Up to 1 Million email Accounts Phished for Identity Theft

/1 Comment/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised.

News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com. Internet users are urged to change their passwords regularly and ensure anti-virus software is up to date to protect themselves from fraudsters.

While phishing emails keep pouring in, their methods are changing rapidly. Posing as a Nigerian prince is still common, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate websites offer plenty of data on the company officers and administrative contacts, which makes it relatively easy to create a sucker list. If scammers send an email blast to the entire company, eventually someone is likely to cough up enough data to allow the scammers to tap into the company’s intranet. Once the scammers have accessed the intranet, all further phishing emails will appear to be coming from a trusted, internal source.

Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers. Often, that same virus makes the victim’s PC part of a botnet.

How to avoid becoming a victim? Delete.

Change passwords often. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases

Never click links in the body of an email that are coming from a bank, Paypal or any enterprise that may be leading to a request to enter data. Go to your favorites menu or manually type the address in.

Pay attention to phishing filters. Most updated browsers have built-in phish filters that toss up a red flag warning of a potential ruse.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

I Want to Punch Passwords in The Face

/0 Comments/in , , , , , /by

Robert Siciliano identity theft expert

Passwords and forms harass and mock me every day of my life. Everywhere I go there is a big burly bouncer who is the password gatekeeper and he needs a beating. He won’t let me in or by the velvet ropes unless I know the secret code. Most of the time I know what he wants, but because I have so many passwords to remember (last count is 456, but less than 200 active/weekly sites), I sometimes forget. Then I try 2-3 other passwords that I think will work before I get locked out. I can’t have all the same passwords because wouldn’t it be just great if I got hacked.

Ultimately I have to go to a password protected file that stores them and begin the copy paste process. But even when I do that there are problems. Sometimes when a password is copied then pasted, the form won’t recognize it. It’s a code thing that’s beyond my expertise.

Some are reading this and wondering why this is even an issue. Saying if you use one browser and have one password manager then it’s a no brainier. But I don’t use one browser. I use 2, Firefox and Chrome. I have my reasons. I also use 4 different computers consistently.

Both browsers have tabs up top and I have at least 15-20 tabs going at the same time. Social media and various blogs are rich with technology that doesn’t always work like it’s supposed to. It’s a constant struggle getting it all to work.

You’d have to be a savant (and have lots of time) to have 8 browsers on 4 PCs working perfectly with Java, Flash, audio, video and all the other plug-ins to make everything work like it should seamlessly.

All of this coupled with the fact that operating systems are often reinstalled, password managers mostly don’t do what they are supposed to, hardly any of them work with more than one browser and I don’t like auto-fill for security reasons. And I’d never use auto-fill on a laptop.

I’ve tried every possible free and fee based password manager and they mostly all have the same thing in common: They don’t do what they claim they do.

CNET introduced me to RoboForm Online. I installed it this week and it works the best of any password manager I’ve ever used. It’s a little buggy with its “master password” that doesn’t always recognize, but the over all experience is a good one.

What I like about it the most is its ability to back up automatically in the cloud among all 4 PCs and with each browser. The “Chromium” RoboForm browser is a Chrome like browser that I had to install because Google hasn’t allowed Chrome to be tweaked by 3rd parties just yet. I had to reinstall Chromium once after it crashed. But it’s working OK.

After working on all 4 PCs over a week on each different browser doing all the different tasks like blogging that help me pay the bills, I finally have most of my passwords in sync and it’s now a relatively painless process. I’m not feeling as violent towards passwords as I once was.

Beefing up passwords using a password manager is much easier. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases: Full moons on Saturday bring out whackos @12am!: is FmoSbow@12am! That’s a strong password that no sane person will enter manually. But  a password manager makes it possible.

Strong passwords help protect identities. In addition you must:

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses hacked passwords on FOX & Friends.

Obama; Cybersecurity and Identity Theft Protection Starts at Home

/0 Comments/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful and not particularly secure. It is powerful enough to bring people together, to educating, inform, and make life easier. But it’s also used to hurt, scam, and debilitate in so many ways.

The Pentagon’s computer systems are probed 360 million times per day, and one prominent power company has acknowledged that its networks see up to 70,000 scans per day. Every single day, utilities, banks, retailers and just about every computer network are faced with attacks. Many of these hacks are insignificant. Many are conducted with intent to commit crimes such as espionage, financial data theft, or the destruction of crucial information. The criminal hackers could be cyber-terrorists attempting to destroy the U.S. or its economy, malcontents simply wreaking havoc for its own sake, or opportunists looking for a profit.

The U.S. is a prime target for a number of reasons. The most obvious is that we’ve made mistakes that have many in the world hating us. Then there’s our financial system, which offers instant credit to anyone with a Social Security number. And of course, credit card security is an oxymoron, since anyone can use any credit card at any time. We have a bullseye on us and we put it there.

“Weapons of Mass Disruption” are a growing concern. The U.S. and many other countries are electrically and digitally dependent. Our critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack we’d be back to the dark ages instantly. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about when the power goes out in your house for a few hours. We’re stymied.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Those steps include:

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
  • Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

Government Tries to Thwart P2P Identity Theft

/0 Comments/in , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Computerworld reports the House Energy and Commerce Committee passed the Informed P2P User Act, a law that supposedly makes it safer to use peer-to-peer, or P2P, file-sharing software. Yawn.

The bill now goes to the House for one more round of  approval. If passed, the bill requires developers to explain to users how their files will be made available for sharing with others on a P2P network.

The bill would make it illegal for P2P developers to make software that causes files from a computer to be inadvertently shared over a P2P network without a user’s knowledge.

Peer to peer file sharing allows Internet users to access other P2P users PCs and share files such as music, movies, software, games, and documents. Unfortunately many people don’t set up P2P programs correctly and they end up sharing their most important files including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.

This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Information on a U.S. Secret Service detail for the First Family was discovered via P2P.

Even if P2P were made illegal, P2P file sharing is a wild animal that can’t be tamed. There are already millions of P2P programs in circulation that can easily be set up inappropriately, and plenty of developers flying under the radar programming from countries all over the world unregulated by the US government.

There are millions of PCs loaded with P2P software, and users/parents/employers are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

Savvy users lock down P2P to prevent someone else from tooling around with thier settings. If your IT abilities are scant then:

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox Boston.

70 Million Veterans at Possible Risk For Identity Theft

/0 Comments/in , , , , , /by

Robert Siciliano Identity Theft Expert

Wired reports the inspector general of the National Archives and Records Administration (NARA) is investigating a potential data breach affecting 70 million records of U.S. military veterans. The issue involves a defective hard drive the agency sent back to its vendor for repair without first destroying the data. Once the drive was diagnosed and found to be faulty, it was sent out for recycling. With millions of records still on it.

A NARA IT manager says 70 million veterans are at risk for identity theft, and that NARA’s practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America’s record-keeping agency.

A $2000.00 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The “loss” of data like this can cost a government agency or corporation millions to respond to the breach. The hard drive should have never left the facility and should have been destroyed. The Pentagon requires that old or defective drives be de-magnified or destroyed.

We have seen breaches like this before. A Veteran’s Administration laptop was stolen from the home of an employee of the Department of Veterans Affairs containing personal records of 26.5 million veterans in 2005 and eventually settled a class action suit over the breach by paying out $20 million. NARA also lost a hard drive including 100,000 Social Security numbers.

The risks associated with this kind of a breach generally revolve around new account fraud. New account fraud occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security number. With this data, a thief can open a new account such as a credit card and have the card sent to a different address. This is true identity theft. New account fraud destroys the victim’s credit and is a mess to clean up.

Government intervention to protect you from new account fraud is probably not going to happen any time soon, if ever. The responsibility is the citizens to protect themselves.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing identity theft on the rise on Fox News

Invest in Identity Theft Protection and a Credit Freeze

/7 Comments/in , , , , , , /by

ConsumersUnion provides a resource for consumers to learn what their options are in regards to a “security or credit freeze”.

“There are more than eight million new victims of identity theft each year in the U.S. Many of these victims find that crooks have used stolen personal information like Social Security numbers to open new accounts in their victim’s name. A security freeze gives consumers the choice to “freeze” or lock access to their credit file against anyone trying to open up a new account or to get new credit in their name.”

When a security freeze is in place at all three major credit bureaus, an identity thief cannot open a new account because the potential creditor or seller of services will not be able to check the credit file. When the consumer is applying for credit, he or she can lift the freeze temporarily using a PIN so legitimate applications for credit or services can be processed.”

As essential and effective and as a credit freeze is, it can be cumbersome for some people. I’ve gone through it myself and was a little miffed by the inaccuracies in the administration by the credit bureaus who processed the applications.

For whatever reason when the applications were received they entered the data incorrectly and some of the freezes couldn’t go through. After a few letters and phone calls everything was straightened out.

The process generally involves an “affidavit” that requires name, address, Social Security number, and a copy of a utility bill to verify you are you. Fees for a freeze can be free up to $15.00 per credit bureau. Once this is complete, your identity as far as new account fraud is locked down pretty well. However that’s not enough.

State laws with affidavit downloads:

Alaska, ArizonaArkansas, California, Colorado, Connecticut, Delaware,District of Columbia, Florida,GeorgiaHawaiiIdahoIndiana, Illinois, Iowa,Kansas, KentuckyLouisiana, Maine, Maryland, Massachusetts, Minnesota, MississippiMontana, Nebraska, Nevada, New Hampshire, e=”text-decoration: underline;”>New Jersey, New Mexico, New YorkNorth Carolina, North Dakota, Ohio, Oklahoma, Oregon, PennsylvaniaRhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, VermontWashingtonWest Virginia, Wisconsin, Wyoming

For more information, see: Frequently Asked Questions about the security freeze.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

New Identity Theft Virus Steals from Online Banking

/0 Comments/in , , , , , , /by

Robert Siciliano Identity Theft Expert

A new kind of Trojan horse infiltrates your online bank account, and not only steals your log-in information, but also siphons funds directly out of your account. The virus is known as URLZone, is controlled by servers in the Ukraine, and it determines how much money to steal from a victim’s account depending on the initial balance, all in real time, while the user is logged in, displaying a fake balance so the victim isn’t aware that it’s happening. URLZone targets Firefox, Opera, and the last three versions of Internet Explorer. Currently, the virus is only targetting computers in Germany. But it’s only a matter of time until URLZone, the most sophisticated worm of its kind to date, spreads further.

Like most viruses today, URLZone generally infects a PC when the user clicks a link or visits an infected site. Once the virus is installed, it waits for the user to access an online banking website. That’s when it goes to work. While the user is banking online, the virus communicates with the bank’s server in the background. Transactions are being processed and the user doesn’t see any of it happening. Frankly, this doesn’t even sound possible to me. But it’s happening. The virus then erases its tracks by displaying a bank balance on the infected computer that doesn’t reflect the funds that have been stolen. The victim will only recognize a discrepancy in the balance when using an uninfected computer or an ATM, or receiving a paper statement. Or when the checks start to bounce.

A virus with the sophistication to hijack the victim’s browser, steal money during an online banking transaction, and then cover its own tracks by modifying the information displayed to the victim, all in real time, is not good, to say the least.

White hat hackers are struggling to stay one step ahead of the criminals, but black hat hackers are out in full force. There are more ways to compromise data today than ever before. From 2007 to 2008, the number of viruses quadrupled from 15,000 to nearly 60,000.

Recently, a couple’s bank account was compromised as a result of their own insecurity. The bank claimed no responsibility and held the couple accountable for the loss. Now they are suing the bank. Depending on how this case pans out, you may be held responsible for the loss if you’re hacked.

1. Make sure your anti virus up to date and set to run automatically.

2. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

3. Update your operating systems critical security patches automatically

5. Check your bank statements often, online, at least once a week.

6. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

High-Tech Harassment in Social Media

/0 Comments/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

Technology keeps providing new opportunities for harassment: social media identity theft, cell phone abuse, online bullying, the list goes on.

Over a year ago, I appeared on The Tyra Show to discuss high tech harassment. I met a family from Washington, who found that several of their phones had been hacked and were being used to spy on and harass them. The hacker was able to turn a compromised phone on and off, use the phone’s camera to take pictures, and use the speakerphone to record their private conversations. Every time they rerun the episode, I get emails from more victims.

In an even more shocking instance of high tech harassment, a hacker took over a woman’s Facebook account while she was on a camping trip, with no Internet and no cell phone service. The hacker impersonated this woman, but instead of attempting to scam her family and friends out of cash, he used her Facebook profile to post suicidal messages, including, “My only friend is the handgun in the back of my closet,” and, “I don’t want a funeral or memorial, I want it to be like I never existed.” After two and a half hours of Facebook drama, the victim happened to regain cell phone reception and discovered twenty voicemail messages begging her not to do “anything drastic.” By the time her son was able to get in touch with her, there were police gathered outside her home, preparing to break down the door.

In this incident, the victim was the mother of a Navy Seal who died in Iraq. It’s believed that she was targeted because of her charity work celebrating the lives of deceased military personnel.

But this can happen to anybody.

  1. Strengthen your passwords; use upper/lower case, numbers and characters. Don’t use easily guessed words from the dictionary or pets, kids, birthdates etc.
  2. Don’t access social media from libraries, internet cafes or any public computers that could have spyware.
  3. Make sure your own PC has updated virus definitions and security patches. Don’t bother with all the 3rd party apps in social media. Many are risky.
  4. Don’t click on links in emails from “friends” asking you to download a video or see pictures. This is becoming a common ruse in social media.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses high tech harassment on the Mike ad Juliet Show on FOX

8 Ways to Prevent Business Social Media Identity Theft

/0 Comments/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

There are hundreds, or maybe even thousands of social media sites worldwide such as FacebookMySpaceTwitter, and YouTube. Social media networks are quickly becoming the bane of the IT Manager. Twitter phishing and Facebook jacking are growing rapidly.

Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has become a big target. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.

Computerworld reports that “Twitter is dead”. Twitter is dead because it is now so popular that the spammers and the scammers have arrived in force. And history tells us that once they sink their teeth into something, they do not let go. Ever.

  1. Implement policies: Social media is a great platform for connecting with existing and potential clients. However without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network.
  2. Teach effective use: Provide training on proper use and especially what not do to.
  3. Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  4. Limit social networks: In my own research I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.
  5. Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
  6. Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
  7. Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
  8. Prevent social media identity theft: Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

New iPhone App Helps Vet a Potential Mate

/0 Comments/in /by

Robert Siciliano Personal Security Expert

So you’re about to go on a date with a person you met briefly in the frozen food section of the supermarket who says to you “You better get out of this aisle because you’re so hot, you’re gonna melt all this stuff”. Flattered and hungry for companionship you immediately agree to go out on a date with Mr Cheeseball.

Well maybe this wouldn’t be you, but someone you know.  Anyway, consider “Heavy Vetting B4 Heavy Petting”. The best way to find out about Gorgonzola is to do a quick search on him OR her. Coming soon to the iPhone, Android and Blackberry will be a mobile application  from http://www.intelius.com/mobile called Date Check.

Intelius launched Date Check at the DEMOfall09 conference and demonstrates how easy it is to “Look Up Before You Hookup”. Sound crazy? Not as crazy as some of the people I’m sure you’ve met on the scene. It’s easy enough to enter a person’s name, phone number or e-mail address, and the application does a basic background check. Saving you lots of possible wasted time or possibly compromising your personal security.

The application has a few handy features to help you narrow down what may be potential issues about your potential Prince Alarming.

“Sleaze Detector” gets records of sex offenses and criminal convictions. This is a handy tool to determine if your potential mate is a bad seed. Good information to know and help you make an informed decision. There are a half million registered sex offenders out there. That’s no joke.

“Net Worth” checks property and tax records. This is general information that helps you to determine if they are truthful or lying about assets.

“Living Situation” finds other people living at the same address. So if he’s one of the majority of married men subscribed to online dating services and he tells you he is single, you can call his bluff.

“Interests” scans social networks and other references. It’s always a good idea to check the social media sites a person is connected to. If you discover that the person is affiliated with a supremacy organization that likes to sacrifice the occasional chicken, it’s probably a good idea to run. Fast.

Date Check is a tool to help you make a better decision.

1. Read books on self defense and personal security. Watch instructional videos on self defense techniques. Take a self defense course. The single most effective self defense offering on the planet is a program called “Impact Model Mugging”. Search it online and find one near you. Drive 500 miles if you have to, but take this course and bring your sons and daughters with you. In this case knowledge certainly is power.

2. You’ve heard this before and it requires revisiting: meet your date in a populated place and drive yourself. And do it at least the first 5 times. The goal here is you want to get to know the energy of this person and what makes them tick. If simple stuff irritates them or they make racist or offensive jokes or exhibit behaviors not conducive to “healthy”, move on.

3. Do not consume alcohol when meeting, even with food. Alcohol lowers our inhibitions and makes us accept behaviors that aren’t appropriate. Don’t accept drinks from anyone under any condition unless you see the drink being poured and it goes straight to your hands. Slipping drugs in drinks happens every day.

4. Be direct about going ‘dutch’ in regards to paying for dinner. While this may seem extreme to some, studies show an large percentage of males still believe that when they buy a woman dinner that she “owes” him sex.

5. Get information about them. You ask all the questions. Get their name, address, previous address, home phone, cell phone, place of birth, birthdate, where they work, license plate and if you can squeeze it out of them, and I kid you not, get their Social Security number.

Robert Siciliano Personal Security Expert discusses dating security on E! True Hollywood Stories Investigates