Tuesday, September 22, 2009

Security Expert Urges Troops to Safeguard Data

By Samantha L. Quigley
American Forces Press Service

Sept. 22, 2009 - Military family members who gathered here recently to learn how to protect their identities were told to "think like a spy" in protecting their personal information. John Sileo, an author and identity theft expert -- himself a victim of identity theft -- spoke at the Defense Department's Joint Family Readiness Conference here, hosted by the Office of Military Community and Family Policy.

Sileo told the audience of the case of Albert Gonzalez, a Miami man who pleaded guilty last month in the largest-ever identity theft case, which involved hacking into data on 130 million credit and debit cards used at five major retail stores. The news was meant as a wake-up call.

"You guys have a one-in-two chance that this man, alone, has stolen your identity," Sileo said. "One man."

To protect their identities, Sileo's first piece of advice was to think like a spy on requests for personal, identifying information.

"A spy is trained in stealing data, information, knowledge, intellectual capital. Unlike a thief who steals physical things," Sileo said. "Not only is a spy trained in how to collect it, but how to protect it."

To think like a spy requires some specific mindsets. The first is called the "privacy reflex," he said. "Spies are trained immediately to have a reflex anytime somebody requests their personal information. They do this using a device called a trigger."

Sileo calls the five triggers the "Hogwash 5" because when a solicitor says them, your response should be "hogwash." They are: "trust me," a claim of protecting finances, asking for a "little bit" more information and things Sileo calls "bribe bias and fear bias."

"I'm going to give you something in exchange for your information," Sileo said. "Now, that's not identity theft, but it's the same principle, which is, 'I'm going to bribe you out of your information.' The reverse is, 'If you don't do this, then I'll take something away'" – the fear bias.

"The fifth [trigger] is the most common," he added. "It's the most subtle. Eighty percent of the time all they have to do is say, I just need a little bit more of your information. We're so used to giving it away that that's all they have to say."

The second mindset of a spy involves interrogation, which Sileo describes as aggressive and systematic questioning. In other words, slow down the interaction and consider what's being requested and why. If it's a phone call allegedly from a bank claiming fraudulent activity and offering to close out the account, ask for verification.

Request only information the bank could produce like the date, amount and location of the last transaction.

"If it's the bank, who is sitting at a computer, or a really good identity thief, they'll have the answer. If not, you'll hear your first excuse," Sileo said. "Red flag number two. Any excuse is hogwash."

That leads to mindset three: target the enemy.

Sileo suggests stopping the receipt of information the enemy seeks such as preapproved credit applications. Freezing credit, which requires people to provide a password before a new account can be opened in their name, also is a way to stop a would-be identity thief, he said.

Methods for reducing the chances of identity theft are plentiful, but they're not foolproof. Keeping an eye on accounts and expedient investigation into any unusual activity can make all the difference, he said.

"It's that speed of catching identity theft -- it's not that we get rid of all of it," Sileo said. "It's that we monitor it and stop it."

Sileo's suggestions come from experience. His problems started when he walked into the bank where he'd done business for 15 years to open a new checking account in 2003. His request was denied because "your history's bad."

"That's hogwash," Sileo told the teller. "Things were fine when I was in this bank last."

Hogwash or not, the teller told him, he'd conducted a lot of financial business -- and become a woman -- since he'd been in the bank last.

"The first time my identity was stolen it was by a crime ring called the Cashmen who dress up like your trash men ... [who] collect the garbage off your curb, [and] take it back to a warehouse where they filter through it for your numbers, your identity," Sileo said. "A woman ... purchased my stolen identity on the Internet and used it to buy herself a second home in Cleveland, Ohio."

Then she stopped making payments, defaulted on the loan and declared bankruptcy in his name, he said.

Two weeks later he'd straightened things out, though it had cost him that much time away from work and a firm suggestion from the bank teller to take some action to prevent a repeat. He chose to ignore the advice, which would prove to be a life-altering mistake.

"I'd paid my dues and lightening wasn't going to strike twice," he said. Until a few months later when there was a knock on his door.

"When I opened it, standing there was a gentleman – black suit, black tie, very official badge – who tells me ... I'm about to be charged with a theft of $298,000," he added.

Sileo was being charged with embezzling from his clients to pay for the $20,000 a month he'd supposedly spent on personal items.

Two years later, Sileo won a long, hard fight to prove his innocence – but the war wasn't over.

"In the end, I didn't lose my freedom. I did, however, lose my business -- a 40-year-old business I'd taken over from my father -- my salary, my career," he said. "And I lost something so much more fundamental to my identity than any of that financial stuff. I lost two years with my family."

Preventing identity theft doesn't have to be difficult, but it does take some effort, Sileo said.

"You are in control of this amazingly powerful asset called your identity, but you have to be willing to protect the value of that asset," he said. "If you won't do it for yourselves, do it for your kids. In your case, do if for your country because we all need you [to be free to focus on the mission at hand, not reclaiming your identity]."

No comments:

Post a Comment