Robert Siciliano Identity Theft Expert

It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let him keep the inheritance his wife had inherited from her deceased uncle Bamboo.

The game has changed dramatically. Recent studies reported in NextAdvisor on the state of phishing, find a 52% increase. Computerworld reports on corporate bank accounts completely drained via simple phishing emails.

Criminal hackers waited until Pennsylvania schools administrators were away on school vacation week, and then during a four-day period between Dec. 29 and Jan. 2, liquidated over $440,000 via simple money transfers.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target, aimed at the person in charge of the company’s checkbook. Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers.

The malicious software can attach itself to the users web browser, waiting for the victim to log into a bank site before launching. When the victim logs into their bank account, the software sets up new payees and transfers money to the criminal hacker.

In the school hack, the software added 42 people to its payroll during the Christmas break, and then started to pay them. In this hack the issuing bank received 74 transfer requests during the four-day period.

For consumers who have their bank accounts emptied, federal banking regulations cap liability at $50, but the user may have to report withi9n 2 days and sometimes up to 60 days. But for corporations, small and large, and other entities, things are a lot more complicated, and whether the victim has to pay can vary from bank to bank.

Protect your yourself.

This is an easy fix, rule #1 – don’t click on links in an email if you aren’t 100 percent sure of its legitimacy. Whenever I receive an electronic statement from a bank or credit card company I always go to my “favorites” menu or type in the address manually to get to the entities website to check my statement. I’m only 99.9% sure its legit, so I just take the extra step to go to my favorites.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

3. Make sure your McAfee anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discusses phishing

Be Sociable, Share!