Apr 19

IDENTITY THEFT TIDBITS

WHO’S REALLY CALLING?

Have you received a call about suspicious activity on your bank or credit card account? It’s comforting to know someone’s looking out for you. Or are they? If they’re asking questions for which they should have the answers, these callers may only be looking out for themselves!

BE SMART WITH USED DEVICES

On average, U.S. smart phone users upgrade their device every 22.7 months. That leaves a lot of used, late-model devices on the market. Don’t let visions of fast cash dancing in your head distract you from taking steps to ensure you’re not giving away your identity!

HOW THE GRINCH STEALS YOUR IDENTITY

They use all imaginable OFFLINE and ONLINE methods. Ways to protest you personal information.

  • Shred all documents that contain personal identifiable information (PII)
  • Sign up for informed Delivery by USPS
  • Don’t carry, or share, more personal information than necessary
  • Don’t use you credit or debit at a gas pump with a broken security seal
  • Don’t click on links or open attachments you receive via email
  • Closely review account statements

Contact Tom Holthus @ 408-309-3557 for information about identity theft services.

Feb 14

Job Search and Career Management

Mentor-Train-Recruit (MTR) Program for Job Search and Career Growth
Two workshops to get you on your path to your professional career.
Part I: Job Search in 30 Days Workshop
February 10, 2018, 8:30 am to 5:0 pm @ Resurrection Lutheran Church
2495 Cabrillo Ave., Santa Clara, CA 95051
The “Job Search in 30 Days Workshop” provides professional assessment, targeted job resume preparation, positioning and mentoring to job seekers in transition. This workshop is part of Mentor-Train-Recruit (MTR) program developed over the past 8 years of experience and a proven methodology that has helped hundreds of Silicon Valley professionals to land their jobs in a very short time. Participants include more than six hundred members from professional groups including Project Management Institute, IEEE, IIBA, C-Six, NOVA & EDD-Connect-ProMatch.
At the first glance, “Job Search in 30 Days” may sound impossible. However, as everything we do in our lives, “work smarter not harder” is the key! MTR workshops show you how to develop “smart” strategies to land your new job in 30 days. First, the workshop provides you with a self-assessment, and the tools to construct an effective personal professional portfolio. Second, the workshop helps you to evaluate the job market, posted jobs, tune-up your job application and resume to apply for the job leveraging your existing resources and network. You will learn how to interview and get a referral, which is essential to get a job in current market. Weekly breakfast meeting for on-going career coaching, mentoring and one-on-one are an important part of keeping you on track for success!
Part I Agenda 8:30 am- 9:00 am Breakfast, Registration, Introductions 9:00 am- 12:00 pm Self Assessment, SOOAR, Professional Branding, Elevator Speech, Resume, Leveraging Contacts, Job Search Plan, Career Roadmap and interactive discussions. Working Lunch Sandwiches and light refreshments are provided throughout the day. 1:00 pm – 5:00 pm Job Search Campaign, Action Plan, Job based Resume Tune-up, Workshop Summary.
Fees: $35 with Advance Reservation, pay at the workshop by cash or check. Includes lunch, refreshment and workshop materials. Bring your laptop with wireless connection.
To register / more Information, email MTRProgram@g-esi.com subject line: 2/10/2018 Job Search workshop.
Part II: Career Management: Transition to “A” Job
February 24, 2018, 8:30 am to 5 pm @ Resurrection Lutheran Church
2495 Cabrillo Ave., Santa Clara, CA 95051
The “Career Management: Transition to “A” Job” workshop helps professionals create their transition roadmap to achieve the next career milestone. Simply put, carefully created transition steps along the way to the ultimate career objective. Note that in your current job, you are in your “B” Job. To progress you must create your transition plan to the “A” job. This workshop is Part II of the Mentor-Train-Recruit (MTR) program to position you for the next step in your career.
This workshop builds on your Job Search in 30 Days workshop professional assessment artifacts and help you create strategies and an execution plan to achieve your next “A” job. Prerequisite is the “Job Search in 30 Days” workshop. It is highly recommended that you take the refresher before this class to help in developing the up-to-date self-assessment, and the current professional portfolio.
Part II Agenda 8:30 am- 9:00 am Breakfast, Registration, Networking 9:00 am- 12:00 pm Recap of artifacts from “Job Search in 30 Days” (Self Assessment, SOOAR, Profession, Elevator Speech, Resume, Contacts). Identify the next steps towards your career objectives, Create a Roadmap and discuss steps required to reach the goals. Working Lunch Sandwiches and light refreshments are provided throughout the day. 1:00 pm – 5:00 pm Continue build the roadmap steps. Discussion and clarifications of tasks on your transition roadmap. Final Presentation.
Fees: $75 with Advance Reservation, pay at the workshop by cash or check. Includes lunch, refreshment and workshop materials. Bring your laptop with wireless connection.
To register email MTRProgram@g-esi.com subject line: 2/24/2018 Career Management Workshop.
Fees for both : $100 with Advance Reservation, pay at the workshop by cash or check..
To register for both workshops email MTRProgram@g-esi.com subject line: 2/10/2018 & 2/24/2018 Career Management Workshops.
Instructor: Mahmood Khan, MBA, PMP, Director Professional Services at Oracle | NetSuite Corporation is a Business and IT consultant. He is an Entrepreneur, a career coach and a public speaker on the subject of Job Search, Career Management and emerging technologies. During the past nineteen years Mahmood has held positions at F50 and Silicon Valley companies as a Principal Consultant, Program/Project Director, and Solution Architect. Previous employers include CSC, Hewlett Packard, IBM GS, and Bay Area start-ups. He has been involved in community development and advisor to Foothill-DeAnza College. He is a board member of San Jose Conservation Corps and Charter school, Silicon Valley Engineering Council and is a charter member of Rotary eClub of Silicon Valley.
Contact: Mahmood.khan@g-esi.com
Testimonials: “Thanks to using Mahmood’s fabulous job search program, I went from spray and pray applications on job site boards without results, to landing my dream job at my best-case target company. Mahmood’s system and professional coaching guided me to develop the job search materials and methodology that helped me get the job I really wanted. Thanks Mahmood! Jean Anderson PMP.”
“I scored an interview with the COMPANY on Wednesday morning!!!!!!!!!!!!!!! Thank you again for your magic, it did not only open my eyes but must have done some good at the company. CIAO Stefan.”
“Thank you so much for being there on Friday. Your advice was on point and I know you helped a lot of people with your insight. See the full story at http://abclocal.go.com/kgo/story?section=news/business&id=7620746 Ash Kalra, Council member District 2 City of San Jose.
“Happy holidays Mahmood! I received an offer and am starting a whole new career in 2017! Thank you so much for the support, help, guidance and I look forward to continuing the methods I learned! Best Regards, Alex
“Hi Mahmood, The job search group and the 30days workshop did help a lot. Below are only to name a few that helped me.
1. Self assessment – a clear view about skills and what can do
2. Close gap – Continue learning skills ( for me through YouTube)
3. Target matching jobs – Instead of target company, I search for jobs that matches my experience
4. Summarize interview experiences, good or bad to improve interview skills
5. Record phone interview, based on the areas they were asking and the job description, come up SAOOR, the more the better.” Best, Emay.
“The job search workshop paves the path to career by providing the solid foundation and all the building blocks to your career destination!
I Can’t stress enough the importance of completing all the SOOAR homework and attending the breakfast and workshop meetings. Then the one on one coaching with Mahmood as well as meetings and support from your buddies.
These are the real secrets – luck = preparation + opportunities.” Shue Han Chou

Jun 07

The Dark Web

If you want to buy or sell illegal stuff, the dark web is where it is donespider-web-148828

A google search for “dark web” at 7:35 on 4/23/2015 returned 72,000,000 results in 0.66 seconds. A similar search with Norton Safe Search returned 201,000,000 results in about the same time. Other search engines return similar results. What is the dark web?

Here is how Wikipedia defines the dark web:

https://en.wikipedia.org/wiki/Dark_web#Definition

“The dark web is the World Wide Web content that exists on darknetsoverlay networks which use the public Internet but require specific software, configurations or authorization to access.[1][2] The dark web forms a small part of the deep web, the part of the Web not indexed by search engines, although sometimes the term “deep web” is mistakenly used to refer specifically to the dark web.[3][4][5][6][7]

The darknets which constitute the dark web include small, friend-to-friend peer-to-peer networks, as well as large, popular networks like TorFreenet, and I2P, operated by public organizations and individuals. Users of the dark web refer to the regular web as Clearnet due to its unencrypted nature.[8] The Tor dark web may be referred to as onionland,[9] a reference to the network’s top level domain suffix .onion and the traffic anonymization technique of onion routing.”

It is extremely easy to access the dark web and even easier to be detected on it if you don’t take

https://darkwebnews.com/help-advice/access-dark-web/

precautions. If you are new to the deep web, this guide will help you on your way.

According to researchers, only 4% of the internet is visible to the general public.

Meaning that the remaining 96% of the internet is made up of “The Deep Web”.

 

It is my opinion that the internet has done more to assist crime than any other development in history.  Information can be more damaging than any other weapon.  I invite you comments.

Apr 16

Is Your Child’s Identity Safe?

family EDTSince the red flags aren’t as obvious as they are for adults many children don’t know they’ve been and identity theft victim until they get their first job or by the first car. That makes them very attractive targets. “If a thief gets a hold of the child’s Social Security number, they can completely trash that credit and use it for years if someone isn’t paying attention,” says Jen Stueckler product manager IDShield.

The restoration process for child identity theft is a complex topic, as statistics show that the perpetrators are often relatives. Having a trained IDShield private investigator to handle the gritty details can salvage more than just a child’s credit. “you want your family to be protected and do the best for them,” says Efrain Reeder, Director of key accounts for Kroll. “we provide guidance and a sympathetic ear so people can understand the severity of the problem and help them navigate that family dynamic.”

findings are based on a report published in 2012 the source: https://www.bjs.gov/content/pub/pdf/vit14_sum.pdf

For a more complete picture of this topic, see Bureau of Justice Statistics, identity theft series:

https://www.bjs.gov/index.cfm?ty=pbse&sid=60

Send me an email, tom@trholthus.com  if you want more information about identity theft

Apr 15

Identity Theft & Your SSN

15747960 - social security theft concept of identity theft

social security& identity theft

I am summarizing an article that appeared in the Hill and was written by Dave Coffey. Click here to read the complete article at The Hill.

Americans are now familiar with identity theft having experienced it themselves or know someone who has. The US is now known as the land of the free and the home of the hacked.

Federal Trade Commission has recorded that there were 3.1 million complaints received in 2015 which is a significant increase over 2014.

The major culprit identity theft these days is the use of our Social Security numbers. Social Security numbers are bought and sold on the dark web. The government has urged companies to use other ways to identify people’s identities other than the use of Social Security numbers.

With a Social Security number and identity thief can wreak habit on a person’s life. The damage identity theft and cause is immense. All the thief has to do is get a Social Security number and then use it to get a credit card in the name of that person. Then the identity thief is off and running, stealing everything a person has.  Credit card companies started using a chip in their credit cards to increase the security of those cards but it’s only a partial solution. In my opinion, defensive tactics or games will not win in the long run.

Protecting oneself and one’s family from identity theft requires the control of your personal identifiers very closely. There are many services out there that will assist you in this effort. I have my favorite others have theirs.

Contact me to learn more about how to protect your identity, tom@trholthus.com.

Apr 06

YOUR BUSINESS IT SYSTEM IS ALWAYS AT RISK

Overview – DDoS  

You will be attacked; it is only a matter of time and time and DDoS is only one method.

Any one can do it

ANYONE CAN DO IT

Consider DDoS, Distributed Denial of Service attacks.  The following information is extracted from a VeriSign report, VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT. The full report can be found at: https://www.verisign.com/assets/report-ddos-trends-Q42016.pdf

Attackers in Q4 2016 launched sustained and repeated attacks against their targets. Verisign observed that more than 50 percent of customers who experienced DDoS attacks in Q4 2016 were targeted multiple times during the quarter.

Overall, average attack peak sizes in 2016 were larger than previous years. In fact, Verisign observed an average attack peak size of 16.1 Gbps in 2016, a 167 percent increase from 2015, in which the average attack peak size was 6.02 Gbps.

Highest Intensity Flood and Largest Volumetric Attack

The largest and highest intensity DDoS attack observed by Verisign in Q4 2016 was a multi-vector attack that peaked at over 125 Gbps and around 50 Mpps. The attack was notable because attackers were persistent, sending attack traffic on a daily basis for almost an entire month. The attack consisted of DNS Reflection traffic and Internet Control Message Protocol (ICMP) traffic and the attackers switched periodically to TCP SYN and TCP Reset floods peaking at approximately 70 Gbps and 50 Mpps. The attack also included floods of IP fragments to increase the volume of the attack.

DDoS Attacks Against Public Sector Increases

In Q4 2016, public sector customers experienced the second highest number of DDoS attacks among the Verisign DDoS Protection Services customer base (32 percent of total attacks). This is the highest percentage of DDoS attacks that Verisign has observed against Verisign public sector customers since the inception of the Verisign DDoS Trends Report in Q1 2014. Customers in the IT Services/Cloud/SaaS industry continue to have the largest number of DDoS attacks in Q4 2016.

MARKET LANDSCAPE: THE BOTNET ECOSYSTEM

Launching a DDoS attack is much more accessible to attackers thanks to the rise of cloud computing, cheap hosting, readily available bandwidth and open-source attack tools. From low-skilled teenagers aiming to cheat while playing online games to cybercriminals looking to supplement their income by renting out their botnets for opportunistic attacks, the DDoS-for-hire market is booming.

The Botnet Ecosystem

Botnets utilized in DDoS attacks vary greatly in size and potency, from as small as a dozen compromised computers to as large as over one million devices. For example, a recent DNS-based DDoS attack that caused significant portions of the east coast of the United States to experience connectivity issues to certain websites involved a flood of malicious requests from up to 100,000 malicious endpoints.2 Botnets are comprised of computers, smartphones, servers, routers, printers and even IoT devices like networked refrigerators. With more devices continuously connected to the internet, the available pool of devices that could be used as botnets has increased. Attackers can now rapidly identify and leverage thousands of compromised devices and harness their bandwidth to launch DDoS attacks that can overwhelm even the most prepared networks.

Mitigating DDoS Attacks by Botnets

Because most DDoS-for-hire services frequently share similar characteristics, identifying popular DDoS techniques can help companies mitigate and defend against a variety of DDoS attacks. However, there still is a human element involved. Since most DDoS attacks are concerted efforts by live attackers to bring down a network, many of the attacks start out as one type of attack, but then morph into something new or different. Consequently, organizations need to have access to a high level of expertise and experience in combatting these complex hybrid DDoS attacks. Having a solution that includes monitoring of traffic behavior, the ability to defend against not only network, but also application layer attacks, and the flexibility to transfer large attack traffic to a cloud-based DDoS provider can help to alleviate dangerous threats and costly attacks.

Send me an email to tom@trholthus.com with your phone number if you want to learn more about information security.

Jun 23

Eleven Identity Theft Misconceptions

misconception

“What you don’t understand could put your identity at risk” – April 3, 2015 IDShield

When it comes to protecting personally identifiable information (PII) and reducing risk of identity theft, the more accurate information you have, the better off you are. Here I share some common misunderstandings about identity theft and explain the reality of each:

Myth1: Identity theft can be prevented completely

Reality: There is no practice or product that can wholly prevent identity theft. There are several components of your personal identity which are collected and used for many reasons. They can’t be locked down in a way that allows only you to authorize their use. Certain tools and practices go a long way to reduce the risk of becoming a victim and to notify you of fraudulent activity early but you must understand that you cannot prevent every type of identity theft.

Myth 2: I use cash and don’t use credit so I won’t become a victim of identity theft.

Reality: There are two things to consider: First, just because you have not established a credit account, that doesn’t mean somebody else will not use your PII to obtain goods on credit. Second, identity theft affects far more than credit. Identity theft can involve criminal acts, medical care, banking, employment and more. It is important to monitor and protect your identifying information as much as possible regardless of your favorite payment method.

Myth 3: If I become a victim of identity theft, I will have to pay the debts created by the thief.

Reality: There are federal laws that protect victims of identity theft from being held financially responsible for debts created by an identity thief. See Statement of Rights for Identity Theft Victims. However, the victim must address the misuse of their PII in a timely and complete manner with the affected entities.

Myth 4: My credit report is monitored so I don’t have to worry about identity theft.

Reality: Credit report monitoring can help you discover potential credit-related identity theft early. While it may then provide an opportunity to take steps to prevent other cases of credit-related identity theft, you must approach credit report monitoring as a valuable tool of detection rather than prevention. As stated earlier, a thief can use your PII to accomplish much more than opening new credit accounts.

Myth 5: Sensitive data can be transmitted safely via e-mail.

Reality: Unless you are encrypting your email message and sending the encryption key separately, email is not a safe way to share PII. Note that legitimate organizations will not ask you to share sensitive information via email.

Myth 6: You must supply your Social Security number (SSN) if asked for it.

Reality: There are laws requiring you to provide your SSN for certain purposes but not everyone who requests your SSN is required to collect it. Entities that request your SSN for legitimate purposes include, but are not limited to: government tax and welfare agencies, financial institutions and securities brokerages, state motor vehicle departments and employers upon your acceptance of their offer of employment. See the SSA’s history page for situations that require a SSN.
Other entities may ask for it because it is a readily available identifier. Before sharing this piece of sensitive data, ask why it is needed and if there is a different identifier you can give instead of your SSN.

Myth7: Paper records (or other physical documentation) with PII are much safer than electronic records.

Reality: Stealing physical items is still a very common method of obtaining PII. Items stolen may include a laptop computer, purse/wallet, files from an office, or even trash from a home or business. Secure items holding PII to the best of your ability (locked box or desk drawer, safe or safety deposit box).

Myth 8: I shred everything so my information will not be obtained by an identity thief.

Reality: Shredding papers, disks and other items that contain PII is a great thing to do on a regular basis because it reduces the likelihood that someone will find valuable information in your trash. However, data can be captured in other ways and used for identity theft.

Myth 9: It is safe to respond to an unsolicited phone call or complete an internet form as long as you recognize the name of the company.

Reality: Because of tricks such as domain masking and caller id spoofing, it is not safe to assume that you are communicating with the entity that appears to have contacted you. Do not give sensitive information by phone or internet form unless you initiated the activity and are certain of the legitimacy of the entity with which you are dealing. If you receive a suspicious phone call or email, contact the entity that appears to have sent the communication using a phone number you obtain on your own and ask about the legitimacy of the communication you received.

Myth 10: It is okay to not check my financial accounts regularly.

Reality: Most financial institutions provide a monthly statement with the expectation that you, the account holder, will review it for accuracy. In some circumstances, you have only 60 days from the date of the statement on which a problem is found to dispute the problem with the financial institution.

Myth 11: I found an unfamiliar account on my credit report and then confirmed that it was created by identity theft. Since it was created more than 60 days ago, I am responsible.

Reality: No! Some people erroneously apply the rules related to disputing unauthorized credit card charges (as mentioned in the previous “Reality” explanation) to other types of fraud.

I will elaborate on this topic in future blogs. You can contact me at 408-309-3557 if you want more information now.

Take a look at https://www.idshield.com/?hub=trholthus to view my preferred identity theft protection program.

Send an email to me, tom@trholthus.com, with your phone number and I will call you to see what information I can send you to help you with Identity theft. Your information will never be shared.

Thomas Holthus
Business Mentor

Jun 22

Common Scam Characteristics

scamThe bad guys are getting more creative each day. There is a wealth of information in the web about scams. I find that most people do not have the time to search for and read them. I will present a few of them and highlight their common characteristics.
Sample scams from IRTC (http://www.idtheftcenter.org/)
This is a sample of the information that is available on the web
• Dayton Power and Light Scam
Thieves are pretending to be employees of Dayton Ohio’s Utility provider and scamming residents out of money through collection of false utility usage fees.
• Medical Emergency Scam
The scammer calls the victim and claims that they work for a hospital or related emergency medical service. The scammer then informs the victim that their child was in an accident and money needs to be sent for medical bills.
• Social Security Mailer Scam
Scammers are using a “referendum on Social Security,” as a false pretense to request fraudulent donations.
The common characteristics of the scam
• A phone call from someone you don’t know
• A request for $ or access to a credit or bank account
• A story that you might relate to
What to do
• Seek verification of the claim from an independent source
• Purchase identity theft protection

I will elaborate on this topic in future blogs.

Send an email to me, tom@trholthus.com, with your phone number and I will call you to see what information I can send you to help you with Identity Theft. Your information will never be shared.

Take a look at https://www.idshield.com/?hub=trholthus to view my preferred identity theft protection program.

Thomas Holthus
Business Mentor

Nov 26

Identity Theft Overview

Identity Theft Overview – Are you a Victim?

Definition: “When someone else gains access to your personal information and uses it without permission”. Someone’s identity is stolen every 2 seconds in the US. It is not a matter of if you will be compromised; it is a matter of when. This blog is a brief overview of the topic of identity theft.

What are they after?

They want three things about you: your SSN, your driver’s license and your DOB. With these, they can make a mess of your life.

How do they do it?

These are their core techniques: phishing, dumpster diving, scams and data breaches.

Scams

Scams usually originate from phone calls, test messages, email and postal mail.

Why now?

Most of the crime is made possible by the digital age!

Types – “Knowledge is Power”

A little about each type of identity theft

Criminal

Crimes are committed using your information
Requires an attorney or attorneys to clear up your name

Financial

  • Banks & credit card companies
  • The easiest to clean up
  • About 19% of total

Medical

  • Prescription drugs in your name
  • Medical treatment in your name
  • Affected over 1.84 million victims and having a total out-of-pocket cost of $12.3 billion (most expensive form)
  • Can be dangerous

Governmental

  • Tax return fraud
  • Benefits such as Medicaid, Medicare, disability, etc.
  • About 47% of total

What can you do about it?

  • Secure your data
  • Pay attention to financial statements
  • Invest in ID Theft protection

For more information

I will elaborate on this topic in future blogs. You can contact me at 408-309-3557 if you want more information now.

Take a look at http://www.legalshieldassociate.com/idt/trholthus to view my preferred identity theft protection program.

Thomas Holthus
Business Mentor

Mar 28

10 of My Favorite Success Quotes

Here are 10 of my favorite Success quotes:

1. Discipline is the bridge between goals and accomplishment. ~Jim Rohn

2. Every adversity, every failure, every heartache carries with it the seed on an equal or greater benefit. ~Napoleon Hill

3. The greatest barrier to success is the fear of failure. – Sven Goran Eriksson

4. If we’re growing, we’re always going to be out of our comfort zone. ~John Maxwell

5. There is far more opportunity than there is ability. ~Thomas A. Edison

6. Most folks are about as happy as they make their minds up to be. ~Abraham Lincoln

7. There’s always a way – if you’re committed. ~Tony Robbins

8. A goal is not always meant to be reached, it often serves simply as something to aim at. ~Bruce Lee

9. Take time for all things: great haste makes great waste. ~Benjamin Franklin

10. You can do anything, but not everything. ~David Allen

Do you have a favorite quote?

Please post a comment below and share a quote!

Thomas Holthus
Business Mentor