Only You Can Prevent ID Theft

I was at Autozone yesterday getting a set of Upper Strut Mounts for my 167K mile old Saturn when the sales guy asked me for my phone number. I didn’t hesitate a bit and just rattled off ten digits. The same ten digits I always give out. Ten digits which in fact are not my phone number.
While I waited for the cashier to finish ringing up the pair of $42.99 parts I overheard the guy next to me arguing with the cashier about having to give up his phone number in order to complete his purchase. (Didn’t Radio Shack try this years ago?) The cashier assured him that the number would go nowhere other than Autozone and was only used to identify his purchase for warranty purposes. However, I didn’t see any privacy policy posted or offered for the customer to read, not that privacy policies are legally binding or anything. Once Autozone (or anyone else) has your info they can do whatever they please with it including selling it to someone else.
So what does this have to do with anything? Hopefully it serves as a reminder that the only one who is going to protect your identity is you. Some people obviously think they can hire some other company to protect their identity for them. A company like LifeLock which promises to “guarantee your good name.” Since the company’s founder publishes his own social security number on its web site and in print advertisements they must be able to protect people from identity theft, right? Why worry? Just pay Lifelock and your good name is guaranteed!
Well come to find out the company is currently being sued by customers in at least three states who say that LifeLock did anything but protect their identities. In the course of gathering information for the trial the lawyer for the case found 87 instances where people have tried to steal the identity of the CEO of the company, 20 of which were attempts at obtaining fake drivers licenses. And one instance of fraud being perpetrated in the name of the CEO! (I wonder if the CEO can get a refund?)
So what is the lesson to be learned? You can either pay your $10 a month and live in blissful ignorance until you get burned or you can expend a little effort and protect yourself. Don’t give out personal information to people who don’t need it (which is just about everyone), don’t use your PIN in point-of-sale machines, check your credit reports once a year, and don’t do what the CEO of Lifelock did and publish your social security number on your website.
 



Interview with The Bug Magazine

About a month or so ago I did an email interview with an online ezine known as The Bug Magazine. They are based in Brazil so most of the magazine is in Portuguese however the editors graciously published my interview in English as well. Scroll about half way down the page to get to the English version. The interview covers some of the old L0pht and @Stake stuff but also touches on new trends and the future.
 



More POS Hacks Grab CC Numbers

Everyone gets a kick out of TV shows and news reports that feature stupid criminals. People who get themselves locked inside the store they are trying to rob or stuck in the air vent attempting to break in. For some reason you don’t hear about the smart criminals very often. Maybe they don’t get caught as much?
Recently there has been a new twist on the old credit card number scam. Criminals have found a way to modify those point-of-sale scanning machines everyone swipes their cards through to make copies of the information. I’ve written about this before here and here. Previously it was Stop & Shop Supermarkets who had their card readers physically altered inside the store to record card information (smart) and the second time it was researchers at the University of Cambridge [PDF] who found how easy it was to tamper with the tamper resistant chip and pin machines (wicked smart). Now it is Lunardi’s Supermarket in Los Gatos California who have found their card swipe machines altered to record the card number and PIN. At least a hundred people so far have reported fraud against their cards.
There isn’t a lot of room inside those little machines, so to be able to take one apart, install your recording device then put it back together and install it inside the store without anyone noticing seems to be pretty damn smart to me.
So you want to be smarter? Don’t trust the machines. Don’t give out your PIN number to every retailer you shop at. When the machine asks for a PIN hit the cancel button and choose ‘credit’ instead of ‘debit’. If your debit card can’t double as a credit card get to your bank today and demand one that can. Don’t give your PIN to the Supermarket or Walmart, and at the corner MOM & POP store use cash. Cash is King. Even at the ATM protect your PIN, look for tampering at the machine, cover your hand when entering the number. Be smarter than the criminals. Sure you may feel like George Costanza in an episode of Seinfeld but better to feel like a stocky bald man than to become the victim of fraud.