Ever consider the possibility that a person gets a job as a bank teller…for the sole purpose of stealing a patron’s identity?

Do you realize how easy this would be?

• No techy hacking skills required.
• No gun required.

So we’ve all been instilled with fear of our bank getting data breached by Russian hacking rings, while that mousy looking teller with the sweet smile could be your greatest threat.

A nytimes.com article points out that a teller from Capital One had gained access to seven accounts and gave information to a co-thief who drew checks on these accounts.

Tellers can fake debit cards and wire unauthorized funds. They can also sell personal data to other thieves.

The nytimes.com article says that a teller was part of an ID theft ring that stole $850,000. The idea of tellers committing these thefts is very real. One teller even took photos with a cell phone of account data to cash phony checks. Another thief, who worked at a credit union, took loans out in customer’s names.

There are many ways that tellers can steal, including creating credit cards in customer’s names. Tellers may also be easily bribed by thieves to sell them customer information, as the tellers’ income isn’t that great, averaging about $25,000 a year.

The thieves, who bribe the tellers, don’t necessarily pay them with money. They may offer them luxuries that the teller can only dream of, such as flying in private jets and meeting famous athletes, says the nytimes.com report.

And if you think that banks require rigorous background checks for new teller  hires…think again. Furthermore, continues the article, savvy thief-tellers will keep their fraudulent withdrawals under $10,000, to keep below the detection radar. These sneaks can get away with this for years.

The general rule of thumb is that tellers have way too much access to customers’ data, and banks are lax at correcting this problem beyond simply reimbursing customers with their stolen money. The banks don’t want to invest the money and time in straightening out this problem, though a small number of banks have implemented tighter controls on tellers.

But what can we, the customer, do? We just have to keep our fingers crossed? The most effective way to prevent fraud is to do two things:

1. Go over your accounts security controls with a bank advisor. Set up limits on transactions, require second signatures for large dollar amounts, and restrict money flow in any way that will cause financial harm.
2. Set up alerts and notifications, so you, the account holder can become fully aware of every transaction of any kind.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Companies have been struggling for years to keep cyber-attacks at bay. Cyberthieves are working faster than ever before to send out their malicious attacks, and it’s become increasingly difficult for companies to keep up.

CNN reports that almost one million malware strains are released every day. In 2014, more than 300 million new types of malicious software were created. In addition to new forms of malware, hackers continue to rely on tried and true bugs because many companies simply haven’t found a fix or haven’t updated their systems to mitigate the threats.

In almost 90% of these cases, the bugs have been around since the early 2000s, and some go back to the late 1990s. The irony here is that companies can protect themselves and create patches for these bugs, but there tends to be a lack of effort and resources when it comes to getting the job done.

Some industries are targeted more than others. After hackers get information from these companies, such as proprietary data, they attempt to sell the information on the black market.

Cyberattacks are spreading quickly, and it takes almost no time after an email is sent for a victim to fall for the scheme. When a hacker is successful at breaking into a certain type of company, such as a bank or insurance firm, they will typically use the same exact method to quickly attack another company in the same industry.

New and improved cyber attacks

While old methods of cyber-attack can still be effective, it is the new scams that users should be nervous about. Here are some examples:

• Social media scams
  Social media scams work and cybercriminals just love them because the people being scammed do most of the work. Cybercriminals release links, videos or stories that lead to viruses, and people share them with their friends because they are cute, funny or eye-raising. These tend to spread quickly because people feel as if they are safe.
• Likejacking
  Hackers may also use a practice known as “likejacking” to scam people on social media. In this case, they will use a fake “like” button that tricks people into installing malware. The programs then post updates on the user’s wall or newsfeed to spread the attack.
• Software update attacks
  Hackers are also focusing on more selective attacks. For example, a hacker may hide malware inside of a software update. When a user downloads and installs the update, the virus is set free.
• Ransomware
  These attacks, where thieves steal or lock files on a person’s computer and then demand a ransom for access, climbed more than 110% in the last year alone. Once infected, the only way to regain access to the files is to pay a fee, usually between $300 and $500, for a decryption key.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Cybercriminals know that the best way to get their claws on the next victim is to appeal to their emotions, not logic.

There’s lots of scary things in life, and one is learning that your computer has been infected with a virus. If this happens, you’re now vulnerable to spending money on getting rid of the malware. The tactic of scaring users is called scareware.

• A pop up tells you “Warning! Your Computer Has Been Infected with Malware!”
• The pop-up can be triggered by visiting an infected website or by making a bad click.
• The pop-up can’t be closed out, or if it can, another appears.
• Additional information in the pop-up lures you into clicking a link inside it, such as buy some downloadable security software that will destroy the virus.
• Once the alleged security software is downloaded/installed, it crashes your computer—even if you already have a legitimate security software program in place.
• You’re screwed at this point. (Hope you had all your data backed up before this happened!)

Here’s another way the scam can unfold, from someone who wrote to me:

“I was notified by a notice supposedly from Windows Security that my PC has been attacked.  They claim that all my PC ID numbers were stolen and that Russia had got about 8-12 other IDs.  They took control of my computer and said they scanned it to find this out. They claimed the only way that I could clear this problem was to have them clear it for $199.99 and security for 1year (sic) for $149.99.  They said the only way to accomplish this was by check.  They said it couldn’t be done by credit card because them (sic) numbers would be stolen too.  I refused to go along with that plan and closed them out.  

P.S. I checked my account and it is paid thru 6/2016.  How do I know if I get a notice from Windows that it is legit? 

All windows notifications come via Windows Update. That “pop-up” emanates via your notifications area on your taskbar and NOT a popup via your browser. What a mess.

Protect Yourself

• Use security software only from a name-brand company.
• Keep it updated.
• See a pop-up? Close it out. Never click inside it—which you can’t do if you close it out immediately.
• Exit the site you think triggered it.
• Play it safe and run a scan using your legitimate security software.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

A cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

• How often do you clean out dormant accounts?
• What type of authentication is used?
• Who can access and see my data?
• Where is the data physically kept?
• What level of encryption is in place?
• How is the data backed up?
• What’s in place for physical security?
• Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

• All data, even if old or irrelevant, should be backed up.
• Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
• Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

This week I worked with Gemalto, as part of Gemalto’s #ChipAwayAtFraud campaign. I was tasked with using my “chip” card when making a bunch of every day purchases like getting coffee and shopping. Gemalto, one of the world’s leaders in digital security, wanted a real-world take on the EMV card experience, which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that, by now, you should have.

Here’s what I learned:

A significant portion of the retailers I frequented didn’t have the chip terminals in place. The ones that did afforded more security and a seamless transaction. At this point in EMVs rollout, the biggest issue, or frustration, I think, is its lack of deployment. For instance, you may have to redo a transaction when a chip card is inserted opposed to swipe and then to be told by the cashier “We don’t accept chip cards yet, please swipe”. The opposite happens too, but less frequently.

Otherwise, chip cards are a no brainer. The “learning curve” for EMV or Chip is learned in the first transaction. Once done, you’ll be able to do it every time, and there are no delays or issues with the transaction.

Overall, we are collectively more secure because of EMV/Chip technology. Over time, there will be 100% adoption of this method as magnetic striped cards are phased out along with magnetic striped “swipe” point of sale terminals. For now, and really, forever, a consumer’s first line of defense is to pay close attention to their card statements.

I always recommend signing up for your bank or card company’s mobile app and receiving alerts and notifications with each transaction. This way you’ll be able to dispute fraudulent charges in real-time, if needed.

Meanwhile, your chip cards are here to stay. Embrace the technology, as its primary purpose is security and convenience. As more and more retailers get up to speed, we will see fewer and fewer news reports of huge credit card data breaches because of EMVs full scale deployment.

Often, hucksters prey on the consumer’s desperation, which is why it’s no surprise that the No. 1 rip-off (at least between 2011 and 2012)) was bogus products promising weight loss.

VICE (vice.com) interviewed psychologist Maria Konnikova about how cyber cons are so successful—even with the most ridiculous sounding bait (Nigerian prince, anyone?).

The bait becomes more attractive when the target is receiving an influx of cyber attention. Sad to say, this trips up a person’s rationale, making them susceptible to the huckster’s plan.

Konnikova is quoted as stating, “Few things throw us off our game as much as so-called cognitive load: how taxed our mental capacities are at any given moment.” She explains that people are vulnerable when the con artist hits them up with their scheme while the victim is distracted with Twitter, texting, etc. In short, it’s cognitive overload.

Konnikova is the author of the book, “The Confidence Game: Why We Fall For It, Every Time.” In the book, she mentions that victims such as the U.S. Navy were too humiliated to prosecute the crooks who conned them. She tells vice.com: “Because admitting it [getting rooked] would mean admitting you’re a sap.”

And in this day of rapidly evolving cyber technology, the huckster’s job is becoming easier, what with all sorts of pathways he can snag a victim, such as dating sites and pop-up ads warning your computer has been infected. But something else is on the crook’s side: the false sense of security that all this techy mumbo jumbo gives the common user—who hence lets down their guard.

And despite all the parodies and mockeries surrounding the so-called Nigerian prince scam (aka 419 scam), it’s still out there in full force and effect. Look how technology has made it swell. And it will continue evolving as long as people want something for nothing. Why else would the Powerball swell to over 1.3 billon. “The basic contours of the story won’t change,” Konnikova tells vice.com.

Another factor is that some people equate online with credibility: “It’s online so it must be legitimate,” is the mindset. According to this mindset, the Loch Ness Monster must really exist, since there are many stories about it online. Despite how irrational this mindset is, scammers know that many people think this way and will design their ploys to look even more legitimate (with creative layouts, slogans, links, etc.).

Though it takes skill to be a successful huckster, they can’t get the job done without the victim being “vulnerablized” by cognitive overload.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What are you doing to prevent tax identity theft? Do you even know what steps to take? You’d better, because this crime has tripled since 2010, says the FTC.

A report on foxbusiness.com describes tax identity theft as the act of stealing someone’s personal information, then the crook files a phony tax return in the victim’s name to get a refund. The victim will never see it in their mailbox. And that’s only the beginning of the victim’s problems.

First, your complaint that you didn’t get your check will fall on deaf ears; the IRS will think they already sent you the check. Remember, the thief posed as YOU. You then must:

• File a form explaining you’re a victim of tax ID theft.
• Provide proof that the SSN is yours.
• Your complaint will be reviewed, delaying your refund for months.
• But the game’s not over. The thief didn’t report the income you made on the side teaching group fitness classes. You’re now being charged by the IRS with a tax deficiency.
• The snowball just keeps getting bigger: The thief may have enough information on you to open credit cards in your name and suck dry your bank account.

How to Protect Yourself

• Guard your personal information. Never give out your Social Security number (job application, yes; sweepstakes contest, no; to someone over the phone, no).
• Memorize your SSN and keep your SSN card in a locked place at home.
• Buy a shredder and make a habit of shredding all personal and financial documents.
• If you do your taxes yourself, your computer should have encryption software. Never use public (non-secure) Wi-Fi for any tax related transactions; cyber thieves could “see” your data transmissions.
• When it’s time to mail in the return…do it inside the post office, never at a public mailbox or even your home mailbox.
• If you can’t do your taxes, get them done by a reputable outfit. You may want to go with someone who’s done the taxes for years for one of your family members or close friends.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.