose the Remote Wipe option. Remote Wipe will erase all unique data on your iPhone or iPad, resetting it to the factory settings as if it is fresh out of the box.

As of November 22, 2010, Apple began offering this service for free. Unlike the other apps covered here, there is no blog support for Find My iPhone, but under the “Support” section of Apple.com are some Frequently Asked Questions, if you have any concerning the service.

Android users have a similar “lost device” locator, called iTag. The app works similar to Find My iPhone in that if your device is lost (or stolen), the website will allow you to locate your missing phone by having it play your ringtone (even overriding its “silent” setting). Unlike Find My iPhone, iTag incorporates a “social networking” approach to finding your Droid as you can enter into your iTag a Friend Locator and locate friends close by it. You can then privately or bulk message them from the iTag website. If, however, you suspect your phone to be stolen, you can lockdown or remotely wipe your Droid. iTag will also send you an alert if your phone’s SIM card is swapped out. Though its website, iTag will retrieve this new SIM number and contact the local authorities.

The basic iTag service is free. A $20/year subscription fee grants you access to all iTag options. The app developers also feature a security-minded blog geared towards mobile device users, regardless of the device you are using.

For new Windows Phone and loyal BlackBerry users, the trusted security vendor MacAfee have just acquired WaveSecure. Featuring many of the same services as Find My iPhone and iTag, WaveSecure gives you the ability to locate your phone, remote memory wiping, and tracking SIM cards swapped out for yours. WaveSecure also offers Uninstall Protection for your phone. In case your phone is stolen, WaveSecure will prevent anyone from uninstalling the app, ensuring you access to it even in the hands of its thief.

WaveSecure, available for the Android and other mobile devices as well, carries a price tag of $19.90/year subscription fee. A blog is offered on their website, but the posting is sporadic at best and specifically targets WaveSecure users.

Some other options to consider, completely app independent:

• Read up on your phone’s built-in security features. Find out what they can do.
• Take advantage of your mobile devices passcode functions. Whether it is a four-digit number or a trace pattern only you know, take that step in protecting your phone.
• Get into the habit of keeping your mobile devices within reach. At home, either leave them connected to the computer or within eyesight of the computer.

Regardless if it is a free service or a yearly subscription, your data is worth these extra steps. Keeping this offered advice and considering these apps covered here, another worthwhile investment is time taken to truly understand how your new tech works. The less room you have for human error, the safer your sensitive data will be.

You constantly hear around this holiday season things like “Has it really been a year?” or “Hard to believe we’re already at the end of the year…” but looking back on the postings, the podcasts, and the headlines we have shared with you, it is hard to believe that a year has passed, and what a year it has been! We have covered many topics concerning identity theft and credit safety; and now as 2010 comes to a close, we take a look back at the highlights of what we offered here at ID Guardian.

The Gallery’s Choice

ID Guardian is always looking for discussions on our Facebook page and here on this blog. When it comes to topics that warranted discussion, we had three blogposts that garnered the most attention out of the subjects we covered throughout 2010:

• Cyberbullying: The Online Crime of Insecurity, Ignorance, and Cowardice (November 1) This blogpost appeared after the death of Tyler Clementi, an 18-year old Rutgers University freshman who was literally bullied to death. This commentary traced back the growing trend of cyberbullying and offered tips on how to deal with the problem. Our first comment from “Jack” sparked a lively discussion that showed how sensitive a topic this is.
• Why Identity Protection for Kids Matters (March 31) Inspired by the “Mommy Blogger” movement, this commentary looked deeper into how lax parents are in Social Media concerning their children’s identity. Twitter and Facebook accounts that share kids’ names, birthdates, and likenesses are everywhere, indicating that parents may not be aware how widespread their status updates and tweets are. In the comments section, we heard from parents active in Social Media who shared with us their own thoughts on the subject.
• When the “Last Call” Could Be The First Mistake (March 22) This article came from Twitter of an intriguing concept being tested at theatres in Germany: Interactive films. In the thriller Last Call, the heroine, being chased by a mad killer, is armed only with a cell phone. She places a call, and someone in the theatre takes her call. A neat idea, but at what cost? The comments we received on this column ranged from an author of a similar interactive concept to one of the hosts of The Backseat Producers, a podcast that reviews the movies.

What the Numbers Tell Us

Using a terrific addition to WordPress, StatPress allows us to track what is grabbing the interest of our readers. In 2010, the week of November 15 was our busiest month for unique visitors to our site. The stories appearing that week were:

• A Real Life Grabber: New Trojan, New Concerns (November 15)
• IN THE HEADLINES: A Flash Mob of Identity Theft (November 16)
• IN THE HEADLINES: Cybercrime Continues to Tick Up (November 17)
• IN THE HEADLINES: Why You Are Your Best Defense (November 18)
• IN THE HEADLINES: Banks Bombarded by Cyber Attacks (November 19)

While cybercrime and online threats top our charts at ID Guardian for unique visitors, our busiest day was August 6, 2010. That week, our columns covered a wide array of topics:

• Following Young Indiana Jones: International Travel with Kids (August 2)
• IN THE HEADLINES: A New ATM Attack Surfaces in Las Vegas (August 3)
• IN THE HEADLINES: Rite Aid Fined in Dumping Your Data (August 4)
• IN THE HEADLINES: How Safe Is Your Home Network? (August 5)
• IN THE HEADLINES: Security Secrets the Bad Guys Don’t Want You to Know (August 6)

Honorable Mentions

Throughout the year, there were some stand-out columns and stories that made an impression. When we look back on what we have brought to you this year, it’s amazing how much ground we covered in identity theft awareness in such a short period of time. Considering the amount of content we have in our archives, there are definitely some articles worthy of a second look,.

• IN THE HEADLINES: Rolling Stone Takes You Inside the Biggest Cyber Heist in History (December 7) Neal O’ Farrell wrote a terrific summary of Rolling Stone’s exposé on Albert Gonzalez, one of the most notorious hackers of our time. The summary links to the actual column at Rolling Stone and provides an inside look at the lure of “easy money” made from online security vulnerabilities.
• Protecting Your Holiday Against Orcs, Aliens… and Identity Thieves (December 15, 2010) Done as a holiday follow-up to an earlier blogpost entitled “Game On, Shields Up,” columnist Matt Sarrel cautioned gamers about some of the threats currently lurking online, and his threats were not necessarily cave trolls or dungeon rats. No, these were tech-savvy thieves taking advantage of gamers “in the zone” and swiping identities under the disguise of gaming modifications (or mods). This is a favorite as Matt brings the message home with a sharp sense of humor.

In looking back, ID Guardian takes a lot of pride in the talented authors and the valuable information we have passed along to you. With our guest bloggers, our regular contributors, and the comments posted, we look forward to 2011 with a renewed passion. We not only thank you, our readers, for giving us your time and attention, but we also thank you for inspiring us. We hope you not only continue to rely on us as a resource, but contribute by offering your ideas for topics and issues you’d like to see addressed here.

After this post, our blog will run a week’s worth of “In the Headlines” segments and then take a break to enjoy the holiday. We will return with regular blog postings and podcasts starting January 3, 2011.

Thank you all for a wonderful year. Stay safe, and we will see you in 2011.

Identity theft continues to be one of the fastest growing crimes in the country and according to the Federal Trade Commission, 5 percent of all identity theft complaints in 2008 were victims under the age of one. Younger aged children are often targeted by identity thieves because the crime can go undetected for longer periods of time.

The U.S. National Center for Education Statistics estimates that an anticipated 56 million children will embark on their first day of school this fall. For most parents, the start of the school year brings excitement and apprehension.  It also means having to fill out or update a number of forms required by the school, some of which ask for your child’s date of birth, home address, phone number, and even your child’s Social Security number. This Summer, however, as reported by the Better Business Bureau and throughout the blogosphere, a shift from adults to children as targets has occurred, ultimately placing on parents the responsibility to question how their children’s personal identifiable information (PII) is being used, why it is necessary, and if it is being secured against identity thieves.

ID Guardian has compiled the following list of tips to help parents protect their school-aged children from becoming victims of identity theft:

1. Remind your children not to share any personal information like their home address, phone number, or Social Security numbers with anyone. Typically the first day of school is filled with lots of questions from school staff and children need to know to ask their parents first before sharing any of that information.
2. If you are a new parent with a child entering kindergarten, most schools will require a copy of that child’s birth certificate. Do not leave a copy behind. If they are collecting information for later review, ask them where this information will be stored and who will have access to it.
3. Most schools still ask for the child’s Social Security number; however, it is more of a “like to have” rather than a “must have.” This information is not always handled properly and puts your child further at risk for having their identity compromised should the information be accidentally leaked or stolen from insiders. Ask to speak to the principal if you are uncomfortable with providing the information.
4. Children are always excited to show off their brand new backpacks and supplies on the first day of school.  And most backpacks nowadays include identification tags that hang on the outside that include the owner’s name and home address. Instead of making your child’s personal information easily accessible, writing their name in permanent ink somewhere on the inside of the bag is a better idea.
5. With more and more schools providing students access to computers for everyday use, it is important to teach your children how to be safe online while at school and to familiarize yourself with the school’s Acceptable Use Policy for Internet Use.
6. Stay involved with your child’s online activities. Based on a study by Grunwald Associates, an estimated 27 percent of 9-17 year olds maintained weekly blogs, web pages or other online spaces in 2008. One in five U.S. children say they do things online their parents would not approve of, according to a recent Norton Online Living Report.  Make sure you monitor what your children are doing online. Review and explain the privacy policies with your child so they understand how their information can be exposed if proper security preferences are not put in place.
7. Consider using parental control software or services to help monitor what your children are doing online.  Some parental control software can cost around $40 while many websites like AOL, MSN and Yahoo, offer some form of free parental controls included with their services.
8. Keep an eye out for any mail, particularly credit applications addressed to your child, or telemarketing calls asking for your child by name—this could indicate that someone has used your child’s personal information to commit identity theft.

Facebook has been discussing the notion of a dislike button. The reason for such a tool is to show a shared disdain in your community for something you happen to be posting on your page.

Today, as reported by Mashable’s Stan Schroeder, there is a new Facebook phishing scam, this one working under the deception that this dislike button has entered a Public Beta phase.

From Mashable.com:

…there is no such thing as an official Facebook dislike button. It’s possible that Facebook will implement a similar feature in the future, but right now it simply doesn’t exist.

So, if you see a status update containing the message “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button now” followed by a link, you should know that it’s another one of many scams that aim to extract your personal data.

Be safe. Be warned. This new Facebook feature does not exist. This is a phishing scam. Take extreme caution and let your various networks and communities know of this threat.

International vacations, in the early days of commercial flight, were once reserved for an exclusive few. As depicted in Young Indiana Jones, children rarely got the chance to span the globe; but when they did, exciting situations would unfold. Today, with air fares becoming more affordable and the Internet connecting cultures more readily, young people are being offered exciting opportunities that eluded our parents and grandparents.

In the midst of this excitement, it is easy to forget how your child might be feeling about these grand new experiences. It could be they have never checked a bag through customs or perhaps this will be their first time on a plane. And there might be the truth that the only bag they have ever packed is their own backpack for a day at school.

A lot of things will be happening — and happening fast — before you and your child even reach the departure gate.

The good news is that planning international travel for your child — no matter their age — does not have to become an overwhelming ordeal.  With just a few tips, your trip can be easy and stress-free. Along with your own pre-flight, packing, and “house lockdown” checklists, your kids should also have travel protocols in place. In this three part series, ID Guardian will be providing you with some sound travel tips specifically for your kids.

We start our checklists for kids long before we head for the airport…

Before your departure date:

• Start explaining the travel plans to your kids. How deep you go into the explanation of the trip will  depend on how old your kids are and how many overnight vacations you have previously taken. For younger children, be prepared to explain travel details such as distance, time zone changes, and the like. Having a map of the world and tracing your travel path not only gives them an idea of where you are headed, it’s also a lot of fun.
• Apply for your passport early. You should apply for your child’s passport no less than three months before your departure date. Routine processing time for a passport takes 4-6 weeks, while expedited service takes just under three weeks. There are express services online that may promise you a passport within a week, or even faster; but these services are expensive and require you to provide personally identifiable information (PII) in a rush capacity. If you do need expedited passport services, make sure you use a service suggested by the U.S. Department of State and not some random website offering “the best deal.”
• Take your kids to the airport for a pre-trip visit. If you have the opportunity to see a friend or family member off on a trip, take your kids with you.  It can help give them a perspective of what they will experience when it comes time for their travels. Explain to them what each step of the process means from standing in line at the ticket counter to going through the security checkpoint. Point out other kids traveling with their bags, and explain why people are (patiently) waiting in line. Remember — these are new experiences for them. They will still be excited come travel day; but the fewer questions en route to the gate, the fewer hesitations and delays you’ll have in getting through check-in’s and to your departure gate.
• Make two photocopies or digital scans of your passport identification page. Leave one copy at home in a safe place. Pack the other photocopy in a different bag from where you keep your passports. If you do lose your passports, immediately visit your home country’s embassy with photocopy in hand. If your photocopy is damaged or lost, contact a trusted friend or family member. Let them know where to find your photocopied passport information and have them either fax or email it to you.
• For traveling teens, give them options on how to contact you in case of an emergency. Many mobile phone plans have features that can be switched on and off, with international calling one of them. If your mobile phone does have international calling options, temporarily upgrade their plans to include international calls, but be clear that this is for emergencies only. An alternative to this is giving them a pre-paid calling card, provided the card works for international calls and operates in their destination country. Contact your wireless provider for additional options and recommendations.
• When preparing the house for your absence, take a moment to secure any PII. As mentioned in our previous posting on travel tips, don’t leave any personal information lying out in the open or in easy-to-find places such as nightstands and utility drawers in the kitchen. Secure your sensitive data before leaving. Fireproof safes can be purchased for as low as $40, and in them you should keep items like your Social Security cards, birth records, account numbers and passwords, and any other sensitive data.

You can also find other travel tips and even watch a few videos with your kids on what happens at the airport at TSA’s website.

Now you are all set for travel. The house is locked up, the family’s personal information is secure, and your children now know what to expect and are prepared to head to the airport. Next week, we run down a checklist for the day of departure. We’re one step closer to our destination, but a lot can happen between leaving your home and arriving at your gate. Make sure your kids are ready to fly.

ID Guardian presents a special video posting today: an in-depth look at the Identity Theft Assistance Center through the experiences of an identity theft victim.

Through Intersections’ exclusive partnership with ITAC, the Identity Theft Assistance Center, we have been able to help hundreds of companies manage breaches affecting millions of people and assist thousands more to recover from identity theft. ITAC unites consumers, law enforcement, financial services companies and creditors in fighting identity theft; a service no other breach response provider can offer.

With ITAC’s top-rated customer support, we are here to provide you with the necessary tools and the peace of mind to guide you along the way to identity theft recovery, no matter how big or small. This video (featuring ID Guardian contributors Michael Stanfield and Anne Wallace) is just one of many examples of how Intersections and ITAC are working for you.

We know by now that identity thieves are reaching far beyond credit card shopping sprees. A major risk for homeowners nowadays is mortgage fraud, which has been a huge contributor to this nation’s housing crisis. The Federal Bureau of Investigation (FBI) reported that 67,190 mortgage fraud suspicious activity reports (SARs) were filed in 2009 with more than $1.5 billion in losses.

The FBI also estimates annual losses between $4 – 6 billion, and statistics show that many victims of mortgage fraud do not discover misrepresentation or other fraudulent activity until almost two years after it has occurred.

Mortgage fraud schemes, like “liar” loans and application misrepresentations, are tough to spot and even harder to stop… but not impossible.

Mortgage fraud is preventable and there are key steps consumers can take now to stay safe from the threats. So as home buying season kicks off this month, educate yourself. Below is a list of top 10 consumer tips for detecting and avoiding a mortgage fraud scheme.

Top 10 Consumer Tips for Combating Mortgage Fraud:

1. Periodically check all of your home information with the recorder of deeds in your county.  If you discover any paperwork you don’t recognize, immediately contact your mortgage company and county authorities.
2. If you receive any statements or similar information from a mortgage company that is not yours, read the documents carefully and contact the company immediately to alert them to a discrepancy.
3. Beware of any offer that promises to “rescue” you from foreclosure, including loan modification programs that purport to be affiliated or approved by the government.  Do not make payments to any entity other than your mortgage lender or cease communications with your lender.
4. If you are at risk of foreclosure, your mortgage lender should be your starting point.  If you are considering third parties, make sure you transact only with qualified and approved credit counselors.
5. Get referrals for realtors and mortgage banking professionals. Check the licenses of the industry professionals and their company with state and local regulatory agencies.
6. Don’t assume that your lender has captured all of your personal information accurately. Check your application against the final loan documents to ensure that the information is correct and complete.
7. Understand what you are signing and agreeing to and do not sign any blank documents or similarly, forms that contain blank spaces. If you do not understand an agreement, re-read the documents or seek assistance from an attorney or trusted third party.
8. Check your credit report and public records information before refinancing your mortgage or purchasing a home and check again a few months later to make sure that if your personal information was stolen, it is not being used against you.
9. Report any suspicious activity to relevant federal agencies like the Federal Trade Commission as well as your local and state consumer protection agencies.
10. Finally, just as with any other offer, if a mortgage opportunity sounds too good to be true, it probably is!

According to the 2010 Javelin Strategy & Research Identity Fraud Survey Report, names and home addresses continue to top the list of critical personal data stolen by identity thieves. April through July has historically been the busiest time of year for home buying and selling. During these months, neighborhoods across the country are filled with moving trucks as homeowners, renters and their families move on from the old to the new. A lot goes into packing and moving a home and often times certain things can get overlooked – like the safety and security of a mover’s personally identifying information (PII).

Something as simple as a misdirected bank statement could end up in the wrong hands resulting in a compromised identity. Most homeowners don’t think twice about installing a security alarm in their new home after a move and often times activating the system can be done in a few simple steps. Along the same lines, if homeowners would take the same steps required to help protect their identities, they would be providing themselves and their families with invaluable protection.

Here are a few simple steps a homeowner can take to protect their identity from fraudsters before, during, and after a hectic move:

1. Before your move, make a list of all personal mail you receive on a regular basis. Notify banks, financial institutions and creditors of the move and redirect all paper statements and sensitive financial mailings to your new address, or, consider switching to online statements. The 2010 Identity Fraud Survey Report from Javelin Strategy & Research found that consumers who utilized electronic statement monitoring took less time to detect incidents of fraud and paid lower mean consumer costs ($116 vs. $274) than those monitoring paper statements. Make a checklist for:
   • Retirement accounts/Banking Institutions/Credit Card Companies
   • Utility companies (electric, gas, water, cable, etc.)
   • Insurance companies (medical, property, renters, fire and auto)
   • Local government agencies, federal agencies & the IRS
   • Healthcare providers
   • Schools
   • Suscriptions (magazines, newspapers, etc.)
   • Memberships
2. Submit a Change of Address request through the post office. Once the request has been filed, be on the look-out for a confirmation from the Postal Service and use this to verify your new information has been correctly updated. Mail should start to arrive at your new address within 7 to 10 business days after filing.
3. Shred all important documents and paperwork that will not be coming with you. Thieves will often go through garbage in search of things like pre-paid credit card offers that they can alter and use to create new accounts in your name. A decent shredder can cost as little as $50 and can be a very worthwhile investment. Make sure you are properly disposing of your shredded materials yourself – do not leave the task for anyone else to complete on your behalf.
4. Monitor bank and credit card statements for suspicious activity. Consider enrolling in an identity protection service that not only helps you monitor activity related to your credit, but also helps protect your computer, public records, and even mobile devices – all things that could have been impacted by the move.
5. Mover fraud is becoming more commonplace in the U.S. To avoid becoming a victim, do your due diligence and thoroughly research moving companies in your area. Ask for recommendations from trustworthy friends, family members, and real estate agents. And check with the Better Business Bureau to ensure the mover has a solid reputation. You should also make sure the mover is registered with the Federal Moto Carrier Safety Administration (FMCSA) and has a U.S. Department of Transportation (USDDOT) number before signing any agreements or obtaining an estimate.
6. Transfer all important physical documents that will be making the move, such as wills, stock certificates, bonds, etc., to a safe and secure place such as a locked box or an online secure vault. Keep the physical documents with you during the move and do not leave any secure receptacles for movers or others to transport.
7. Lock down your computer. Devote time and resources before your move to make sure all computers in your home are hack-proof and packed and out of sight before movers arrive. Take all computers, hard drives, and other external storage devices with you during the move.
8. Make sure you are present for the entire duration of the move. Your presence could deter potential theft from occurring and you can rest assured that your personal belongings are being taken care of properly.
9. After the move, verify that you are receiving all mail from the list of senders you identified and contacted beforehand. If something is missing or does not start arriving at your new address, contact the company immediately to confirm the address change and make sure that nothing is going to the old address.
10. Take time after the move to create a secure zone for the storage of secure data and to serve as a place where sensitive transactions like book keeping takes place. Update your computer security technology and consider tightening the physical security measures on the premise.

Everyone needs to pay very close attention to Facebook’s recent announcement that Facebook applications and external third-party websites will be allowed to use and store users’ information unless you revoke permission.  Since the default setting is now  to allow Facebook to share your name, profile picture, gender, and connections,; external sites like Yelp and Pandora can use your information to customize their functionality to your personality unless you change your privacy settings or click “No thanks” each time you visit one of the selected external sites.

The popular social networking site’s latest move to loosen privacy settings is not all that surprising given it comes on the heels of a series of moves toward less user control over personal information by Facebook and other social sites.  Just last week, Facebook also quietly rolled out a change in user profiles that allows “current city, hometown, education and work, and likes and interests” to be shared publicly outside of your network of friends.  Since there is no option to restrict who views much of your personal information, your only option as of now is to delete those fields.

While the privacy changes are being made incrementally, they represent a fundamental change in the way we interact on Facebook and could spill over to other websites—perhaps even without your actual knowledge.  Since today’s companies are increasingly blurring the line between where private information and public information is, consumers need to be even more careful in how we interact on Facebook and become even more vigilant in protecting our personal information from falling into the wrong hands.

We’ve talked a lot about practical ways to keep your personal information safe here on IDGuardian.com, including this recent post on college graduates and their social media profile.  For a really helpful how-to guide to auditing your Facebook privacy settings, also check out this recent article on FastCompany.com.

People blog. That may sound like an obvious statement, but it is worth repeating. From TheFutureBuzz blog, the statistics from the beginning of 2009 were as follows:

• 133,000,000 blogs were indexed by Technorati (a search engine specific to searching blogs) since 2002
• 346,000,000 people globally read blogs (from comScore March 2008)
• An average of 900,000 blog posts went live in a 24-hour period
• 77% of active Internet users read blogs
• 81 languages are represented in the blogosphere.
• 59% of bloggers have been blogging for at least 2 years

One statistic that is absent but TheStatesman.com found worth noting is that, according to research firm Nielsen Online, “women ages 25 to 54 with at least one child now account for 19.2% of the active online population.” These women are part of the influential community within the community referred to as “Mommy Bloggers”.

TheStatesman.com also reports that “…it’s tough to determine how many mom bloggers are actually out there. In 2005, Technorati estimated there were about 8,500 blogs where parents were writing about their kids. Now [in 2009], the number is certainly larger, but hard to ascertain because so-called mommy blogs (and daddy blogs, too) are classified as something else (craft blogs, coupon blogs, product review blogs).” While their numbers may be hard to pin down, their influence is clear. (Just ask Motrin following a failed 2008 “viral ad” campaign.) Currently in 2010, it can be expected that more moms and dads will enter the blogosphere or some other Social Media outlet (Facebook, podcasting, Twitter, etc.) to join a community of parents working together to raise their children.

What is alarming, though, are the instances when parents reveal too much information about their child and their lifestyles. A recent article in The Washington Post reported that 8% of Twitter users were teens, while comScore reported that the average user on Twitter is between the ages of 45-54. This insinuates that while the younger generation isn’t actively tweeting, updating their Facebook statuses, or blogging about their week, their parents may very well be, and in the process revealing the name of their school, their current whereabouts (soccer game, basketball game, etc.), or even more alarming, their names and names of friends. What may appear as innocuous details on the surface is a treasure trove of information that, at the very least, identity thieves can get a hold of and exploit. Perhaps we wouldn’t want to consider the worst case scenarios, but these scenarios are undeniable and slightly frightening truths that should not be dismissed.

By no means, though, are we endorsing or suggesting that mommy or daddy bloggers stop posting, that parental podcasters shut down their productions and delete their various accounts across social networks, or that children be quarantined from technology. What we do suggest are a few things to make your online communities and communications safer and stronger:

• Avoid using you child’s name online. When you are in a discussion online or putting together a commentary on a current issue, try to refer to your child by a code name. (Superhero names are particularly fun.) Do not punish yourself or others for the occasional slip, but do ask that close friends adhere to these code names when online.
• Disable GPS Location services when attending school or family events. It’s been a hot topic across the Internet. From the New York Times to CBS to this very blog, the debate over how much information is too much information continues. When sharing your status with social networks, keep places and events broad and generic. You can still share a picture of your son or daughter attending the event, but avoid posting coordinates or checking in with location-based vendors. Instead, post a photo and say “At my daughter’s concert. I’m so very proud of her.” That will convey the same message and carry the same sentiment without sharing your exact whereabouts.
• Keep your child’s computer in a high traffic location of the house. We have to take precautions with tools like computers, and accept that while kids know how they work, they may not grasp how vulnerable they can make themselves when going online. By placing a computer or laptop in an open area of your house, you can monitor your child’s online whereabouts. This includes:
  • Chat rooms
  • Forums
  • Online shopping

While some (including “tweens” and teens 13-15 years old) may look at this as “spying” keep these statistics in mind:

• One in five U.S. teenagers who regularly log on to the Internet say they have received an unwanted sexual solicitation via the Web. Solicitations were defined as requests to engage in sexual activities or sexual talk, or to give personal sexual information. (Crimes Against Children Research Center)
• 75% of children are willing to share personal information online about themselves and their family in exchange for goods and services. (eMarketer)
• 77% of the targets for online predators were age 14 or older.  Another 22% were users ages 10 to 13. (Crimes Against Children Research Center)

And to keep in mind at all times…

• Only 1/3 of households with Internet access are actively protecting their children with filtering or blocking software. (Center for Missing and Exploited Children)

You aren’t spying. You’re being a responsible parent.

• Understand How the “Wonder Widget” Works. Part of being a responsible parent also means getting a grasp at what “cool tech” is out there and how it works. This is probably the most difficult aspect of parenting as kids’ interests change almost as quickly as technology itself. (And usually, something is considered “uncool” when Mom and Dad figure it out.) However, it is a good idea if you know your child is getting into MySpace, asking for a smartphone for their birthday, or joining an MMO game (and if you don’t know what MMO stands for, this is part of understanding the trends in tech), you should have a basic idea of what the widget is, how it works, and more importantly  how vulnerable it could make your child.  No, you don’t have to be a Social Media expert, or a Level 41 Wizard in World of Warcraft; but a grasp of the basics can take you far.

It is very easy to regard identity protection as something exclusive for grown-up’s, but our children’s identity is equally as important.  By not considering where key points of  personal identifiable information (PII) are revealed and shared within  online communities and in everyday exchanges in the real world, we could be inadvertently placing our kids within harm’s way. From fraudulent credit card accounts to character-damaging actions online to the worst case scenario — personal danger — all are possible if parents do not stop and think before they blog, tweet, or post a Facebook update status.   Predators and identity thieves do not discriminate by age.  We are all susceptible and as adults, and parents, it is our responsibility to protect our children.

Hollywood, as we all know, loves to tap the vein of “trendy” for everything it’s worth. This is nothing new if you look back on the history of cinema. Silent films gave way to Talkies. Black and white eventually yielded to color. Cinemascope gave moviegoers a wider perspective on things. Horror movies like The Tingler and House of Wax broke the third wall and brought the audience into the action (although Vincent Price is enough to for me). Now with IMAX 3D being the hot gimmick, Hollywood continues to search for that “unforgettable experience” to get people into theatres.

While on Twitter, a colleague of mine — Ben Wassink — shared a Gizmodo article about a new idea knocking on Hollywood’s door. In the same way films like The Blair Witch Project, Cloverfield and Quarantine attempt to immerse the audience into a really scary situation, a company called 13^th Street produced the feature film Last Call. In Last Call, the protagonist is locked in a house straight out of Saw with a maniacal killer hunting her down and horrific images lurking around every corner. What is a Scream Queen to do? Simple: She whips out her mobile phone and calls for help…from someone in the audience.

According to Gizmodo’s Kyle VanHemert, this is how Last Call works:

“Audience members supply their cell numbers at the beginning of the screening and, at one point in the movie, one phone is selected to receive a call from the character on screen. Voice recognition software listens for the moviegoer’s commands and the story unfolds based on their instructions. From the looks of things it seems like it’s a ‘left’ or ‘right,’ ‘stay’ or ‘flee’ type of thing, so your exhortations for the main character to take off her clothes will likely go unfulfilled.”

The concept of Last Call sounds intriguing, but there is a burning question no one seems to be asking: What happens to all those unused mobile phone numbers? As seen in the trailer, you submit your number to a phone number provided by the movie studio. A Google Search for Last Call’s Terms of Service (TOS) for the film reveals…that their TOS is currently not online. This leaves us, the moviegoers, to guess exactly where our numbers will be stored, and what we will be left vulnerable to after the movie credits roll. (You might find a prophetic answer to this at timestamp 2:28 in the Last Call video clip.) It would be easy to presume that unused numbers would be removed from the database where they are stored, but how and when are they removed? Who is collecting these numbers? 13^th Street or an independent contractor? How secure are these databases? As discussed in a previous blogpost, the concept of volunteering information is all the rage, and people are willingly doing this to be “part of” something. The problem is there seem to be little to no consideration what this “total immersion” will cost.

According to the 2010 Javelin Study on Identity Theft, the newest avenue for identity thieves is the mobile phone. 15% of cases involving “existing accounts used to run up charges or commit fraud to victims” were traced back to acquired mobile phone numbers (page 35). Victims of credit card fraud reported “higher incidences of information accessed from a mobile phone without their permission” (page 29). Finally there is a new spin on phishing: smishing, a version of phishing utilizing text messages that directs victims to websites that downloads malicious spyware onto the victim’s mobile phone or computer (Appendix, page 87).

All this is happening from someone getting hold of your mobile phone number.

Before surrendering 10 of the most important numbers in your daily life, consider the following:

• When vendors ask for your phone number, ask why it is needed. Whether it is a supermarket, an electronics store, or other vendor, it doesn’t hurt to ask that simple question. Is this for future surveys, for an alternative identifying number, or for marketing purposes? If you can’t get an answer here, opt out for surrendering it.
• If surrendering your mobile phone number is optional in a transaction, keep it to yourself. Once upon a time, phone numbers were necessary to complete sales but this is no more. If you can still close the transaction without giving your number, don’t. Mobile phone numbers have become akin to Social Security Numbers, home addresses, and credit card numbers. While mobile numbers may be regarded as the “least sensitive” of PII (Personally Identifiable Information), they can still be exploited. Share your number with friends, family, and associates, by all means. When it comes to vendors both online and in the brick-and-mortar world, and social networking sites like Facebook, protect your mobile phone number at all costs.
• If you decide to “play along” with your mobile phone, read the Terms of Use first. Yes, Terms of Use may not be a riveting read ala Nora Roberts or James Patterson, but the Terms of Use will let you know exactly what is being done with your phone number. Whether it is Last Call, 24, American Idol, or Personal Effects: Dark Art, it is important to know what is being done with your number once it is submitted to a database of any kind. Will you be contacted as part of a customer survey? Will your number be sold to other vendors? Will there be any liability to this vendor if your number is suddenly involved in fraudulent activity? These are answers you need before casting your vote or stepping across the Looking Glass to play in Wonderland.

(Editor’s Note: ID Guardian was notified by author J.C. Hutchins that phone numbers calling in as part of his interactive thriller Personal Effects: Dark Art are not logged or stored anywhere. We appreciate the feedback on this matter. While we do cite his work as an example of audience interaction, in no way are we insinuating that Mr. Hutchins, the publisher, or the examples cited in this article are doing so. We are merely posing questions that consumers should consider.)

Mobile phone numbers are essential in staying in touch with companions and colleagues both locally, nationally, and internationally, and as we have evolved into an “on-the-go-communication” culture, these numbers are easy to take for granted. Mobile phone numbers can be used as keys to other accounts essential in everyday life, and these accounts can lead back to more sensitive personal data. So when asked for your input in a reality TV show or if you’re invited to “play along at home” through your mobile phone, stop and find out as much as you can about who is getting your number and what will be done with it once this special event draws to a close. It’s great fun to take part in the action, sure, but the good times stop abruptly when a stranger suddenly calls.

If you are like us here at IDGuardian, you may be working on building yourself a Social Media presence. It could be for community outreach, a ways and means of increasing your business, or simply for fun. With any new technology, though, comes understanding; and sadly Social Media is becoming the proverbial “blinking 12:00 a.m.” of the Internet. People are jumping into networks blindly without a thought (or a care) as to exactly what they are doing. It is as if the buzz words “total transparency” have somehow completely robbed users of common sense, sending unhindered community participants headlong into what they believe is a Utopia of goodwill.

That was before a website shined a halogen lamp on things in an attempt to make people stop and think.

If you have noticed messages appearing on Twitter that read “I’m at Gary’s Burger Bar in Fairfax, VA…” or or “I just became the mayor of Mini-Market…”, you are connected with someone playing foursquare, a third-party site that serves as a Swiss Army Knife of sharing. Similar to BrightKite, foursquare shares on Twitter your current GPS coordinates when you “check in” and then recommends places to go and things to do in your immediate area. As the rest of your network also checks in, your account loads up with easy-to-find meet up places and new things to do wherever you may happen to be. Sounds like fun, doesn’t it?

Did I mention that foursquare is a game, too? With each place you check in from and the more you share, you unlock badges that get you anything from “tweet cred” to free merchandise from participating foursquare vendors. So now, in the spirit of healthy competition, Twitter users are in competition for what badges they can unlock and where they can rule as Mayor. All it costs users is your exact whereabouts.

While tweeting your location may seem utterly harmless (as it happens all the time on the network), there is a hazard involved, particularly as foursquare takes this concept to a new high by providing GPS-coordinates to where you are not at that moment: home.

This revelation attracted the attention of FortheHack, a collection of security professionals who, in turn, developed Please Rob Me, a website that lists players from foursquare’s feed as they check in. From their website, FortheHack developers warn that:

“The danger (in services like foursquare) is publicly telling people where you are. It gets even worse if you have ‘friends’ who want to colonize your house. “Colonizing” means they have to enter your address, to tell everyone where they are. Your address on the internet. The goal of Please Rob Me is to raise awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc.”

Since the site’s launch on Feb 17, 2010, there has been a heated debate over the ethics of FortheHack. Identity Theft expert Robert Siciliano appeared just last week on CBS calling out the flaws in Social Media and in PleaseRobMe.com. The website Mashable applauded FortheHack’s efforts stating “These guys have a legitimate point. Stories about status updates leading to burglaries are becoming commonplace…” while The Daily Telegraph reports “Privacy campaigners have expressed outrage at the website, which publishes a regular updated stream of ‘opportunities’ by detailing the names of Twitter users, when they left home and where they were currently located. Simon Davies, director of the Privacy International campaign group, said the website’s creators had ‘failed in their duty of care’.”

It is clear that Please Rob Me succeeds in one respect: scaring the pants off Twitter users. Instead of foursquare’s inviting “Check In! Find Your Friends! Unlock Your City!” you are greeted with “Listing All Those Empty Homes Out There! 12 New Opportunities!” Perhaps the only thing more mind-boggling than the website itself is the one pervading fact that Privacy advocates are glossing over: Please Rob Me is not combing Twitter for this data, but simply syndicating (via foursquare) tweets that are being volunteered by its players. This data is not being stolen, but freely given and made public.

That is truly scary.

So before you attempt to unlock that way-cool “Burrito Bandito” badge on a return trip to Chipotle, IDGuardian offers you (without even asking for your whereabouts) a few Twitter tips:

1. For your Twitter profile, avoid using GPS coordinates. When Twitter asks for your location, the closest city or major metro area (e.g., Washington, D.C., Chicago, IL) should work just fine.
2. Disable GPS options in third-party Twitter applications. These are the usual culprits responsible for going into your profile and giving your exact location, be it from your home or wherever you happen to be tweeting. Check the Preferences and Settings tabs of your Twitter applications, both online and on your smartphones.
3. Ask yourself why you want to give away your exact location on an open stream. This works both ways. While we have been talking about foursquare letting people know where you are not, keep in mind that foursquare (and other services like it) is also letting your network know where you are. A real boon for stalkers. Anybody can get on Twitter, and anybody can find you if you are willingly sharing such data on open networks.
4. Don’t be afraid to let people know where you are or what you are doing. Just be smart about it. You can still TwitPic your whereabouts and share with your network; but how much do you really want or need to share? It goes back to the analogy “If you don’t feel comfortable saying something in a crowded room of strangers, it is best not to tweet it.” The same can be applied to your location. Only tweet what you are comfortable with.

It’s okay to share on Twitter. Just don’t check your brains at the door and take a few simple steps to avoid being a target. A few precautions can be a good thing further down the road.

Yesterday started with a stir across the popular social network, Twitter, as Mashable.com (with the help of blogger Andrew Girdwood) put its users on high alert:

Numerous Twitter users are pointing out that Twitter forced them to change their passwords out of the blue. According to blogger Andrew Girdwood, these users have received an e-mail containing the following message: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset,” together with a link for resetting the password.

Although the e-mail itself looks like a phishing attack, it’s genuine; it seems that admins at Twitter have discovered something fishy is going on, and they’re trying to prevent further damage before it happens.

This development had not only become a trending topic on Twitter, but started to grab media attention, including the Washington Post. While this situation shouldn’t be taken lightly, we at IDGuardian do not recommend that you start changing any passwords on accounts. According to our research, Twitter users are finding out via an “official email” from Twitter.com or from other Twitter users. Meanwhile, on Twitter’s Status and News blogs, there is no mention of this phishing scam whatsoever.

This gives us a moment’s pause, and it should do the same for you, too.

Before concerning yourself with falling prey to a malicious Social Media hacker, follow this simple checklist:

• Check your third party clients (TweetDeck, DestroyTwitter, etc.) and see how they are behaving. If they are connecting with Twitter, you are doing just fine.
• Check Twitter Status. This is one of two blogs that keep users in the know about what is happening on Twitter. This particular blog is more technically oriented, but reports outages and hostile actions such as DoS attacks. In the late hours of Tuesday night, a posting did appear that may have explained yesterday’s odd behavior reported across the network.
• Check Twitter’s Blog. This is news and developments from Twitter’s home base, and usually developers will give commentary here on any hacker attacks, interface redesigns, or serious issues that Twitter is encountering at that time.
• Follow @Twitter’s feed. No, they might not answer a query, but with something as serious as this there may be some updates in their feed that can give you sound advice on how to fix a potential problem.
• Follow @safety, Twitter’s Trust and Safety account. Managed by Twitter’s own Del Harvey, this is the voice of Twitter’s Trust and Safety Team. They did have a post about this matter at 11:26 am, several hours after Mashable, the Washington Post, et al. went live with their postings (No mention of this being a phishing attack.); and they did a follow-up posting concerning the importance of “regular password changing” that was shared on this feed. Again, another valuable resource in maintaining your identity security on Twitter.

Always check with the source before taking action. It may be a moment’s hesitation, but in that brief second you may be able to avoid unwanted stress and undue inconvenience.

It is hard to believe that IDGuardian launched only four months ago (September 11, 2009 as a matter of fact); and in such a short time, we have brought you sound advice, different perspectives, and forward-thinking opinions on the subjects of Identity Theft, Credit Security, and Online Safety.

If you are new to IDGuardian, thank you for joining us. We have, at the closing of the year, compiled the “Best Of” from 24 blogposts so you can get a feel for what you will find here. For those of you already subscribed to IDGuardian, thank you for joining us and we hope you enjoy this retrospective of a new blog.

Take a look at what we have deemed the “notable bytes” from 2009 and feel free to leave your own favorite blog or podcast entry in the Comments section.

.

September

The ironic twist is that the burglars who use your own freely-offered personal life story to target your home when you’re not there are in fact not looking for your new TV or X-Box. What many of them are after is your Social Security number, birth certificate, financial statements and anything else they can use to clone your identity and hijack your life.

— Neal O’Farrell, When a Stranger Comes Calling

A more common method is to launder the money, once again internationally.  Many times this is done through unsuspecting money mules.  A typical scenario involves a mass spam campaign advertising to the recipient that he/she can make hundreds or thousands of dollars a week working from home.  Or then there’s the “you’ve won the Spanish lottery” spam, or the “you can recover this bank account you forgot you had” spam.  In all these cases, the point is to swindle the money mule into sending legitimate funds to the con man.  If it’s a straight on con, then they just keep the money.  If they’re laundering money, then they will actually send back some amount of “dirty” money in exchange for your “clean” money.  Now you’ve not only been cheated, but you’re part of an international identity theft and money laundering scheme.

— Matt Sarrel, Identity Theft: An International Consipracy

October

What [hackers are] usually after is personal information that can be used in identity theft. So just think of the information you may already post and share that hackers could use in identity theft – information like your name, date of birth, home address, work address, current employment, employment history, mother’s maiden name, family, friends, pets, your first school, favorite teacher, vacation plans, likes and dislikes, even photos of you and everyone you know. The list is endless.

— Neal O’Farrell, What Social Networks Really Reveal

But while the hype cycle of social networking risks may be at an all-time high, it’s hard to argue that the emergence of the Web 2.0 sites and applications hasn’t created a complex new set of privacy concerns that end users need to worry about.

The social networks themselves have already become breeding grounds for many different types of electronic attacks and social engineering schemes with most of those threats aimed at somehow stealing your personal data, infecting your computer or using your online reputation to assail those with whom you’re connected.

— Matt Hines, Social Networks Increase Risks to Online Privacy

Identity theft – by whatever name we choose to use – is a real problem, and will continue to be for many years. The world is digital – our transactions, communications, and relationships are tracked by marketers, read by virtual friends, and if not secure, vulnerable to fraudsters.  We can’t change the evolution of technology, nor should we, but we can become smarter about how we use it, who we transact with, the information we divulge, and most importantly, how we secure and monitor our personal information. Education is the first step to understanding the risks. When consumers educate themselves, useful services will dominate the market.

— Michael A. Stanfield, A Reply to Ms. Julia Angwen at the Wall Street Journal

Consider the possibilities for someone to carry out a physical assault, let alone a virtual attack, if they know who you are and where you are at any given time. If I was someone looking to rob your house or a jilted ex-boyfriend planning to stalk your movements, these seemingly innocuous tools would seem to provide a lot of helpful information to do that.

In the computing world, these applications, like other social media tools, unquestionably add another level of risk in terms of allowing someone to create targeted attacks to assail you with in assuming your likeness for identity fraud.

— Matt Hines, Mobile Web Driving New Privacy Issues

November

Many of us have established habits and lifestyles that, quite frankly, we don’t want to change. We like the convenience and benefits associated with loyalty/rewards programs, online shopping, and social media networks. Our information is already in cyberspace in so many different shapes and forms that it’s not likely we can pull it back and start over again. But we don’t need to panic. What we can do is be more vigilant about who we share our information with and ask why it is needed. Does the retailer really need your phone number? (They don’t; it’s for marketing purposes only.) Does your son’s baseball team really need a birth certificate? (Have them verify your son’s age at school.) Ask questions and if you don’t like the answer you get, don’t provide the information.

— Michael A. Stanfield, Lost in Translation

These rules may seem inconvenient or overly cautious to many consumers, but they are designed to help you by keeping the crooks from pretending to be you.  My goal is to make identity theft prevention a part of our learned safety behaviors, like putting on a seatbelt.  You don’t think twice about it.

— Anne Wallace, Be Prepared to Establish Your ID When Red Flag Rules Go into Effect

One of the best gifts scammers will get this year will come from retailers. Shoppers and analysts are already reporting shortages of the hottest Christmas gifts this year, as retailers try to avoid getting stuck with merchandise that they can’t move quickly.  This inventory shortage may force some shoppers to take greater risks than they normally take, and  scammers won’t miss the opportunity to take advantage of busy shoppers who are so determined to get that elusive holiday gift this year that they are willing to do whatever it takes.

— Neal O’ Farrell, Why Black Friday Could Be a Red Carpet for Scammers

Talk to your kids about the importance of their Identity. Teach them not to fill out forms online or offline to win a car, a cruise, or any other freebies in magazines, restaurants, etc.  More often than not, those are marketing ploys and their personal information will be shared across many marketing databases. Parents should carefully monitor all Internet activity and stay actively involved with who their kids are meeting online. They should also keep kids out of Internet chat rooms. Predators are just as real online as they are in public places.  All they need is an unsuspecting child to provide their name and home address, and they could track them down.

— Identity Safety for Your Child

December

Think before you tweet (Twitter), or post anything on Facebook, MySpace, or YouTube. Always assume that what you say, how you say it, and to who you say it will always be only a search away from friends, potential employers, stalkers, Internet predators, etc.

— Identity Safety for Your Teens

— Jerry Thompson, Threats Facing Consumers Online

According to Facebook’s new privacy policy, if you don’t select your own privacy settings Facebook will automatically do it for you, and to a standard that you might not be comfortable with.

For example, under current privacy settings people who are not friends can’t even see your marital status, gender, photo, or location. Under the new default settings, this information will now be open for everyone to see unless you go in and change your personal privacy settings.

— Neal O’Farrell, Saving Facebook

A number of organizations including the National Association of Attorneys General and vendors including Intel, Google and Microsoft recently announced the establishment of “Data Privacy Day” which will be observed on January 28, 2010, and involve a number of promotional events meant to raise consumer privacy awareness.

In more targeted efforts, a group of leading Internet publishers and digital marketing services recently launched an online campaign to educate consumers about how they are tracked and targeted by marketers over the Web. The Interactive Advertising Bureau (IAB) unveiled a related “Privacy Matters” Web site and a number of IAB members including Yahoo, Google, Walt Disney Co. and The New York Times Co. have volunteered to support the effort via links featured prominently on their own pages.

— Matt Hines, Searching for Bright Spots

As you can see by the amount of information (and these are the highlights!) here, IDGuardian has delivered valuable insight and information regarding identity protection and personal safety both in the real and virtual world.

This is, also, merely the beginning.

IDGuardian will, in 2010, bring you the voices showcased here along with new contributors and new features geared to start dialogues and get you thinking. Awareness and education are key in protecting yourself, and IDGuardian is here to do both of these and so much more. We hope that we have aided you in making the latter quarter of 2009 a safe one, and assure you that IDGuardian will continue to offer you tips, advice, and guidance in the coming year.

Thank you for commenting, for subscribing, and for taking part in our community. Celebrate safely, and we will see you in 2010.

If you are on Facebook (as are over 300 million people in the world) then you are used to receiving a variety of notifications of different things happening within your network, such as photo tagging, status comments, and friend requests. Nothing unusual about that, unless you receive something like this…

…on an account other than the one you used to open your Facebook account.

On closer investigation, here is what you should notice about this new Facebook spoof:

1. Note the mailing addresses in the header. Facebook’s reply here is usually “no-reply” address. Also, if this is someone you know and performed a generic search, you would have come up in a page of results. Facebook would have sent this “invitation” to an already approved email for a Facebook account.
2. Take a closer look at the photo. This is actor Jake Gyllenhaal. True, Facebook users do use famous people as their profile pictures on occasion, and it is these new, unknown users that you should take caution with before approving.
3. While there are famous people on Facebook, they would probably NOT identify themselves as (FIRST NAME) Doe.
4. Another problem with this scam is when legitimate friends of yours appear in the notification. (Our advice: Notify these friends as soon as possible that they are being associated with this scam, and advise them to take caution.)

The nice thing about scams like this is they tend to appear in pairs. Another bogus invitation received within minutes of the first spoof mail, and this one threw its first warning sign out in a more blatant fashion. The profile picture featured a woman giving the camera a cheeky grin and revealing a good amount of skin. Security experts refer to this as a “Hot Chick” Approach. In this second invite, the four “random friends” as selected by Facebook are the same “random friends” showcased in the first invite.

Here are a few tips to follow if you receive a suspicious invitation like this:

• DO NOT CLICK ON ANY LINKS PROVIDED IN THE EMAIL. Take a look at the earlier mentioned details outlined earlier to see if this is, in fact, a legitimate invitation or not.
• As stated earlier, notify friends featured in these spoof as soon as possible. Advise them to take caution when working in Facebook and communicating with others.
• Click here to find out more about Facebook’s policy against false identities. You can also forward the potentially fraudulent emails to abuse (at) facebook (dot) com with any additional information you can provide on the spoof mails (i.e. frequency, time of arrival, etc.)

Proceed with caution on Facebook as this scam has been gaining momentum. Please feel free to comment here your own experiences, and stay safe in your Social Networking initiatives.

12/16/09 UPDATE:

Today, I was hit with another bogus invitation. While the profile picture appeared to be some random high school/workspace portrait, I noticed that the three random friends selected that I “might also know” were featured at the bottom of the screen. Additionally, the “Reply To” address was hidden.

Take care. Phishers are getting craftier.

In our previous posting, we looked at the dangers of Identity Theft for our kids. We asked the tough questions about how prepared our children are, and considered the scary notion of just how vulnerable children can be to fraud, scams, and identity theft.

The tips we offered could be applied to any age of child; but when your child enters their teenage years, everything changes. Along with dating, peer pressure, driving, and accountability, teenagers begin to enter the workforce, earn their own income, and begin to nurture a sense of independence. This new world of responsibilities also opens up teens to new threats in identity security; and considering the popularity of technology (illustrated here by Matt Hines’ column on Social Networks and their influence over online privacy), it is becoming easier to reveal and harder to protect personal details.

At IDGuardian, we wanted to share some strategies in keeping your teens and their identities protected.

• Do not open email from unknown senders and be careful about what file attachments you download. The next video or music file – even from a friend – could actually be hiding a computer virus, Trojan, or keylogger from an identity thief.  Teach your children what those online threats are and why firewalls, anti-virus, and anti-spam programs need to be kept up to date.
• Reveal as little as possible about yourself, pictures included. Always avoid revealing your date of birth, family names, pet names, home address, school, cell number, and home phone number whether on a social media site or blog. Once posted, most items cannot be removed.
• What may sound harmless to you, like sharing details about your birthday party (or your friend’s), showing pictures of gifts, and sharing vacation plans can provide enough detail  to a thief about your whereabouts, and expensive gifts, making your home an attractive target for a burglary.
• While it may be great to have more online friends than everyone else, always practice caution when accepting new friends into your network.  Just because they are virtual friends, doesn’t mean they can’t cause harm.
• Protect your information on social networking sites and restrict who can access your pages. Most social networking sites have strong privacy settings that you can customize. Learn how to use them.
• Don’t let your friends borrow your cell phone. Should they lose it, you and everyone in your contact list could be at risk for bogus texts (i.e. winning free things), unauthorized calls and charges, and even eavesdropping.
• Talk to your teen about why he/she should not give out personal financial information in response to phone calls from telemarketers or emails from unknown individuals or businesses.
• When your teen applies for his/her driver’s permit and license, make certain that the motor vehicle administration does not use Social Security numbers as the driver license identification number. If they do, ask for an alternative.
• Never, ever share your password with friends. They could share it with their friends, and so on. You do not want someone using your persona to speak with others or to post notes on other social networking sites.  You should also change your passwords frequently and be sure to use a strong combination of letters, numbers, and symbols so that nobody can easily guess it.
• Think before you tweet (Twitter), or post anything on Facebook, MySpace, or YouTube. Always assume that what you say, how you say it, and to who you say it will always be only a search away from friends, potential employers, stalkers, Internet predators, etc.

These tips will give you a starting point in impressing upon your teens the importance of identity protection, and maybe — just maybe — lay a foundation for them to be aware of their identity, where it goes, and what they can do to protect their credentials, their credit history, and themselves.

The holiday’s bring out feelings of commonwealth, community, and goodwill.   For those of you joining us here at IDGuardian.com, we hope that you have benefited from the security tips and tactics discussed here every week.

But what about kids?  Does your child have a shredder in their room? (Considering the last hairdo your child performed on the cat or dog, probably not.) Does your child understand how dangerous Identity Theft works? Does your child grasp that their identity is just as susceptible as your own?

At IDGuardian, we wanted to share with you a few tips in keeping your kids protected this holiday season and well into the new year.

• Always ask why your child’s Social Security number or birth certificate is required for sport activities or medical information. If mandatory, ask how the information will be used and protected.
• Talk to your kids about the importance of their Identity. Teach them not to fill out forms online or offline to win a car, a cruise, or any other freebies in magazines, restaurants, etc.  More often than not, those are marketing ploys and their personal information will be shared across many marketing databases. Parents should carefully monitor all Internet activity and stay actively involved with who their kids are meeting online. They should also keep kids out of Internet chat rooms. Predators are just as real online as they are in public places.  All they need is an unsuspecting child to provide their name and home address, and they could track them down.
• Children under 18 do not have credit reports, but do check with the credit bureaus frequently to ensure no one has established a credit history in your minor’s name.
• Be a role model to your child. When you are asked for your phone number at the retail store,  tell the cashier you do not provide that information.  Always ask questions and let your child know that it is NOT okay to provide information to everyone that asks.

Happy Holidays from everyone here at IDGuardian.

For those of you following IDGuardian on Twitter, you may have noticed a change in how we are posting our popular TwitterTips. We have been thrilled with the amount of “retweets” (circulating attributed postings in other Twitter feeds) our TwitterTips have earned; but after talking with our network, a change was needed.

Originally, when we went online back in September, our TwitterTips originally looked like this:

IDGuardian TwitterTip: Perform random online searches of your name in order to find out what personal information is available.

In October, the format changed to:

TwitterTip: At 18 years of age, your credit is compiled and reported to the credit reporting agencies.

Now, our TwitterTips will appear in your feeds in this fashion:

In June 2010, the FTC will enforce “Red Flag” rules, designed to prevent identity fraud. (from @IDAssistanceCTR) #creditsecurity

The previous posting is still an IDGuardian TwitterTip; but here is what you need to know about our new approach to this old favorite:

Character Conservation. If you are new to Twitter, you will know that all the postings (or tweets) are limited to 140 characters, and those 140 characters include spaces. The earlier TwitterTips with their headers used valuable characters, making it difficult for others to retweet without dramatically editing the original post. Many users were removing the header, so in “rethinking the retweet” we decided to conserve on the characters and streamline our TwitterTips.

Trackable Tweets. You may notice in the new format a pound sign connected to a term. These are known as hashtags. Hashtags are keywords used within a tweet to track it via Twitter Search. This way, by establishing a hashtag as part of a tweet or  conversation, you can create a Trending Topic on Twitter, thereby increasing visibility. At present, the hashtags we are using are:

• #onlinesecurity
• #idprotection
• #creditsecurity
• #scam

By incorporating the hashtag, we can now make it easier to track who is talking about our TwitterTips and where they are being circulated.

Keep an eye out for our TwitterTips that still carry that same reliable news or helpful insight IDGuardian is known for, just in a more compact format. Thank you for following us on Twitter and here at our blog. Feel free to leave a review for our podcast on iTunes, and continue to share with us your thoughts, opinions, and reactions to the columns featured here.

IDGuardian is now available on iTunes. If you have the popular media player on your computer, you now can use it to subscribe to the IDGuardian podcast. (And it’s free!) Here’s how you do it:

Step 1: Make sure you have iTunes installed on your Windows or Macintosh computer.

Step 2: Click here to go directly to IDGuardian’s page on iTunes.

Step 3: Single click the “Subscribe” button.

Step 4: Listen through iTunes.

If you have an iPhone, iPod, or some other mp3 player, you can follow directions native to each portable player and take the IDGuardian podcast with you. If you like what you hear or wish to comment on a specific show, feel free to leave a review on iTunes and tell a friend about IDGuardian.com.

Do you have a topic you’d like to see covered here?
What would you like to see added to IDGuardian?
Let IDGuardian.com know
what you would like our contributors to address.
Thanks for giving our podcast your attention,
and stay safe online.

Hello from the IDGuardian.com administrators. You may notice a few changes in our blog’s right-hand sidebar. We wanted to point them out to you and give a quick rundown on what they do and how they work to help you out here.

First, there is the growing Tag Cloud located between the Categories and Resources features. In the same way that Categories sorts out posts based on the category you choose, the Tag Cloud sorts out posts based on which keyword or “tag” you single-click.  The larger tags (i.e. Facebook, Neal O’Farrell, etc.) are tags that appear more frequently across posts while smaller ones (ACLU, botnet, etc.) appear sporadically throughout the blog. The more tags we feature in a blogpost, the more our Tag Cloud evolves. Take advantage of the Tag Cloud if you need to perform a quick search for posts concerning specific topics.

Then there is “In the News” — an exclusive feature to IDGuardian.com. This sidebar feature located between Resources and Recommended Blogs offers headlines and columns from across the country and around the world that we collect for you. Whether it is United Press International or The Washington Post, IDGuardian brings news on Credit Card and Identity Security to you in one location. We are thrilled to offer this, and hope you continue to rely on us for all your Internet Security, Credit Security, and Identity Protection matters.

Do you have a topic you’d like to see covered here?
What would you like to see added to IDGuardian?
Let IDGuardian.com know
what you would like our contributors to address.
Thanks for giving our blog your attention,
and strive to stay safe online.