Scam of the day – January 21, 2017 – Warning issued about hacking fingerprints from photos

Using biometrics, such as retina scans and fingerprints for identification verification for various devices such as your smartphone are effective security measures that provide greater security than mere passwords, however, recently Japan’s National Institute of Informatics warned people not to have photos of themselves flashing the V sign with their fingers due to concerns that technologically skilled hackers could steal the images of fingerprints and use them for identity theft purposes.

With present technology this is very difficult to accomplish although even paranoids have enemies and in fact the fingerprints of Germany’s Defense Minister Ursula von der Leyen were hacked from a photograph and cloned in 2014.

Companies involved in fingerprint biometric technology are working to increase the security of this type of technology to make it more difficult to steal fingerprints from a photograph.


Despite the fact that it is still quite difficult for someone to hack your fingerprints from a photograph, it is still possible and the simplest way to avoid this problem is to merely not have photographs taken that disclose your fingerprints to the lens of any camera.  Just taking this simple step can provide you with much greater protection.

Scam of the day – November 28, 2016 – How to protect yourself on Cyber Monday

In recent years, the Monday after Thanksgiving has come to be known as Cyber Monday, the day on which many people shop online to get holiday bargains.  According to the National Retail Federation, 56.5% of holiday shoppers will be making their purchases on line either through their computer, smartphone or other electronic device.

Hackers and identity thieves are always on the prowl trying to lure people into providing their usernames and passwords for their various accounts in order to use that information for purposes of identity theft.  A strong password is essential for cybersecurity, but it is not enough to keep you safe.  In addition to a unique password for every online account with which you do business, such as your bank account or an often frequented shopping website, you should also use enhanced authentication to provide further protection particularly in the event that your password is compromised.


There are essentially three types of enhanced authentication from which you can choose to provide greater cybersecurity than merely using a password.   The first is a biometric such as your fingerprint that can be used to confirm your identity when accessing a particular account. The second is a one time code that is sent to your smart phone as a text message each time you attempt to log into one of your online accounts.  In order to access your account, you must include this one time code.  The third form of enhanced security is a security key, which is a small device that can fit on your key chain and is inserted into a USB port on the device you are using to access your online account to confirm that it is you that is attempting to gain access to your account.  All of these methods can work well and some people will even use more than one in conjunction for greater security.

Scam of the day – November 1, 2015 – New ATM technology being developed

Skimmers at ATMs have been a lucrative tool for scammers in recent years.   Skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card which then permits the identity thief to access that information to access the victim’s bank account when the skimmer is used on a debit card attached to a bank account.  Each skimmer can hold information on as many as 2,400 cards.  Citigroup just announced that it is working with ATM manufacturer Diebold on a new ATM that would scan your iris to authorize the ATM to provide a cash amount that you select through the bank’s app on your smartphone.  Thus you never have to swipe a card.  Other banks including J.P. Morgan and Bank of America have also been testing cardless ATMs, as well.  Certainly we will not be seeing a wholesale changeover from the familiar card swiping ATMs in the near future, but the use of biometrics, such as iris scanners present a promising alternative to ATMs that are easily hackable.


For now, however, you should always be on the look out for skimmers at any ATM you use.  Look for signs of tampering on any machine through which you swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, which are used at ATMs when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if the theft is not reported  promptly.   Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.  Other times there will be cameras installed by the scammers to record the person putting their PIN into the key pad.  Therefore it is a good idea to shield the keypad with your hand while you put in your PIN.

Scam of the day – August 14, 2015 – OPM data breach included fingerprint data

One of my mottoes regarding data  breaches is that things are not as bad as you think — they are far worse and that motto is unfortunately turning out to be quite accurate in regard to the recent data breach at the Office of Personnel Management (OPM) by Chinese hackers.  First, we were told that 2.2 million people were affected, but that number has risen to now more than 21.5 million people affected.  But as more becomes known about the data breach, it is not just the numbers of people affected that makes this data breach so serious, but the kind of data stolen that makes it even worse.  Among the data stolen were 1.1 million fingerprint records, the theft of which poses a serious threat as more and more biometrics, such as fingerprints are used for security purposes on smartphones, computers and other devices.  Although it sounds like science fiction, it is actually science fact that the stolen data could be used to create copies of fingerprints on latex gloves that could be used to gain access to fingerprint protected devices.  The severity of the problem may be mitigated somewhat by older fingerprint records being ink images rather than the high resolution digital scans now used, but either way, the threat is real.


As I wrote in my USA Today column about the data breach at the OPM, hopefully this event will be our cyber 9/11 wakeup call to improve our national cybersecurity  in government, private industry and our individual lives.  Here is a link to that column:

While all we can do as individuals is urge our elected officials and companies with which we do business to improve their data security, there is much we can do as individuals to protect our own cybersecurity on our computers, laptops, smartphones and other devices.  You can find lists of many steps you can take to make your cyberlife more secure in my book “Identity Theft Alert.”

Scam of the day – May 16, 2013 – Medical identity theft update

In my book “50 Ways to Protect Your Identity in a Digital Age” and in a number of Scamicide “scams of the day” I have warned you about the dangers of medical identity theft which was again in the news recently with the indictment of an Ohio man who is charged with stealing the identity of a South Carolina man and using his identity and his insurance to obtain more than $300,000 of medical services at the Ohio State University Wexner Medical Center.  It has been estimated that medical identity theft by which someone’s medical insurance is accessed by an identity thief costs health care providers up to 7 billion dollars a year.  However, the cost to someone who is a victim of medical identity can be much worse than just lost money.   The medical identity thief’s medical information, such as blood type and other information gets mixed into the medical records of the medical identity theft victim thereby leaving the medical identity theft victim facing the possibility of receiving improper treatment based on false information in his or her tainted medical file.  This is potentially life threatening.  Often medical identity theft is an inside job where rogue employees of a medical facility sell the medical insurance information of their patients to identity thieves.


The medical industry has a long way to go to insulate patients’ insurance and medical information from the prying eyes of identity thieves.  However, one promising step that is starting to be used is biometrics such as iris scanners to make sure that the person using medical information is the real insured.  I discuss this in detail in “50 Ways to Protect Your Identity in a Digital Age.”  With medical identity theft at epidemic proportions, it is important for the medical industry to take greater steps to reduce or eliminate medical identity theft. We can do our part by asking our medical care providers what they are doing to prevent medical identity theft and to encourage them to use iometric identifiers such as iris scans as a part of that effort.