5 Tips to a Secure Cyber Monday

For the past five years, Cyber Monday has been the marketing term for the Monday immediately following Black Friday. It is now one of the biggest online shopping days of the year, with 77% of online retailers reporting substantially increased sales.

Scammers seek to take advantage of seasonal opportunities like Cyber Monday, so beware of the following scams:

Fake websites: Criminals draw visitors to their deceptive websites using the same techniques as legitimate eTailers: search engine optimization, search engine marketing, and online advertising via AdWords. They use keywords to boost their rankings on Internet searches, causing their scam sites to appear alongside legitimate sites in search results. These same processes are also used to infect unsuspecting users with malware. Run a SiteAdvisor program to give you a sense of a website’s legitimacy.

Phishing: Many victims who find themselves on scam sites get there by clicking links in phishing emails, which offer high-end products for low prices. In this case, it should be easy enough to avoid spoofed websites. Anytime you receive an offer via email, you should automatically be suspicious. The same goes for offers received through Twitter or other social media.

Too good to be true: If you aren’t familiar with the eTailer, don’t even bother clicking the links. Do business with those you know like and trust. I do occasionally patronize whichever eTailer offers the lowest price, but only when purchasing a relatively inexpensive item, generally under $50. It’s safer to make larger purchases from eTailers that also have brick and mortar locations.

Typosquatters: Be sure you’ve typed in the correct address and are at the eTailer’s actual domain. Beware of cybersquatting and typosquatting, which rely on imitation websites that resemble your desired destination, but are in fact copies, using domains that are similar to the legitimate web address.

Unsecured sites: When placing an order, always check the address bar for “https,” which indicates a secure page. Your browser may also display a closed padlock, further confirming that the page is secure. Generally, scammers won’t take the time to set up secure sites.

Common sense can help you avoid becoming a victim of these and other scams. Beyond that, consider subscribing to McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Cyber Monday on The Morning Show with Mike and Juliet. (Disclosures)

Supercookies: What Websites Know About You

Most major websites now install cookies on your computer, which track what you do online. Over time, these cookies develop a profile, which becomes your digital fingerprint, to a certain extent. You may have noticed after searching for a specific product, advertisements for that particular product or brand appearing on various other websites you visit.

The New York Times reports , “advertisers are increasingly using powerful software known as supercookies, such as so-called Flash and document object management (or DOM) cookies, which can hold more information, and Web bugs or beacons, which let sites record statistics like what ads attracted you to the site and whether you bought something. They are not removed when you clear out your cookies.”

The “harm” done here is less damaging than it is invasive. Meaning I don’t see any physical harm or identity theft ever happening as a result of this refined marketing. More so, it is very intrusive to some peoples web surfing habits and the collecting of this type of information will continually define what we are presented when we travel to different websites.

With numerous privacy watchdogs taking this kind of advertising offensively, and the Obama administration now stepping in, we will surely see standards in this kind of marketing practice appear over the next few years.

The NYT post HERE provides a litany of resources to combat supercookies. Another great resource from Linda Criddle HERE

Robert Siciliano personal security expert to Home Security Source discussing advertisers using “Internet spying” on Fox News.

Catching Criminals With a DNA “Spray”

Security is all about layers of protection. The more layers that are put in place the more secure you and your family will be. For example, if you lock your doors that is one layer, but not enough. A home security system which includes an alarm, security cameras and even signage are all additional layers of protection.

An axiom of the security professional is to “predict and prevent”. This means by having the foresight to visualize the possibilities of crime happening, how and why, will help that professional to prevent such a crime by putting the security layers in place.

Much of the security philosophy described here is meant to be proactive and deter or prevent a criminal from being successful. With that in mind, with the exception of high quality security cameras, security doesn’t often lend itself to catching the bad-guy after they have been successful in committing a crime.

Generally we leave the task of apprehending “evil doers” up to law enforcement officials who have a litany of procedures, processes, and tools meant to determine “who dunnit”.

A new security system using cutting edge liquid technology could significantly reduce theft from businesses traditionally seen by criminals as easy targets is “DNA Guardian” right now available in Australia through  ADT Security, is an all-in-one high tech crime fighting tool which establishes a forensic link between suspects and specific crime scenes. Similar systems used overseas have reduced theft by 84% and achieved a 100% conviction rate in court.* According to DNA Guardian, their system is involved in eliminating armed robberies in businesses which were repeatedly targeted.

Sign me up. I want this!!

In the meantime:

Be proactive with the help of ADT Pulse, a new interactive smart home solution that goes beyond traditional home security to provide a new level of control, accessibility and connection with the home.

• Arm and disarm your home security system.

• Get notified of alarms and selected events via email and text messages as well as video clips.

• View your home through cameras and watch secure real-time video or stored video clips of events from monitored areas of the home.

• Access lights and appliances or set schedules to automate them.

Robert Siciliano personal security expert to Home Security Source discussing  Home Security and Identity Theft on TBS Movie and a Makeover.

Using Social Media Passwords With Critical Accounts

For some social networking sites, security is not a top priority. Some do not protect your data with the same vigilance you could expect from your bank, for example. Nor do social media require strong passwords. And if you use the same passwords for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well.

Last year, 32 million passwords were posted online after a data breach at RockYou, a company that creates applications for social networking sites. The breach revealed the weakness of most people’s social networking passwords.

InformationWeek reports, that all the major sites have the same minimum password length of six characters. And password complexity checks are few and far between.

Of the 32 million people whose passwords were exposed, almost 1% had chosen “123456.” The next most popular password was “12345.” “Princess,” “qwerty,” and “abc123” were other common choices.

In another instance, phishers posted thousands of Hotmail addresses and the associated passwords in an online forum. These passwords were equally obvious. Those used most frequently included “111111,” “123456,” “1234567,” “12345678,” and “123456789.” Many of the phishing victims used people’s first names as passwords, most likely the names of their kids, spouses, and so on. 60% of the exposed passwords contained either all numbers or all lowercase letters.

Naturally, anyone using an insecure password is far more likely to be hacked. It is crucial to have strong, secure passwords for all online accounts, including social media accounts. And it is equally important to use different passwords for different accounts. Using the same password for social media sites as for critical accounts, like webmail and online banking, is an invitation for identity theft.

To protect your identity, observe basic security precautions. Consumers should also consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious account activity is detected. McAfee Identity Protection includes all these features, plus live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him

discuss hacked email passwords on Fox News. (Disclosures)

Americans Waking Up to Social Media Privacy

There have been thousands of privacy related news reports over the past year depicting social networks, Google, marketers and advertisers as evil privacy violators who are slowly sucking dry whatever privacy we have left. Facebook has been raked over the coals by advocates and watchdogs who say their tactics violate their own policies. In response, numerous lawsuits have been filed and government agencies have put the pressure on everyone involved to come up with a serious solution.

It is evident that without some type of government oversight that the “self policing” done by all those who stand to gain financially by selling our data will continue to spin out of control to the point where privacy will be something of the past.

My stance as a security professional has always been on the “privacy is dead, get over it” side of the fence. I’ve always been of the belief that the data out there is as a result of the public’s own doing and if they don’t want the world to know their private thoughts they shouldn’t post it.  As they say, “the cat is out of the bag”.

However, my concern is not that the self exposed private data is out for the world to see is a violation of a person’s privacy, but what can be done with the data to affect ones security position.

Now as a result of all this attention to privacy, in a recent study published in the Wall Street Journal, about 36% of American adults said they were “very concerned” about their privacy on social-networking sites in 2010, compared with 30% who felt that way last year. The shift was particularly noticeable among people over age 44; 50% of people age 54 to 64 described themselves as “very concerned,” compared with 32% who said that in 2009.

In response, the WSJ further reports The Obama administration is preparing a stepped-up approach to policing Internet privacy that calls for new laws and the creation of a new position to oversee the effort, according to people familiar with the situation.

This is definitely a good thing as the US significantly lags behind Canada and Europe among others in regards to privacy.

Certainly I care about privacy and wish there was more. But the fact remains that the fundamental issue that affects ones well being is security. Too much information leaked may damage ones social standing in some ways and if you don’t want it out there then don’t put it out there. And considering marketers and advertisers have taken it up a notch, they definitely need to be watched by the watchdogs. But in the end, what’s most important is how that data can be used to hurt or harm you.

Home Security Source

Robert Siciliano personal security expert to Home Security Source discussing Facebook Apps leaking data on Fox News.

How to Prevent a “Wikileak” of Your Data

“Wikileak” is turning into a verb.  This is when sensitive information in office document files such as Microsoft Word, Excel, Textpad, or PDF files can be easily copied, transferred, sold and leaked, all without the owning organization’s knowledge.

It is easier than ever for sensitive information stored in electronic documents to be copied and publicly released without the owner’s knowledge or consent, thanks to WikiLeaks, an international activist organization that publishes documents that have either leaked or been provided by anonymous sources.

Politics aside, releasing confidential intelligence to enemy combatants puts lives at risk. Geoff Morrell, press secretary for the Pentagon, has condemned “the unauthorized disclosure of classified information,” which he says “could make our troops even more vulnerable to attack in the future.”

Document breaches of any nature have consequences. Data breaches, espionage, and the misuse of confidential or sensitive data are a multi-billion dollar problem. Corporations, government agencies, and healthcare organizations are bleeding data on a daily basis, at the hands of criminal hackers from the outside and malicious employees on the inside.

According to the Ponemon Institute’s annual study, a data breach cost an average of $6.75 million in 2009, up from $6.65 million in 2008, or $204 per compromised customer record.

Current information security techniques include “security in transit,” which means that data is exchanged in a secure channel between networked devices, and “security at rest,” which means the file is encrypted where it is stored. Data is safest when both techniques are incorporated. But neither type of data protection can prevent a trusted caretaker from going rogue, as occurred when soldiers released documents to WikiLeaks.

This problem can be solved with comprehensive technology that protects information both in transit and at rest, ensuring that no unauthorized access, disclosure, or modification can occur. Ideally, documents should also safely expire when no longer needed.

Zafesoft offers a data security solution by securing sensitive files wherever they are located or copied, while maintaining a transparent, nonrestrictive user interface. This technology provides full control of your data, whether it’s stored on your hard drive, copied to a server, or transmitted via USB, CD, or sent in an email. This can prevent you from being the victim of a Wikileak. Here is how it works.

18 Year Old Enters “Dumb Criminal Hall of Fame”

There’s dumb criminals and then there is this kid.

A family was away from their home and had someone take care of some items around the house. Apparently the caretaker was doing some work on the exterior of the home and opened some shutters around a window and saw someone inside who wasn’t supposed to be there.

As soon as he realized it wasn’t a family member he called the police. And somehow the burglar was able to get out of the home and flee before law enforcement arrived.

When they entered the home to secure it they found a backpack, discarded food wrappers, a bag of pot, and soda cans. There was an open window adjacent to all the stuff where they determined that’s where he may have entered and exited.

So what does an 18 year old spend a lot of time doing (other than breaking into homes) he spends time on MySpace. And this kid logged onto the family’s home PC to his MySpace page. When he realized he was seen in the home he fled, forgetting to LOG OUT!!!!!!!!!

When the police looked at the computer they saw his stupid face above his dumb name (which happens to be “Robert”). With a current photo of him they were able to inform other officers on patrol and quickly saw him walking down a street equipped with burglary tools. He was arrested.

No offense to the homeowner, but they were no smarter leaving their home vulnerable to thieves with open windows, no alarm and a computer that didn’t have a password with administrative login requirements. At least lock all your windows, get a home security system and lock down your PC so it can’t be accessed.

Oh, and read this “Log Out, Log Out, I repeat, LOG OUT”.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

What Security Issues Should You Worry About?

First thing I tell my seminar attendees is “The chances of anything bad ever happening to you is very slim. So don’t worry about. However you should still put these systems in place.”

Are you a helicopter parent? An “alarmist”? Or Chicken Little: The sky is falling, the sky is falling! I heard somewhere along the line that 90% of what we worry about never happens. It might be even closer to 99%. But there is still that one percent that concerns.

Deciding what to worry about may be a conscious or unconscious (or sub-conscious) decision.

Often what we worry about comes from what we see and are fed in the media. It is well known that the nightly news is built on the premise “If it bleeds it leads”. Blood and guts is what sells airtime and newspapers.

These worries when confronted are often dumbed down by statisticians, researchers, some security professionals, social psychologists and are called “baseless paranoid fears”. Books written in this regard are designed to give perspective. My feeling is they are written simply to sell a contrarian idea to stimulate conversation (and sell books) and in reality the author is no less of a “worrier” than anyone else.

Perspective is good. Too much “worry” can have ill health affects and significantly detract from quality of life.

My gripe with the “Don’t worry, it’s a 1 in 10 million chance” mentality is that it fosters the “It can’t happen to me” syndrome which prevents people from taking responsibility for their security in the first place.

If you knew the statistical probability of the chances of your kid being shot at school or your child being kidnapped or even being struck by lightning and all were “slim”, would you take any less precaution to protect yourself or your family?

Would you stand next to a metal pole in a lightning storm? Would you drive without a seatbelt? Would you allow your 7 year old who is perfectly capable of navigating their way to school go by themselves even though the chance of them being kidnapped is extremely slim?

For many of the issues we worry about the chances of them happening might be 1 in a 100,000 or 1 in 10 million. Your chances of something bad happening may equate to the same statistics as winning the lottery, which is very slim, but you still might play the number.

Does it really matter what the odds are?

Every day someone somewhere wins the lottery. Every day someone somewhere is a victim of a heinous crime.

Knowing what I know I’m concerned about it all and I take the necessary steps to prevent what’s in my control. Do I worry?  Well, a part of my life’s energy goes into putting measures in place to prevent “bad”. If being proactive and taking responsibility is “worry” then yes. And I feel safe, secure and grounded without any nagging “paranoid” angst that detracts from the quality of life.

What’s so wrong with that?

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Is “Enterprise Rent a Car” Insurance a Scam?

I rent cars all the time. I travel and need to get around so I can teach people about how scams work and how to protect themselves. Yesterday I encountered what seems like a scam but is probably just very unethical behavior on the part of Enterprise Rent a Car.

Here is how it played out.

I head to the counter to rent my car. The Enterprise Rent a Car agent asks me, “Robert, would you like to purchase rental insurance for your car today”. I say “No, I have American Express and they take care of my rental car insurance”. Which they do. I’m Platinum on AMEX and AMEX ROCKS. Their card offers physical damage insurance but not liability. Liability insurance is paid via my personal policy.

The Enterprise Rent a Car agent responds “I’m sorry; we don’t have a contract with American Express.”

Her statement “I’m sorry, we don’t have a contract with American Express” more than likely was a statement that was provided to her in sales training by Enterprise Rent a Car to overcome objection.

That statement makes an American Express card holder doubt whether or not their American Express card covers rental car insurance.

So I respond to her again, “Well, I’m pretty sure my AMEX covers me” and she responds again, “Sir, I’m trying to tell you we don’t have a contract with American Express and you will have to go through them for that”. She is now reinforcing her original statement and trying to put further doubt in my mind. Then she says, “Sir, may I suggest to you that you purchase insurance, it is only $21.00 for the day and you will be protected”. This statement further suggests that my AMEX will not cover me.

The language she used was possibly engineered by someone whose motivation was to overcome objection in the insurance sales process. Enterprise Rent a Car agents and all other rental car agents hear the same statement in regards to AMEX every day. However in my experience when Hertz agents hear me say “No, I have American Express and they take care of my rental car insurance”, Hertz agents respond with “OK” and nothing more. Hertz has elected to take the high road and not try to scam me into paying for insurance I do not need.

However Enterprise Rent a Car, instead, pads their bottom line with unethical language meant to confuse the public and get them to pay for insurance they clearly do not need.

Shame on you Enterprise Rent a Car.

Robert Siciliano identity theft and personal security expert discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Crime Is On The Decline. I Didn’t Notice

According to the figures released by the FBI, the estimated number of violent crimes in the Nation declined in 2009 for the third consecutive year. Property crimes also declined in 2009, marking the seventh straight year that the collective estimates for these offenses dropped below the previous year’s total.

What has always bugged me about these reports is the sense of relief some get, but in reality how little crime actually declines. Generally it’s anywhere from 5 percent to 6 percent for either category. So maybe there were 22,000 murders gone down from 25,000 murders. That’s still lots of grieving families.

Much of the decline in crime can be attributed to better police work and support from various federal agencies. Over the years law enforcement has gone from whistles and Billy clubs to sophisticated programs based on community involvement coupled with innovation and technology.

In addition to better police work I believe the public has a higher degree of security intelligence. Over the past 10 years our collective consciousness in regards to protecting ourselves, has increased. The tragedy of 9/11 raised awareness that we must take some degree of responsibility for our personal security.

While might have dropped a tick and we are more aware, we still have lots and lots of work to do. Remember, there always has been, is now and always will be criminals seeking their next target.

For example a study in Connecticut showed that 12 percent of burglaries occurred through an UNLOCKED door and that in 41 percent of alarmed homes that were burglarized; the security system was not turned on.

These kind of stats just makes me mental. Even though property crimes have declined, there are still over 2 million burglaries.

Here are some tips from a police department

Be proactive with the help of wireless home security. New interactive smart home solutions go beyond traditional home security to provide a new level of control, accessibility and connection.

Wireless home security provides with anywhere, anytime access to your home via smart phones or personal computers, including iPhone application to:

• Arm and disarm their home security system.

• Get notified of alarms and selected events via email and text messages as well as video clips.

• View their home through cameras and watch secure real-time video or stored video clips of events from monitored areas of the home.

• Access lights and appliances or set schedules to automate them.
Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston.