Facebooks New (and only) Security Feature

Identity Theft Expert Robert Siciliano

So maybe you used a public PC to log into your Facebook account and you hit a button that saved your login credentials. Or maybe you received an email from what you thought was Facebook and you plugged in your username and password and got phished. Now someone other than you has your account information and they are logging in to torture you or steak from your friends.

Wouldn’t it be nice to have a degree of control over that?

Facebook just introduced a security setting that sends you an email telling you someone has just logged into your account.

The feature doesn’t protect you from being stupid and giving your credentials away, but it does give you an opportunity to log into your account and change the password and thereby block the bad guy from getting back in. But the bad guy can change your log in information too. All they have to do is change your email address. Once they do they receive an email at the new address and hit a confirm link. At the same time you will also get an email to the original login email gving you the opportunity to dispute the new account number. So if this ever happens, act quickly.

To set up and enable notifications

1. go to “Account” upper right hand corner

2. in the drop down menu to “Account Settings”

3. in the main menu go to “Account Security”

4. click “Yes” next to “Would you like to receive notifications from new devices”

5. the same can be done with text messages if you have your mobile plugged into Facebook. But don’t have your mobile displayed on your page publically.

6. Log out then log back in and it will ask you to identify the computer.

I did this on 2 PCs and a phone. It didn’t ask me to identify the phone, but it did send me an email:

Your Facebook account was accessed using Facebook (Today at 8:36am).

If this happened without your permission, please change your password immediately.

If this was an authorized login, please ignore this email.

To change your password:

1. Log in to your Facebook account.
2. Click the Account tab at the top of the screen and select “Account Settings” from the drop-down menu.
3. Scroll to the Password section of the Account Settings page.
4. Click the “change” link on the right and follow the instructions.

Thanks,
The Facebook Team

Hey Facebook, after 400 million users you are just getting around to this? It’s a start.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

Ten Things to Look for When Choosing a Monitored Home Security Company

Once you’ve made the decision to purchase a monitored home security system, begin researching security companies in your area.  Below is a list of questions you should ask when narrowing your search.

Do some research into the home security company you choose. What is their reputation and history?  How large is the company?  How many current customers do they have?  Is it a local company or nationwide?  Additionally, find out if home security is their primary business and their level of experience.  Check with the Better Business Bureau if you’re unsure.

How “new”is the home security product you are installing? Today’s home security systems are far more superior to those available in past years.  Make sure you are getting the most recent product available.

Does the home security company offer central station monitoring? A security system is only as good as the company that is monitoring it.  A reputable home security company should provide its own central station monitoring instead of having another company monitor for them.

Does the home security company’s monitoring facility have back-up systems and are those facilities UL-listed?

Does the home security company’s monitoring facility have back-up systems in case of power failures? Find out if the monitoring facility has gas or electric-powered generators – as well as battery back-up to ensure that monitoring continues despite power failures.  Monitoring facilities should have at least two types of back-up power supplies.

Spend time thinking about the “amount”of security you need. The size and layout of your home and property must be taken into consideration when designing a security system.  However, the basic elements of a standard system include a key pad, a control panel, a siren, an inside motion detector, at least two door contacts, as well as connection to a central monitoring station for around the clock coverage.

Secure your home from “hidden”household dangers, too. Don’t forget to equip your home with effective smoke, fire, carbon monoxide and flood detection systems as these are hidden dangers to your home and family.  Be sure to also equip your home with fire extinguishers and develop a fire escape plan and route that is familiar to all household occupants.

Ease-of-use and convenience of the home security system ensure a high level of usage. Many homeowners admit that they don’t use their home security systems to the full extent because they are inconvenient or “scary” to use.  When choosing a home security system, be sure to choose something that can be armed and disarmed easily by all family members.

Make sure the system you install has a battery back-up unit. A security system is only useful when it’s active and working – even when there is a power failure.  Make sure the system you install has a battery back-up unit so home monitoring and protection is continuous. Monitoring facilities that have a UL rating (Underwriters Laboratory rating) have gone the extra step to ensure that they have reliable systems that will not fail.

What other benefits does the company offer besides installation and monitoring? Check to see what other benefits the home security company offers, including:
A money-back service guarantee in case you are not satisfied – including a full refund of your installation price and any monitoring fees paid?

Any guarantee against theft protection – if your home is being monitored by their service and is still burglarized, with the home security company contribute money towards your insurance deductible?

