11 Ways To Prevent Home Invasions

Strangers and posers: You tell your children not to talk to strangers, so why do you open the door to a total stranger? And never talk to strangers via an open or screen door. Home-invaders pose as delivery people, law enforcement or  public workers.

Distress: If someone is in distress tell him or her you will call the police for them. Don’t open the door for them.

Make a call: Under no circumstances do you open the door unless you get phone numbers to call their superiors. Even if that means making them wait outside while you call 411.

Money, jewels and drugs : One simple reason your house is chosen is someone tipped off the home-invader that you have valuables. You may have done it via social media or your friends or children or baby sitter might have unintentionally bragged. In states where medical marijuana is legal that may be an additional consideration.

Peephole: Install peepholes, talk through the door.

Do not call the police!: If you live in a high crime area where law enforcement takes a while to respond, and if someone is trying to break into your house while you are in it, calling the fire department will sometimes get help to the scene quicker. Do this only if you are desperate. Firefighters are not equipped to handle violence. However squealing sirens can deter a criminal. And call the police!

Get armed: Having a non-lethal weapon in the form of a Taser or a Pepper spray in close proximity to your bed or front door can debilitate your attacker before they gain control. But realize these can be used against you.

Have your mobile handy: Consider a second line or a cell phone in your bedroom. Burglars sometimes cut phone lines and often remove a telephone from the receiver when they enter a home.

Get alarmed: An alarm system activated while you are sleeping will prevent a burglar from getting to far. And keep it on 24/7/365. With a home alarm system on, when someone knocks on the door, a conscious decision has to be made to turn off the alarm. Most people will keep it on.

Locks: Call a qualified locksmith to take a physical security survey to help you determine the most efficient way to lock up. Many products on the market are a false sense of security. A qualified locksmith should be a professional associated with well known manufacturers.

Cameras: Install a 24-hour camera surveillance system. Cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Triple Murder Home Invasion Testimony Ends

This is just a bad, bad story with no happy ending.

There are home invasions, then there is this home invasion. Just when you think humans can’t get any meaner towards each other there is Steven Hayes and Joshua Komisarjevsky, the 2 men accused of a home invasion in Connecticut in 2007. Hayes and his lowlife accomplice allegedly met at a halfway house. They saw the mother (who was eventually murdered) in a parking lot one day and followed her home. A total random act.

The home was invaded at 3am. The father was immediately beaten and tied up in the basement. The father was held captive for a time but he escaped alive. The kids were tied to their beds and the mother was forced to go to the bank and withdraw money.

While at the bank the mother told a bank representative what was happening. The bank called the police who sent cruisers to the scene.

The police were outside for over 30 minutes to prevent the murderers from escaping. At one point the home invaders assaulted one of the children then killed the mother. They set the home on fire and the 2 kids died from smoke inhalation.

The NY Times reported that the state’s attorney John A. Connelly had “described the case as the ‘most horrendous murder in the state of Connecticut in the last 30 years,’ adding, ‘There are about five ways you could charge capital felony.'”

These guys might get the death penalty. But will justice be done? No. There is no justifying the death of a woman and two children and no justice in the prosecution or even death of the accused. And the father of the deceased, he will only mourn his loss, while he might crack a smile if they are prosecuted, he will never celebrate.

I can tell you right now my home security system will be on when I go to bed tonight. And then some.
Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

Social Media is a Criminals Playground

Social media has become a playground for adults, teens, and tweens. And like on any playground, when you hit the jungle gym or horseplay on the seesaw, there is always a chance that you may go home with an egg on your forehead. Or, if you are like me, a broken collarbone.

Twitter and Facebook have become the most popular sites for frolicking, and the most popular sites for identity thieves — the bullies in the playground. These criminal hackers make social media very dangerous. They are attacking these sites to get at you, the end user. Users’ computers can become infected after users click links that appear to be safe, but actually prompt a malicious download or lead to a spoofed website.

New worms and viruses are infecting social networking websites every day. As these sites expand, they adopt new technologies that sometimes create holes through which they can be attacked. Social networking websites’ open nature allows users to upload content including files that may contain “scripts,” or code, designed to infect the site. Participating in user-submitted surveys, quizzes, and other applications may result in spam or stolen data.

The websites themselves host millions of users and they simply can’t protect every user. New technology is developed at a rate that vastly outpaces the security necessary to keep those technologies bulletproof. Essentially, you’re on your own.

While it is rare for a user to post Social Security numbers, which can directly lead to identity theft, on a social networking website, these websites or their users’ actions can compromise PCs, which does ultimately lead to identity theft.

Always make sure to run antivirus software, such as McAfee Total Protection, and invest in McAfee Identity Protection, which monitors your Social Security number and several other parameters of your identity. Learn more about how to protect yourself at http://www.counteridentitytheft.com/.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Facebook scammers on CNN. (Disclosures)

Women Proved “Securest” in the Defcon Social Engineering Game

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have.

Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women who gave up zero data to the social engineers.

Computerworld reports, “Contestants targeted 17 major corporations over the course of the two-day event, including Google, Wal-Mart, Symantec, Cisco Systems, Microsoft, Pepsi, Ford and Coca-Cola. Sitting in a plexiglass booth, with an audience watching, they called up company employees, trying to get them to give up information.”

Contestants had twenty minutes to call unsuspecting employees at the target companies and obtain specific bits of (non-sensitive) information about the business for additional points. Participants were not allowed to make the target company feel at risk by pretending to represent a law enforcement agency.

The players extracted data that could be used to compile an effective “attack,” including “information such as what operating system, antivirus software, and browser their victims used. They also tried to talk marks into visiting unauthorized Web pages.”

Social engineering is the most effective way to bypass any hardware or software systems in place. Organizations can spend millions on security, only to have it all bypassed with a simple phone call.

The players in this game were all men. Maybe the women didn’t give up any data because they were simply untrusting. It could be that the women were properly trained in how to deter social engineers and protect company data over the phone. Or maybe the women simply paid attention to their sixth sense, and felt they were being conned.

Any time the phone rings, a new email comes in, someone knocks on your door, or visits your office, question those who present themselves in positions of authority.

Don’t automatically trust or give the benefit of the doubt.

Within your home or business, communicate what can and can’t be said or done, or what information can or cannot be provided.

Keep in mind that when you lock a door, it’s locked, but it can be opened with a key, or with words that convince you to unlock it yourself. Always view every interaction, whether virtual or face to face, with a cynical eye for a potential agenda.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers using social engineering to hack email on Fox News. Disclosures

Criminal Hackers Create 3 Million Fraudulent Websites Annually

A recent study shows that organized criminals create approximately 8,000 malicious websites every day, or over 57,000 each week.

These malicious websites model legitimate websites that we visit every day, such as bank websites, online shopping sites, and eBay. According to this study, the most frequently impersonated companies include Visa, Amazon.com, PayPal, HSBC, and the United States Internal Revenue Service.

People are typically directed to these scam sites in one of three ways:

1. Often, potential victims end up visiting these spoofed websites via phishing scams. Phishing, of course, occurs when you receive an email that appears to be sent from your bank or other trusted entity, and a link in the email brings you to a website that is designed to steal your login credentials.

2. Scammers lure victims to their scam sites via search engines. When a website is created and uploaded to a server, search engines index the scam sites as they would any legitimate site. Doing a Google search can sometimes lead you to a website designed to steal your identity.

3. Social media sites like Facebook and Twitter are free, and this gives scammers an advertising platform. Criminals simply post links in status messages, on group pages, or fan message boards, using the legitimate appearance of the site to gain credibility.

Once a computer user clicks one of these links, he or she ends up on a website that is riddled with malicious software, which may install itself on the victim’s computer even if the victim doesn’t click or download anything on the scam site. This tactic is called a “drive by.” Or, users may be tricked into clicking links to download files. Either way, the ultimate goal is to gather usernames, passwords, and, if possible, credit card or Social Security numbers in order to steal identities.

By understanding how these scams work, PC users can begin to learn what to do while online and, more importantly, what not to do.

Never click on links in the body of an email. NEVER. Always go to your favorites menu or manually type the address into the address bar. This means that you should never copy and paste links from emails, either.

When searching out a product or service, be aware that you could be led to a scam site. A properly spelled web address is one indicator of an established, legitimate site. Try to restrict your business to sites you know and trust. Also, before entering credit card information, look for “https://” in the address bar. This means it’s a secure page and less likely to be a scam.

Just because a link for a tempting deal appears on a popular social networking website doesn’t mean it’s legitimate. I’d shy away from clicking links. Use your common sense. If it seems too good to be true, it is.

Forewarned is forearmed.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. Disclosures

Identity Theft Consumer Education is Paramount

Credit card companies, banks, financial advisors, retailers, hospitals, insurance companies, and just about every other industry and organization that deals with finances has been affected by identity theft.

All these entities have to deal with fraud at some level. For some it’s an occasional nuisance and for others it’s a part of their daily grind. Most have heavily invested in multiple layers of security, but all remain targets. Each has its own set of issues to overcome and each copes with the same underlying constant: the consumer is often the most vulnerable variable in the equation.

Joe and Sally Main Street generally offer the path of least resistance when a scam is launched. Everything from phishing emails, spoofed websites, un-patched or unprotected PCs, open wireless connections, lack of attention to statements, not shredding data, carrying too much information in a wallet, and overall lack of attention to personal security allows fraud to flourish.

Anne Wallace, president of the Identity Theft Assistance Center, explains that the risks are compounded by the increasing popularity of new technologies like mobile banking and social networking. “The crooks are ever-creative,” she says. “They’re always exploiting new schemes to extract information from consumers.” According to Wallace, ITAC members have an obligation to educate consumers about the security threats posed by emerging technology. “It’s so important to keep talking to people about the old threats, the new threats – on a recurring basis.”

I totally agree. Every institution that deals with identity theft has an obligation to effectively inform and educate their client base about how they can protect themselves from fraud.

Many of these organizations have policies that shift the burden of loss away from the consumers. This is a double-edged sword that does not stop fraud. I’m a big believer in personal responsibility. Whether fraud is the fault of the consumer or a larger entity, a resolution in the best interest of both parties should be sought. It is imperative, however, that the party responsible acknowledges that responsibility. This is how we learn from our mistakes, and how we will eventually overcome fraud. If all parties escape blame, only the scammer wins, and fraud flourishes.

For additional tips and identity theft education, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

Situational Awareness; Spotting a Terrorist

We are all in this together. Whether it’s a home burglar or a home grown terrorist, preserving the sanctity of everyday life is everyone’s responsibility.

“The attempted bombing in Times Square on 1 May 2010 highlights the need to identify Homegrown Violent Extremists before they carry out a terrorist act.”

The Department of Homeland Security encourages all citizens to report anything or anyone who is suspicious to your local authorities.

I was in Time Square that day. At one point I was in range of where the vehicle that had the rigged explosives was parked. If that bomb had gone off, this blog wouldn’t be written or read. I did a segment on Fox News in Manhattan the next morning and had breakfast on the same street the car was towed from.

The people in the restaurant were all a-buzz about what happened and all felt lucky they were spared from tragedy.

“The ability of the bomber to operate under the radar demonstrates the difficulties associated with identifying terrorist activity and reinforces the need for law enforcement, at all levels, to be vigilant and identify individuals who are planning violence or other illegal activities in support of terrorism.”

Law enforcement cannot do this alone. They need our help, as was the case in Time Square. It was a pushcart vendor who spotted the vehicle and notified the police.  In this situation the vendor noticed smoke coming from the vehicle and heard a popping sound. He notified a local cop who called in for the bomb squad. Fortunately for everyone the bomb malfunctioned.

The FBI released a document highlighting some serious red flags citizens should be aware of if someone they know may defect to the bad side :

  • New or increased advocacy of violence including providing material support or recruiting others to commit criminal acts.
  • Adoption of new life styles and segregation from normal peer and family groups in association with advocating criminal or terrorist activity.
  • The adoption of a new name.
  • Behavior that could indicate participation in surveillance of potential targets.
  • Acquisition of excessive quantities of weapons or materials that could be used to produce explosives such as ammonium nitrate-based fertilizers or hydrogen peroxide.
  • Travel to or interest in traveling overseas to attend violent extremist institutions or paramilitary training camps.
  • New or increased interest in Websites and reading materials that advocate violence and then initiating action in support of this activity.
  • New or increased interest in critical infrastructure locations and landmarks, including obtaining aerial views of these locations.

While this may all seem “extreme” it is, and these are the characteristics of the home grown terrorist. My dad always said to me, be good, behave, be careful and be aware. Take Dads advice.

Robert Siciliano personal security expert to Home Security Source discussing terrorists and burglars on CNN . Disclosures.

On the Internet, FREE is a Dangerous Four Letter Word

The wild, wild web is like any major metropolitan city. There are high-class neighborhoods, retail districts, theater districts, business centers, popular social areas, seedy red-light districts (in Boston we called this the Combat Zone), and bad, bad, BAD neighborhoods.

Depending on where you go, you may pick up a virus or get bonked on the head.

The Internet is the same.

As more consumers seek out more free entertainment online, cybercriminals are shifting their attacks accordingly. McAfee recently conducted a series of studies determining that searching for celebrities like Cameron Diaz can increase your chances of infecting your PC. McAfee’s new “Digital Music & Movies Report: The True Cost of Free Entertainment” also confirmed that your PC is equally vulnerable when searching the word “free.” This report reveals the significantly increased risk of fraud when including “free” and “MP3” in the same search query. And when you add the word “free” to a search for ringtones, your risk increases by 300%.

Cybercriminals lure users with words like “free” in order to infect their PCs with malicious software, which is designed to take over the infected computer and allow hackers full access to private files, usernames, and passwords.

To stay safe, avoid searching for “free content.” Stick to legitimate, paid sites when downloading music and movies.

If a website is not well established, avoid clicking links in banner ads.

Use comprehensive security software to protect against the latest threats.

Use common sense: don’t click on links posted in forums or on fan pages.

Use a safe search plug-in, such as McAfee® SiteAdvisor® software that displays a red, yellow, or green annotation in search results, warning users about potential risky sites ahead of time, and highlighting safe results.

Be aware that the more popular a topic, movie or artist is, the more risky the search results will be.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures