Beware of Door to Door Conmen

There are bazillion scammers using a bazillion ruses to get your money. The lowest of the low are the ones who scam the elderly. These same conmen often do it door to door and can be very dangerous.

Con men posing as city employees seem to be the most effective scam. In one incident 2 men posed as city workers who were trimming trees in a neighborhood. One man would knock on the door and schmooze the resident into allowing him into the home. He would then coax the person into the back area of the home while his partner would sneak in the front door.

Once the second man was in he’d rob the person. Often they’d head straight for the bedroom and grab jewelry boxes and look for wallets and pocketbooks.

In another scam a man would go door to door and offer his labor for gardening and yard work for elderly. He would do the job he was hired to do at an agreed fee. But when the job was over he would request a significant amount of money that wasn’t previously discussed. In this case he would escalate the situation to yelling and threats.

He was so bold he would drive the person to an ATM machine to get the money.

In both of these situations the home owners were lucky the situations didn’t escalate to physical violence. It’s unfortunate that elderly are preyed upon in this way. If you have an elderly parent or neighbor, keep a close eye on them and watch out for them. Unfortunately with some people you can tell them to be careful and not open the door to strangers until you are blue in the face and they may not listen.

If you have an elderly person you care for and they live away from you I’d recommend installing a video security system in their home. Today’s surveillance systems can be remotely monitored from any PC in the world. I’m able to monitor mine from my iPhone. You can set an alarm on individual cameras to alert you to activity.

Consider a home alarm system too. Make it real easy for them to activate and deactivate using a remote control. Have the alarm company call them first, the police second and you third when an alarm goes off.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.

Is Your Facebook Friend a Fed, or Sex Offender?

When you think about it, Facebook is weird. Where else in the world do you call people who you don’t know your friends? I probably have about 10-15 friends. Most are acquaintances and the others 400 are total strangers.

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. They have no reason to distrust. People who are your “Friends” are generally those who you “know, like and trust.” In this world, your guard is as down as it will ever be. You are in the safety of your own home or office hanging with people all over the world in big cities and little towns and never have to watch your back.

Reports of sex offenders on social media abound. Do you know who your child is befriending?

Many of the “strangers” came into my life as a result of what I do, and I appreciate and accept them for connecting. But I know plenty of other people who don’t write or do media and might be in college, and have 2000 friends! And they know 5 of them! Social media is weird.

Employers, potential employers and others will often friend someone for the sole purposes of getting a solid profile of that person to determine if they want to hire them. Now the AP reportsU.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.”

I don’t think there is anything wrong with this; it’s a good thing actually. There is a question of legality and whether or not government agents can pose as someone else and lie, which often violates the terms and conditions of the sites themselves.

But the fact remains, there are bad people out there and they need looking after. And if it means an FBI agent posing as someone to catch the bad guy, I’m all for it. So next time you get a friend request from a stranger, they might be someone checking up on you. Guilty conscience? Hope not.

Robert Siciliano personal security expert to Home Security Source discussing social media security on Fox Boston.

New Facebook Phish Steals Passwords

I got an email from a colleague today:  Subject: “My Facebook account got hacked.

I wonder if you could give me some guidance here –

I received the following email from Facebook:

——————————————————————–

From: Facebook [XXXXXX@facebook.com]

Sent: Wednesday, March 17, 2010 5:58 AM

To: XXXXXXXXXXX

Subject: Security Warning From Facebook

Dear XXXXXXXXXX,

We have detected suspicious activity on your Facebook account and have temporarily suspended your account as a security precaution.

You can regain control of your account by logging into Facebook and following the on-screen instructions.

Please be sure to visit the Facebook Help Center (http://www.facebook.com/help/) for further information regarding these security issues and let us know if you need assistance.

Thanks,

Facebook Security Team

————————————————————————-

Reuters reports Hackers have long targeted Facebook users, sending them tainted messages via the social networking company’s own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began on Tuesday.

Dave Marcus, McAfee’s director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

“With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that’s 40 million,” he said.

McAfee says:

Tip 1: Do not open the attachment. Promptly delete the Facebook scam email.

Tip 2: Consumers can protect their computer from this type of cybercrime by installing a complete security software suite that includes anti-virus, anti-spyware, and firewall protection.

Tip 3: Consumers should make sure they are running the most up-to-date security software and their subscription is active.

Tip 4: If consumers are unsure if their security software vendor has an update for this type of malware, McAfee recommends that they check for and install any available updates, then immediately run a full scan.

Robert Siciliano personal security expert to Home Security Source discussing Facebook hacking on CNN.

 

Why Debit Cards Are a Nightmare

Robert Siciliano Identity Theft Expert

Not all plastics cards are created equal. The major differences in credit vs. debit is in the protections (or lack of protections) that come along with the fine print. A debit card is connected directly to a persons bank account and when compromised can devastate your bank balance.

I know too many people who’ve fallen victim to some type of debit card fraud whether through skimming or unauthorized purchases and never recouped their losses. Sometimes the banks just won’t budge. They tend not to believe a person who’s PIN and card number was leaked.

Creditcards.com reports The Federal Reserve’s Regulation E  (commonly dubbed Reg E), covers debit card transfers. It sets a consumer’s liability for fraudulent purchases at $50, provided they notify the bank within two days of discovering that their card or card number has been stolen. TWO DAYS. That’s it! After that, the maximum liability jumps to $500. Some banks will extend the grace period up to a year, but good luck getting your money back.

Federal laws limit cardholder liability to $50 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

Don’t use a debit card. Use credit cards and pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Debit Card Fraud on CNBC

If You Care About Privacy Don’t Do These 8 Things

I don’t care as much about privacy like some people do. My concern is personal security. If I was concerned about people knowing “me” stuff then you wouldn’t be reading this because I’d live in a cave in Wyoming with no Internet and I’d blow glass all day. But personal security is something I deeply care about. The following are both privacy issues and a little personal security in there too.

Don’t throw away anything that can be used against you. For privacy and security reasons consider how someone could use something in your trash against you. I never toss anything with a name or account number on it and I’m careful not to toss DNA related stuff either. And I know people are saying that’s crazy. If it can be planted at a crime scene its flushed.

 Don’t publish your phone number. Many data aggregators use phone company records to index you. Without a published phone number they have a harder time indexing your name associated with an address. My home phone number is under a pseudonym and it’s also under a business name.

Don’t allow your name to be searchable on Facebook or be on Facebook at all. I broke that rule. When logged into Facebook go HERE to change it.

 Don’t broadcast your location. Location-based services (LBS) are information and entertainment services, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device. Twitter, Facebook and others are getting in the game with LBS.  Carnegie Mellon University compiled more than 80 location services that don’t have privacy policies or collect and save all data for an indefinite amount of time. I see this more as a personal security issue.

Don’t post videos on Youtube that reveal your personal life. I have a business Youtube page and a personal. The iPhone has a direct connection to Youtube and it’s a blast taking video and quickly uploading. However, my personal page is under another name and all the videos are private. The only way to see them is to login.

Don’t forget to read privacy policies. I don’t like reading privacy policies because they are long winded and confusing. But not knowing what companies may do with your data is not good.

 Don’t use your real name as a username. I broke this rule a few hundred times. It’s a privacy issue when you don’t shield your name. It’s a personal security issues not to grab your name allowing someone else to get it and use it against you. Get all of them at Knowem.com.

Don’t put your name on your mailbox or on a plaque on your home. All the postal carrier needs is a street number. There’s no reason to plaster your last name on your home either. I see this more as a personal security issue. But there are certainly privacy concerns here too.

Robert Siciliano personal security expert to Home Security Source discussing Location Services on The CBS Early Show.

If You Want To Be an Identity Thief, Go To Jail

Robert Siciliano Identity Theft Expert

Willie Sutton a famous thief when asked why he robbed banks he was quoted saying, Because that’s where the money is.” Where’s the money today? Identity Theft! What’s a great way to commit identity theft? Go to jail.  Prisons in eight states let convicts work in jobs that give them access to Social Security numbers and other personal information for the public, despite years of warnings that the practice should end, a federal audit finds.

In a related story all sex offenders convicted of pedophilia will be made swimming coaches at summer camps.

“Although we recognize there may be benefits in allowing prisoners to work while incarcerated, we question whether prisoners have a need to know other individuals’ Social Security numbers,” the audit says. “Allowing prisoners access to Social Security numbers increases the risk that individuals may improperly obtain and misuse (the data).”

States where prisoners have direct access to Social Security numbers: Alabama, Arkansas, Kansas, Nebraska, Oklahoma, South Dakota, Tennessee and West Virginia.

“In Kansas, where five prisons allow inmates to hold jobs processing data with personal identifying information, a prisoner was found last year to have stolen names, birth dates, and Social Security numbers while in a job making digital images of public records, the audit says. The data was found in a routine search of inmates when their shift is over”.

What we’ve got here is a failure to communicate. Some men you just can’t reach. And I’m not talking about the prisoners. Any government agency head that sees fit to put a felon in charge of personal identifying information that can lead to identity theft needs to be put on a chain gang himself. With incompetence like this its no wonder 10-12 million people are victims of identity theft every year.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News.

10 Wicked Inexpensive Ways to Secure Your Home

1. Call the cops. Most communities have programs in place where a law enforcement officer will inspect a personal home or apartment and make recommendations based on exiting vulnerabilities. Generally they will make those recommendations within your budget upon request.

2. Install signage. I bought 2 “Beware of Dog” neon signs for $1.98 this week. One for the front door and one for the back door. The same hardware store had “This House is Alarmed” signs for short money.

3. Go to the pet store. Dogs are a great form of home security. A few things I can do without include all the barking, tumbleweeds of fur, financial expense of shots and all the dog doo. Save a few bucks and buy the biggest dog food bowl possible. Get 2, one for the front porch and one for the back. Write “Killer” in permanent marker on it. This gives the impression you have a big dog. You can even buy a barking dog alarm.

4. Get your neighbors to guard your home. Why pay for security guards or lame remote security monitoring when you can have your neighbor Ed keep a keen eye on your property? Start a neighborhood watch program and design it so everyone has a monthly responsibility to work the neighborhood.

5. Make your home seem occupied 24/7/365. When you are away put the stereo or TV on loud enough to hear from the immediate exterior. Buy inexpensive timers and plug all your lamps in.

6. Install motion sensors that make a burglar think they are being watched.

7. Use your existing door locks and LOCK THEM! Or buy better ones and install yourself. Beef up the strike plate, which is the metal plate where the bolt enters the jam. Install 3 inch screws deep into the jam.

8. For short money you can buy a “security bar” that wedges up under your door knob and is also alarmed.

9. Secure your windows so they don’t raise more than 6-10 inches. Install small angle brackets that prevent the windows from going any higher.

10. Get a home alarm system for less than 100 bucks; then a dollar a day. A home alarm is the best protection while you are home and away.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston.

Top 10 Cities for Cyber Crime

Robert Siciliano Identity Theft Expert

I love that dirty water, oh Boston you’re my home. Boston Legal, “Cheers,” Boston Bruins, Red Sox, Celtics, Chowda, Lobsta, Pahkin the Cah in Havad Yahd and home to the second worst ranking of cyber crime in America. Lovely! Seems whatever advice I give in Boston media, means squat. After all, I am a Proper Bostonian. Boston missed first place by a lousy 11 points. I blame the college kids. Boston has the highest concentration of college students on the planet. It’s their fault. Seattle took first place. What’s your excuse Seattle? Microsoft?

1. Seattle
2. Boston

3. Washington, D.C.

4. San Francisco

5. Raleigh, N.C.

6. Atlanta
7. Minneapolis
8. Denver
9. Austin, Texas

10. Portland, Ore.

Cities with high concentrations of “spam zombies” placed the highest. Becoming a Zombie and part of a Botnet happens to PCs that aren’t properly secured, coupled with user behavior that invites attacks.

If you are surfing porn all day or gaming on distant websites in foreign countries then you are at a higher risk. Downloading files from P2P sites or seeking software cracks or pirated content is also risky. Remember frat boy, there is no honor among thieves.

The Boston Business Journal stated another factor is the Hub’s many unsecured WiFi hotspots — 53.6 per 100,000 residents — where cyber criminals may lurk, trolling for unwitting users. While high-profile or widespread computer attacks are relatively rare, small-scale attacks like these threaten even savvy computer users, the report noted.

Hey Top 10, pay attention:

Computers that are old and have outdated unsupported operating systems like Wind 95/98/2000 are extremely vulnerable.

Systems using older outdated browsers such as IE 5, 6 or older versions of Firefox are the path of least resistance.

Update your operating system to XP SP3 or Wind 7. Make sure to have automatic updates for anti-virus. Don’t engage in risky web-based behaviors.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM Skimming on Fox Boston.

Kickball is DEAD, 1 in 4 Children Hack

Robert Siciliano Identity Theft Expert

 A few months ago I interviewed a criminal hacker who hacks out of a hut in Ghana stealing data all over the world. He has children ages 9 and 12 and he stated “they hacked all over the world man.” He teaches his kids to hack. It’s not just a lifestyle, it’s an occupation. He and his kids are the most famous in their village.

 It comes as no surprise to me, but it may be to you that a survey has found that one in four school children have attempted some level of hacking.

SC Reports “Despite 78 per cent agreeing that it is wrong, a quarter have tried to surreptitiously use a victims’ password, with almost half saying that they were doing it ‘for fun’. However 21 per cent aimed to cause disruption and 20 per cent thought they could generate an income from the activity. Five per cent said that they would consider it as a career move.

Of those who had tried hacking, a quarter had targeted Facebook accounts, 18 per cent went for a friend’s email, seven per cent for online shopping sites, six per cent for their parent’s email and five per cent breached the school website. A bold three per cent had honed their skills enough to aim much higher with corporate websites under their belts.”

Children’s hacking is kids playing. Hacking is replacing dodge ball. Kids today don’t know what it means not to have the Internet. I see more articles talking about how to get your kid outside and away from the computer. Part of the problem is kickball got out a lot of the childhood angst and pent up energy out of their systems. Now they funnel that energy into using technology. For good and for bad. Kids are mischievous too. And given the opportunity will break, steal or deface whatever is in their path. I was 15 once too; but I was an Angel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Criminal Hackers on Fox News

Cold, Dumb and Drunk Intruder Crawls in Dudes Bed

This is precious. An intoxicated 33 year old Pennsylvania man had 2 too many. An apartment resident was sleeping when he felt someone crawl into bed next to him. Thinking it was his girlfriend he called out her name, something like “Honey is that you?” The drunk dude says in a deep male voice “No it’s not. 

OMG! CAN YOU IMAGINE???!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 The resident quickly jumped out of bed and grabbed his trusty aluminum bat until the police arrived. WOW! 

When I read stories like this I cringe. I understand what it means to be drunk and do stupid things, (I saw it in a movie once.) But to actually go into someone’s house and seek out their bed and crawl into it with someone else in it!!!!!!!

 What makes me cringe even more than the drunken guy is the baseball bat swinging resident that DOESN’T LOCK HIS DOORS.  Do you see the hypocrisy in not locking your doors, but having a bat near your bed? And the irony of not locking your doors and a guy crawling into your bed. The whole story stinks of dumb.  

Lock your doors. Require a peep hole on your door. In an apartment ask if you have permission to install an in-apartment home security system with motion detectors. Require it. Wireless home security systems are non-invasive and not expensive.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston.