Personal Information & Identification Security Made Easy

Personal Information & Identification Security Made Easy

By Tim Adams

© Copyright 2017

Gate Security KK

All Rights Reserved

https://gatesecurity.info/

All rights reserved. No portion of this book may be reproduced in any form without permission from the publisher, except as permitted by U.S. copyright law.

For permissions, contact

mailto:info@gatesecurity.info

eBook formatting by: Chris Ellis

Dedication

This book is dedicated to my wife Yumiko, who has continuously encouraged and supported me through the research and the writing of this book.

Why I wrote this book

Many people have asked me why I decide to tell the truth about being a professional information thief, and even what does that means in today’s world. After working for over a decade legally extracting, acquiring and trading in people’s private information. I watched a massive billion-dollar industry develop around the extraction, the use of, and the profit being made from people’s private and personal information. I felt compelled to tell the truth about my experiences and about what I have done. I started Gate Security, which is a Business Communication and Information Security Company designed to teach people, companies and organizations what they can do to protect themselves and their private and personal information. Social Media networks, big business and the advertising and marketing industry has been totally silent on how much information they have been able to collect and store, and how this information is used to map and build a complete image and personal profile of our daily activities and lives.

This book serves as a credible information security reference guide for the public, privacy advocates and companies who are serious about building what I call The Human Firewall to protect themselves from becoming a victim of information theft. The people or The Human Element of information security is often the most over looked factor in information security. I address the most serious threats to our private and personal information today and I include information security solutions for people to practice in their everyday lives. This includes how to protect from theft, cyber hackers, Information Theft Social Engineers or others who are attempting to extract, acquire or steal private and personal information. It’s our personal responsibility to protect our private and personal information at all times, at home, in public and at the workplace. Never, in the history of mankind has our private information been so valuable and sought after by governments, businesses, advertisers, and criminals. This book goes a long way educating people on how to protect their private and personal information and secure their personal identification.

Tim Adams – Author

TABLE OF CONTENTS

1: INTRODUCTION

2: HOW I BECAME A PROFESSIONAL INFORMATION THIEF

2.1 WORKING AS A PROFESSIONAL INFORMATION THEFT SPECIALIST

Information Theft Social Engineering Training

The Evolution of the Information Extraction and Theft Industry

The Fine Line of Unethical Information Extraction

Conclusion

3: PERSONAL INFORMATION SECURITY AWARENESS

3.1 HISTORY OF INFORMATION AND IDENTIFICATION THEFT

General Private and Personal Information Theft

Personal Identification History

Identification Theft and the Telephone

The Development of Credit Cards

Personal Information Theft and Dumpster Diving

The Internet and Online

Conclusion

3.2 PERSONAL INFORMATION EXTRACTION AND IDENTIFICATION THEFT TODAY

Personal Daily Activities Information Extraction

Individual Personal Information Profiles

Identification Impersonation (Identity Theft)

Conclusion

3.3 WHO WANTS OUR PERSONAL AND PRIVATE INFORMATION?

Information Data Brokers

Advertisers and Marketing Companies

The Government

Corporate Espionage Information Theft Agents

Your Employer

Opportunistic Thieves

Identification Theft Criminals

Cyber Criminals

Conclusion

3.4 THE METHODS AND MEANS OF INFORMATION EXTRACTION AND THEFT

Information Theft Social Engineering

Physical Theft of Personal Information Assets

Cyber Hackers

Local Business Loyalty and Point Cards

Purchasing and Trading of Personal Information

Conclusion

4: OUR PERSONAL INFORMATION IS VALUABLE

4.1 WHAT PERSONAL INFORMATION IS THE MOST VALUABLE?

Your Social Security Number

Your Children’s Social Security Number

Your Date of Birth

Your Full Name (Including Aliases)

Your Actual Account Numbers

Your Online Usernames and Passwords

Your Personal Medical Records

Your Driver’s License Number

Your Passport Number

Your Banking PIN Numbers

Your Mother’s Maiden Name

Where You Were Born

Expiration Date or Confirmation Code of Your Cards

Your Physical Address (Including Previous Ones)

Your Email Address

Your Telephone Number (Home and Mobile)

Where You Hold Financial Accounts

Your Hobbies, Club Memberships, or Employer

Your Vehicle Registration

Conclusion

4.2 ONLINE PERSONAL INFORMATION EXTRACTION THREATS

Google Search Engine and Online Services

Global Positioning System (GPS) Location Services

Social Media Networks

Cambridge University and Microsoft Research Facebook Users Study

Facebook’s Personal Information Profile Parameters

Creating a Marketing and Advertisers Dream Come True

What Personal Information is Being Collected by Facebook?

Social Media Paid Access Subscriptions

Applications (Apps)

Online Information Extraction and the Required Terms of Service (TOS)

Conclusion

4.3 WHO HAS OUR PERSONAL INFORMATION AND HOW SAFE IS IT?

Who is Storing and Keeping Our Personal Information Data?

How Secure is Our Collected Personal Information?

Major Companies Personal Information Losses

Conclusion

4.4 THE NEGATIVE EFFECTS OF PERSONAL INFORMATION LOSS OR THEFT

Financial Identity Theft

Criminal Identity Theft

Medical Identity Theft

Identification Cloning (ID Cloning)

Commercial Identity Theft

Conclusion

5: WHERE WE ARE AT RISK OF INFORMATION AND IDENTIFICATION THEFT

5.0 INFORMATION SECURITY RISKS AT HOME

5.1 SAFEGUARDING PERSONAL INFORMATION AT HOME

Personal Responsibility of Our Information Security

Physical Theft

Face-to-Face Personal Approaches

Waste Management and Information Storage (Hard Drive) Disposal

Solution

5.2 UNKNOWN PERSONAL CONTACT IDENTIFICATION VERIFICATION

Personal Information Theft Attack Warning Signs

Identification Verification Methods

Identification Verification Questionnaire

Identification Verification Research

Solution

5.3 TELEPHONE INFORMATION THEFT SOCIAL ENGINEERING SCAMS

The Auto Accident Scam

The Jail Scam

The Internal Revenue Service (IRS) Scam

IRS Robo Call Scam

You’re a Winner Scams

Solution

5.4 SAFEGUARDING YOUR PERSONAL INFORMATION ONLINE

Do an Assessment of Your Online Activities

Social Media Privacy

Application (App) Security

Lock Down Your Hardware

Private Browsing and Virtual Private Network (VPN)

Password Security

Strong Password Examples

Password Managers

Use Two-Factor Authentication

Lie When Setting Up Password Security Questions

Shopping Sites Security

Use an Extra Email Address

Personal Health and Tracking Devices

Solution

5.5 HOME WI-FI NETWORK SECURITY

Home Wi-Fi Network

Wi-Fi Network Security Measures

Change the Router Username and Password

Change the Network Name

Activate Encryption

Stack Up on Firewalls

Turn Off Guest Networks

Update Router Firmware

Turn WPS Off

Disable Wi-Fi When Not Home

Wi-Fi Location

Solution

5.6 INCOMING MESSAGE PERSONAL INFORMATION EXTRACTION TRICKS

Email, Text or Instant Messenger (IM)

Phishing

Phishing Message Example:

Malware

Malware Message Example:

Solution

5.7 ONLINE INFORMATION THEFT SOCIAL ENGINEERING SCAMS

Money Laundering Scams

Solution

The Friend Scams

Solution

A Guaranteed Bank Loan or Credit Card Scam

Solution

Job Scam

Solution

Vacation Scam

Solution

Owed Money Scam

Solution

The Refund Compensation Scam

Solution

The Lottery and Related Other’s Scams

Solution

6: INFORMATION SECURITY RISKS IN PUBLIC AREAS

6.1 SAFEGUARDING PERSONAL INFORMATION IN PUBLIC

Personal Information Assets Inventory

Public Area Security Awareness

Solution

6.2 PICKPOCKETS AND THIEVES

Scenario 1: The Elevator or Train Entrance Ticket Line

Solution

Scenario 2: The Park or Public Spaces Distraction

Solution

Scenario 3: The Bus, Train Stop or Shopping Areas

Solution

Scenario 4: The Busy Street

Solution

Scenario 5: The Cafe Table Cover

Solution

Scenario 6: The Photo Opportunity

Solution

Car and Vehicles

Solution

6.3 AUTOMATIC TELLER MACHINES (ATMS) THREATS

Card Capture Devices

The Card Skimmer

The Lebanese Loop

The PIN-Pad Overlay

Helpful Strangers

The Dropped Money Trick

Shoulder Surfing

Solution

6.4 CREDIT CARD SAFEGUARDING

Non-Bank-Owned ATMs

Flea Markets or Outdoor Shopping Bazaars

Small Shops/Cafes in Foreign Countries

Wi-Fi Hotspots and Public Computers

Purchases on Smartphones or Other Internet Connected Devices

Solution

6.5 PERSONAL TRAVELING SECURITY

Take Only the Items Needed

Pack Luggage or Bags Securely

Make a Copy of All Important Documents

Keep Your Valuables Out of Sight

Traveling Financial Security Measures

Avoid Crowds and Commotion

Solution

6.6 HOTEL SAFETY TIPS

Check in Security

Solution

Secure Your Room

Solution

Someone Always in The Room

Solution

The Front Desk Scam

Solution

The Take-Out Fake-Out

Solution

6.7 PUBLIC INTERNET AND FREE WI-FI HOTSPOTS

Free or Public Internet Direct Connections

Wi-Fi Hotspot Personal Information Security Threat

Trading Personal Information for Free Wi-Fi

Public Wi-Fi Security and Virtual Private Network (VPN)

Solution

6.8 SAFEGUARDING PERSONAL INFORMATION IN PUBLIC AREAS

Pay For Things With Cash

Lie on Loyalty Cards

Don’t Give Your Real Zip Code When Using a Credit Card

Fill Out Forms Securely

Solution

7: INFORMATION SECURITY RISKS AT THE WORKPLACE

7.1 SAFEGUARDING PERSONAL AND CORPORATE PRIVATE INFORMATION

Company Business Operations & Employee Information Security Responsibility

7.2 COMPANY BUSINESS OPERATIONS INFORMATION SECURITY THREATS

Information Data Brokers

The Data Research and Recruitment Process Outsourcing (RPO) Call Centers

Corporate Espionage Information Extraction Activities

Conclusion

7.3 EXECUTIVE HUMAN RESOURCE SEARCH RECRUITING FIRMS

New Human Resource Recruiter Training

Human Resource Recruiter Personal Information Trading

Personal Information Security Threats Meeting with Recruiters

Conclusion

7.4 TELEPHONE INFORMATION THEFT SOCIAL ENGINEERING TACTICS

The Lost Information Scenario

The High-Pressure Scenario

The Spilled Drink Scenario

Name Planting and Laddering Technique

The Authority Figure

The Missing Friend Technique

The Reporter or Journalist Technique

The New Friend Technique

Solution

7.5 TELEPHONE INFORMATION THEFT SOCIAL ENGINEERING EXAMPLES

Example 1: The Marketing and Sales Staff

Example 2: The Accounting Manager

Example 3: The College Administration Attack

Example 4: The IT Help Desk Attack

Solution

7.6 AT THE WORKPLACE INFORMATION THEFT SOCIAL ENGINEERING EXAMPLES

Example 1: Human Resource Recruiter (Dumpster Diving)

Example 2: Human Resource Recruiter (On-Site Information Extraction)

Example 3: The Company Business Operations Attack (Security Test)

Example 4: Procter & Gamble vs. Unilever Case

Solution

7.7 THE INTERNET AND ONLINE THREATS AT THE WORKPLACE

Workplace Online Communication Threats

Example 1: Malware Infected Attachment

Example 2: The Spoofed Friend Message

Example 3: The Business Opportunity

Analysis

Example 4: Google and Facebook Phishing Attack

Example 5: Political Campaign E-Mail Phishing Scam

Solution

7.8 ADDITIONAL INFORMATION SECURITY THREATS AT THE WORKPLACE

Face-to-Face & Personal Approaches

Workplace Assets and Information Extraction

Waste Management Security and Dumpster Diving

Solution

8: THE FUTURE OF PERSONAL INFORMATION EXTRACTION AND THEFT

8.1 THE FUTURE OF PERSONAL INFORMATION EXTRACTION

Information Data Brokers

Closed Caption Television (CCTV)

Face and Speech Recognition Tools

Personal Tracking and Global Positioning Location Services (GPS)

Internet and Online

Conclusion

8.2 THE NEWEST INFORMATION TECHNOLOGY DEVELOPMENTS

Internet of Things (IoT)

Audio Beacons

Low Earth Orbit (LEO) Communications

Human Microchip Implants

Conclusion

9: RESPONDING TO PERSONAL INFORMATION SECURITY THREATS

9.1 HAVE I BEEN A VICTIM OF PERSONAL IDENTIFICATION THEFT?

Warning signs of Identity Theft

Steps That Need to be Taken if You Have Been a Victim

9.2 POLICE & LAW ENFORCEMENT AGENCIES

Credit Reporting Agencies

Conclusion

10: FINAL CONCLUSION

THE 10 MOST IMPORTANT STEPS WE CAN TAKE TO PROTECT OURSELVES

WORKS CITED

1: Introduction

My goal in publishing this book is to create the simplest and easiest to understand, communication and personal information security awareness, and safeguarding reference possible. I am doing this to help people of all ages learn how to protect themselves, their family, friends and co-workers, private and personal information to avoid becoming a victim of private and personal information theft at home, in public and at the workplace.

Today, our private, personal and work place information is at a greater risk to being extracted, acquired or stolen than ever before. This is for the simple fact that people’s personal and private information, and company business operations information has become more valuable than any time in history. Our personal information is being collected, compiled and stored by many sources from all areas of our private lives and the information is used to build an individual personal profile on us. If our personal information falls into the wrong hands, we can become a victim of Identification impersonation or Identity theft and this can lead to an assortment of serious problems.

This is NOT an information technology security book that concentrates on computer hacking, anti-virus, database or software security. This book focuses on the weakest link to our personal information security today. We the people! I want to educate readers on the specific actions that people or The Human Element of information security, can take in their everyday lives to safeguard private and personal information assets.

Outside of the actual theft of our personal information assets, or the cyber hacking of a person’s private and personal information through a computer or other Internet connected devices. A dangerous threat, and a very popular method of personal information extraction today, is the use of various forms of Information Theft Social Engineering to extract the targeted information being sought after. Having worked as a professional information theft specialist for a decade. I was very successful at extracting and stealing people’s personal information from all over the world. I did this by using various forms of lies, which I define as Information Theft Social Engineering to trick, fool or con people to provide me the desired targeted information I was seeking at the time. This was accomplished primarily on the telephone, through an email/text/IM, and via face-to-face meetings with people.

Information Theft Social Engineering is not illegal, but it certainly could be considered as being unethical. As lying to people using false premises to gather the targeted information being sought after is not the most honest practice. I will take you behind the scenes and expose the Information Theft Social Engineers methods and means used by the professional information theft specialist today to extract and acquire company business operations information and people’s private personal information today.

Information theft has become one of the fastest growing crimes in the world. After reading this book, I hope you have a clear understanding of the personal information security threats that we are facing today in our daily lives. Our personal information security generally comes down to one thing, and that is the decisions we personally make to safeguard and protect private information from being extracted, acquired and stolen. We the people are The Human Element of information security and we are the most important component to our own personal information security today.

2: How I Became a Professional Information Thief

This chapter will address the path that led me to become a very successful professional information thief. The starting of my own Human Resource staffing business based on the utilization of various forms of information theft and finally the creation of Gate Security, a business communication and information security company that I started with the sole intention of helping company’s, organizations and people learn how to protect themselves from becoming a victim of information and identification theft. 

2.1 Working as a Professional Information Theft Specialist

My road to becoming a professional information theft specialist occurred like this. I was an accomplished chef and managed a kitchen in a popular and successful restaurant when I finished college. With a Business Administration, Marketing degree in hand, it was time to start a new chapter in my life and enter the business world. I had a friend who worked as an Executive Human Resource Recruiting Consultant. He seemed to be doing well and he convinced me to give the Recruiting industry a try. I was told that the job was to find a person from one company and persuade them to join another company. If the person accepts the position, then you are paid a commission that is based on how much salary this person will earn for a year. Sounds interesting I thought. What I did not know at the time was how you went about doing this.

I interviewed for the job and it was explained to me, the Recruiting Consultants key to success was how good your information extraction skills were, and how hard you worked. This seemed fair to me, as I had never had an issue with putting in a good day’s work, so I accepted the position of Recruiting Consultant at The Executive Human Resource Recruiting agency.

Information Theft Social Engineering Training

The training for the new Recruiting Consultants consisted of spending countless hours studying and listening to the Senior Recruiting Consultants performing various kinds of Information Theft Social Engineering on company employees to extract company business operation and personal contact information. The favored methods of personal information extraction occurred on the telephone. But, it was also done through an email/text/IM and during face-to-face meetings with potential candidates or by going on site to a company and collecting as much of the company’s business operations private and personal employee information as possible. I learned from the most successful Senior Recruiting Consultants at the company. I adopted their best Information Theft Social Engineering strategies, methods and means that were being used to gather information.

We were constantly informed by the company that our ability to extract or obtain company personal employee contact information was the basis for being financially successful. In my quest to live up to the company standards and acquire new clients and learn more about possible candidates, I became a 24-hour personal information extraction machine. Essentially, I would extract as much company business operations and employee contact information as possible at all times from anyone I was in contact with and everywhere I went.

I worked at a major Executive Human Resource Recruiting agency for