Are you a customer for life?  Does the home security company offer a relocation package so a new security system is installed in case you move?

What kind of customer service do they provide?  Is there a Web site that provides customer information and care?

Once you have selected a reputable monitored home security company, be sure to spend time with your security specialist to develop a security plan and system that meets you and your family’s specific needs.

Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

Reality Actor Jailed Six Months For Burglarizing Orlando Bloom’s Home

Orlando Bloom’s break-in is one of several robberies linked to Hollywood’s “Bling Ring,” teenage gang of celebrity-obsessed wannabes who allegedly stole from Paris Hilton, Lindsey Lohan, Megan Fox and others.

Their methods were simple. They tracked their victims by using social media, Facebook and Twitter. They knew when they were home and when they were away. They even used Google Earth to scope out their homes.

Police estimated that from October 2008 to August 2009, the “Bling Ring” stole more than $3 million in jewelry and high-end designer brands.

A star of the E! show “Pretty Wild” about growing up in the fast lane, the young woman was caught on security tape as she broke into Bloom’s house last summer with two other hooded females. “The women ransacked the house and made off with more than $500,000 in watches, cash and other booty, authorities said. Bloom collects rare watches, and his prized Rolex Milgauss from the 1950s is worth $250,000 alone, according to a Manhattan-based watch dealer.”

It’s painfully obvious that the victims in these crimes didn’t do enough to protect themselves. Some locked their doors and others didn’t. Some had security cameras and others didn’t. But NONE had a home alarm system that activated when the home was broken into. A home alarm system would have prevented most of these crimes.

Bloom had security cameras and my guess is he has an alarm but chose not to set it. I can’t imagine having a net-worth like he does and not have sufficient security. My insurance company requires me to have a monitored alarm system along with a safe in order to protect certain insured items. Without these systems in place, a homeowner may never recover their losses.


Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston.

Phishers Ties Up Victims Phones, Killing Notification

Identity Theft Expert Robert Siciliano

Many of today’s automated processes are designed with security and/or convenience in mind. For example, if a credit card companies’ anomaly detection software detects irregular spending on your credit card the software may freeze your account or call you to make sure you are infact the one making the charge. While this may help to secure you, it also may inconvenience you if you are traveling overseas and are declined or just in a hurry and trying to catch a flight.

These same technologies may or may not involve a human at different touch points during their activation periods. What’s happening today is the bad guys are figuring this out and they are determining when theses touch points occur and are tricking the system so they can move forward with their fraudulent activities.

In some cases when a money transfer may prompt an automated call alerting an account holder to the transaction the only requirement of the system is to make the call. The automated system doesn’t necessarily have to talk to a human and the human doesn’t need to do anything. This seems like a flawed system.

In the case of a Florida doctor a telephony denial-of-service attack flooded the victim’s phone with diversionary calls while the thieves drained the victim’s account. In some cases, the victim heard recordings from sex chat lines and in other calls he heard dead air when answering the phone. Sometimes he heard a brief advertisement or other recorded message.

Wired reports the doctor discovered that $399,000 had been drained from his Ameritrade retirement account. About $18,000 was transferred then $82,000-transfer followed two days later. Five days after that, another $99,000 was drained, followed by two transfers of $100,000. The thieves withdrew the money in New York.

Most likely the initial compromise was via a phishing email that he responded to. Once he responded to the phish, the criminals began the process of setting up VOIP telephones systems to bombard his telephone lines so he couldn’t answer the phone to receive the alert.

Currently any financial institution that employees technology that automatically relies on the telephone system to notify account holders of a transaction is at risk.

If you mistakenly respond to a phish email and give up your data, knowingly or unknowingly, and find yourself being bombarded with a flurry of odd phone calls, it may be a sign you’re being scammed.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing criminal hackers on Fox News.

10 Ways To Prevent Phishing

Identity Theft Expert Robert Siciliano

The Anti Phishing Working Group published a new report seeking to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖ phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and ―crimeware – malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts. Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.

There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.

Adapted from APWG

1. Be suspicious of any email with urgent requests for personal financial information. Call the bank if they need anything from you.

2. Spot a Phish: Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately

3. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.

4. Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle

5. Avoid filling out forms in email messages that ask for personal financial information in emails

6. Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.

7. The newer version of Internet Explorer version 7 and 8 includes this tool bar as does FireFox version 2

8. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate

9. If anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers

10. Ensure that your browser is up to date and security patches applied

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Burglars Burgle the House Then Burn It

Desperate people do desperate things. A home burglary is a desperate act. And when the burglar wants to absolutely, positively cover his tracks, he may torch the house.

It’s a troubling crime pattern and Syracuse Police are asking for the public’s help. In the past two weeks there have seven burglaries near the Syracuse University area. In two cases, after the homes were ransacked the burglar set them on fire. No one was inside the two homes at the time of the fires.

When a home is broken into the burglars almost always steal something. Sometimes they break in just to “party” or need a place to hang out or crash for the night. Other times it’s for vandalism and they generally do a pretty good job of destroying the property when they set their minds to it. With home invasions it’s often to torture the residents and make them miserable. This is certainly the worst case scenario for the homeowner.

But breaking in and burning it is probably the most destructive of all tactics. When a person’s home is entered without authorization, people generally feel a sense of violation they don’t easily get over. For a dozen reasons a person should make certain their home is as secure as possible. To prevent any of the above acts, one needs to invest in their home security.

Home security tips:

Timed and/or motion activated lights, inside and out. This burglar stated lights turned on made him nervous and he would go to a home that didn’t pose a threat of getting caught.

Trim bushes and shrubs. Anything covering doors and windows that give a burglar cover is an invitation to a thief. I also recommend defensive shrubbery with lots of thorns.

Encourage your neighbors to report any suspicious activity around your home while you are gone or even while you are home.

Install a home security system. It’s not enough to just lock your doors. A home alarm is an effective deterrent while you are away and while you are home. Even home alarm decals and signage is a layer of protection.

Dogs big and small. A dog need not be an attack dog to be an effective deterrent. Barking dogs bring attention to the home they are protecting.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston.

Dumb Bungling Home Burglar Jailed

Yeah, one for the good guys! A taxi driver would pick people up at their homes then drop them off somewhere, and then he would then go back to that person’s house and break into it. I’ve often thought that’s what would happen when I get dropped off at the airport.

So, whenever they ask me where I’m going and when I will be back, I always say “Hold on, I need to make a quick call.” Then I get on the phone and call nobody and say “Hey Jimmy listen, the dog bit another guy who came to the house to deliver a package, there was blood everywhere, Killer shredded him real good, don’t let the beast out of the house. I’ll be back home early tonight. Make sure you set the home security system if you go out and activate the home security cameras as well. And tell our roommate Rocco the police were at the house looking for him in regards to that kid he pummeled the other night, if he doesn’t smarten up he will be going back to prison.”

Then back to the taxi driver “What were you saying?” And the conversation usually goes somewhere else.

The burglar would break into the homes and steal credit and debit cards. Then go to the same ATM more than 50 times – to try and guess the PIN numbers of bank cards he had stolen. He thought he might strike lucky if he kept on putting in random sets of four numbers into the ATM machine. But with the odds of correctly guessing a card’s PIN number ranked at one in 10,000. He never managed to make a single withdrawal. His repeated failed attempts at the same ATM only served to arouse suspicion and he was filmed by police on a CCTV camera.

You can always get creative with your home security. But you need to do all the fundamental things like locking your doors and invest in home security systems.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Mobile Phone Becoming Bigger Target For Hackers

Identity Theft Expert Robert Siciliano

Mobile Internet access and mobile service usage is growing rapidly and cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for innovation created by application developers and other content creators who are increasingly demanding more device access. As their requests grow in numbers and they distribute their products more widely, security breaches will be inevitable.

Mobile phones used to be bulky and cumbersome; they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Clearly, cell phones have evolved. Today’s mobile phone is a compute, that rivals many desktops and laptops being manufactured today. I’m continually blown away at the capabilities of my iPhone.

What makes Mobile phones vulnerable is the speed and advancement of technology and businesses continued demand for products and services that work on a phone. In other countries almost all banking is done on a phone.

Complicating matters is spyware. Spyware was created as a legitimate technology for PCs. Spyware tracks and records social network activities, online searches, chats, instant messages, emails sent and received, websites visited, keystrokes typed and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. As a virus, spyware on a PC or phone is an immediate compromise of that phone’s data.

When anti-virus vendors like McAfee introduce anti-malware solution to secure Android-based smartphones, then you know mobile phone hacking has gone mainstream. The McAfee® VirusScan® Mobile technology is available now for users of Android and Windows Mobile-based smartphones providers.

The scary part is mobile phone spying software is affordable and very powerful. I worked with Good Morning America (GMA) on this issue.

GMA found thousands of sites promoting cell phone spying software, boasting products to “catch cheating spouses,” “bug meeting rooms” or “track your kids.” Basic cell phone spying software costs as little as $50.“ Someone can easily install a spyware program on your phone that allows them to see every single thing you do all day long, via the phone’s video camera. GMA spent $350 to get the features that remotely activate speaker phones, intercept live calls and instantly notify you every time a call is made.

Not all spyware is bad. Certainly if you install spyware on your 12 year old daughters phone, it’s to monitor and protect her, but when installed unknowingly on a phone that’s used for mCommerce, or business applications, then there is cause to be concerned.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Does a Home Alarm System Really Prevent Break-ins?

Back in the day, the home was occupied all day. Mom was a “stay at home” working all day taking care of the kids and people had bigger families too. Often there were 3, 4, and even 5 generations under the same roof. Today, Mom works out of the house, dad works and the kids are at school. Today, grandparents are healthier and more self sufficient, and sometimes on their own traveling. Today, the house is vacant.

So, what to do? Invest in an alarm? According to a Rutgers study, alarms are a valuable crime fighting tool.

Data showed that a steady decrease in burglaries in Newark between 2001 and 2005 coincided with an increase in the number of registered home burglar alarms. The study credits the alarms with the decrease in burglaries and the city’s overall crime rate. Neighborhoods in which burglar alarms were densely installed have fewer incidents of residential burglaries than the neighborhoods with fewer burglar alarms” said study author Dr. Seungmug Lee, professor at Ohio Northern University in Ada, Ohio.

Today a home alarm system is cost effective, easy to install, can be activated and viewed over the internet and even a mobile phone. Monitoring an alarm system that calls the local police cost a dollar a day.

More than four in 10 Americans are worried that the current economic environment can expose their families to crime, according to a nationwide survey of 1,000 people sponsored by the Chubb Group of Insurance Companies. Many survey respondents also indicated that economic conditions are causing them to reduce their spending on security systems and devices.

If there was ever a time to make smart decisions about ones security its now. I can’t even imagine being without a home alarm. There are too many bad people who don’t care about you and me. As a home owner and a dad, I need every edge I can get against the bad guy. And understand it’s not about being “paranoid”; it’s about being in control and taking responsibility for your family’s safety.

Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

Home Security: People Are Being Very Disappointing

I don’t mean to be Debbie Downer here, I just need to point out some things and hope people will shake up their fellow man and gather some perspective. As a person of planet earth, I can tell you straight out I often get disappointed in my fellow humans. For example, a bunch of smart people who know how to suck oil out of the ocean floor are in the process of polluting that same ocean. Very disappointing.

In Boston, a 10 foot diameter water pipe broke and another pipe had to be used to divert water.  So while the water was in the temporary pipe officials suggested people boil their water for a minute to kill any potential bacteria. In response, people flocked to all the supermarkets and cleaned out all the water off the shelves. Some people punched each other and wrestled over the last case of water. Someone paid $100.00 for a case of water. Then the National Guard brought in cases of water to distribute and people lined up in their cars for miles to get a free case of water and chastised officials when it ran out.  I boiled water. It was easy. What did people do before water came in a bottle? Very disappointing.

In Georgia, more people seem to be fabricating tales of assaults and robberies these days, and police have become more aggressive in proving the lies and bringing the pretenders to justice.  People invent crimes for lots of reasons, like to hide spending from spouses or to keep embarrassing secrets. People invent crimes for lots of reasons, like to hide spending from spouses or to keep embarrassing secrets. Very disappointing.

Police across Western Washington are searching for four suspects wanted in a fatal home invasion robbery in Pierce County that started with a Craigslist posting. The homeowner was shot and killed, and his wife and sons were assaulted. Beyond very disappointing.

I’ve stopped using for this reason.  There are too many whackos and to many risks.

No matter what you are selling or buying you must know who you are dealing with on Craigslist. When we were young, our parents told us not to talk to strangers. Strangers are not yet part of our trusted circle. So don’t trust them!

Whenever possible, deal locally and meet in a populated area or even in front of the police department! People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

Home security tips: If you have to meet someone at your home consider keeping the meeting outside. If you have to meet inside then have someone standing next to the home security alarm ready to press the panic button or have a remote control for your wireless security alarm that will also ring the panic button.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.