Personal Knowledge or “Qualifying Questions” as Authenticators

How many times have you forgotten a password? Fortunately the website you were on only needed your username or an email address and they would respond with a few questions for you to answer. Once you responded with what was in the system you then re-set your password and you’re in.  Easy peazy.

What’s your favorite food? Where did you honeymoon? Your first pets name? Name of your first car? The name of your elementary school?  Your fathers middle name? All these questions are meant to replace that used-to-be-secret-obscure word that only you and your parents would know the answer too – your mothers maiden name.

Then came Ancestry.com, Geneology.com, Google and for crying out loud Facebook. Now much of this information is available by doing a quick search online via public records or it’s easy to guess if the “hacker” is an acquaintance.

I’m a member of an organization in which I have been granted access to a bank account we have. But I haven’t accessed the account in months.  Since the last time I logged in the bank instituted a qualifying question as another layer of protection. Instead of calling the other person who was also managing the account I simply guessed the answer. “Where did you go to high school?” I didn’t know where this person went to high school but I knew where his mother lived. I entered the name of the town and BOOM, I was in.

It shouldn’t be that easy.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing hacked email on Fox News.

Unknown Knocker Annoys N.C. Neighbors

In North Carolina some whack job is knocking on doors of women and running. Oddly, all have one thing in common, they are widows. The knocker hasn’t hurt anyone but he is certainly harassing them.

As kids we did similar things to annoy. Kids will be kids, but today is much different. Behavior such as this could have serious repercussions if somebody catches whoever is doing it in the act and then “teaches them a lesson.”

Police in Rutherford County, North Carolina reported five women were being harassed by an unknown prowler called “The Knocker. The five women, all widows living in Rutherford County, said the knocks are sporadic and come at any given time of day or night, according to reports. They hear the knocks on their doors, walls, windows, sometimes for weeks at a time. No one has been arrested and local authorities are hesitant about the claims. A son of one of the women defended their claims, saying five women do not just make up stories together, reports stated. Police continue investigating the mysterious knocker.”

Whether knocks occur or not, there is enough technology available to determine and prevent it from continuing to happen. Further, a neighborhood watch program would help thwart any mischief.  If it’s true, what is concerning is the “knocks” have been going on for weeks and nobody has caught the guy.

Home security tip number one, don’t provide an opportunity for a prankster or a bad guy to do this to you or someone you love. Install home security cameras to monitor the perimeter and deter the stupid knocker. If this was my mom being harassed knock-boy would already have been caught.

Now if this is more than just kids playing games, and is an adult who is obviously a bit screwy, he could also be peeping in windows, jiggling door knobs and thinking about his next move. A home security alarm is essential to alert the homeowner, neighbors, and law enforcement to a potential intruder.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on Fox Boston. Disclosures.

A Great Way to Ruin an Online Reputation

I’m all about transparency. But that’s just me. Not everyone is so forthright. Most people prefer to fly a click or more below the radar and never have a light shine on them. I prefer to make sure what’s being said, is said by me and not some troll. My brother used to say “the worst thing that can happen to a person is to end up on one of those stupid talk shows.” Then I proceeded to do every talk show including Howard Stern. But that’s just me.

My only regret was doing the Maury Povich show. That guy just played me and took advantage of me and used me as a pawn on his show. He would ask the audience leading questions adverse to my sound advice and continually allow the stupidest person in the room to answer. Controversy is fine, but bad, potentially deadly advice isn’t.

My point in all this? Things are heading in a direction that if you aren’t transparent, if you aren’t doing things to boost your credibility, if you aren’t “open” and someone decides to use the internet to slam you, then they automatically have the upper-hand. Today a person has less control over what is said about them than ever.

Unvarnished is a new website, in beta, you need to be invited. Users connect with Facebook. PC World seems to allude to anonymous posting on Unvarnished that can only happen if someone fakes a Facebook profile. Anything in the form of anonymous posting doesn’t benefit the common good.

For example, when I read the comments in newspapers or blogs, I often see people throwing up all over everyone and saying the meanest, rudest and most hateful things. These cowards can easily do this anonymously. But none of them have the nerve to assign their actual name to it.

PC World reports Unvarnished functions like other social networking sites–especially the popular professional social networking site, LinkedIn. Users can create a profile with their resume and work information, and request reviews from their professional colleagues. The difference, of course, is that users can also “create” a profile for non-Unvarnished users–if you, say, want to leave a review of that shoddy intern from two summers ago and he/she doesn’t have a profile–no worries, you can still leave the review. Shoddy intern can then claim said profile later, if he/she so desires.

The best way to gain more control over this kind of site is to set up your own profile. It’s a start. Then build positive commentary. Another tool for managing online reputation management is to go to Knowem.com and grab up all the social media sites and get your name.

And protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

Stalker Frames Victim Husband for Child Porn

OK, this is a weird title for this blog, but you gotta read this.

First, if there was ever a reason for you to invest in a home security system the below article is it.

A Crazy guy broke into the home of a woman who he was stalking. The woman is married, but apparently the guy didn’t care. When he broke into the home he logged onto the victim’s husband’s PC and downloaded child pornography.

Then he took the hard drive and sent it to the local police with a note to the police identifying the owner of the hard drive. The idea behind the scheme was to get his stalking victim husband arrested and give the impression that the victim’s husband was a child predator.

OMG!!!!!!!!!!!!!!!!!!!! What a whacky guy!!!!!!!!!!!!!!!

After he sent the hard drive to the police he was quickly arrested. Fortunately, the cops saw through his ruse. After investigating the stalker they found pictures on his computer that indicated he had broke in the house numerous times and snapped photos of the husband’s calendar so he could break into the home whenever he pleased.

And you think you have problems?

Stalking is a whole thing that I will get into in another post. What immediately bugs me about this story is the fact there was NO home alarm, NO security cameras, and the stalker was easily able to enter and exit the home at will, which tells me they probably didn’t lock the home.

It’s 2010 people, and the crazies are out in full force. Don’t think it can happen to you?

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston. Disclosures.

9 Year Old Kid Hacks Schools Computers

Hacking has gone from “phreaking”- hacking phone systems to “cracking”-breaking into networks for fun and fame and over the past 5 years criminal hackers from all over the world are targeting huge databases full of credit card numbers. But hacking is also becoming part of popular culture. The “scriptkiddie” from back in the day is the 9 year old today who is just very intelligent, anxious and doesn’t k now anything other than technology.

Police say a nine year old boy hacked the county school system to change teachers’ and staff members’ passwords, change or delete course content, and change course enrollment. “The boy did not intend to do any serious damage, and didn’t, so the police withdrew and are allowing the school district to handle the half-grown hacker.”

“He’s a very intelligent 9-year-old,” said the police, “with no criminal intent.” Someone give that boy a lollipop.

Meanwhile a study in New York City points to one out of 6 city teens have tried hacking. Roughly 39 percent of the New York City teens said they think hacking is “cool,” and about 16 percent admitted to trying it. Seven percent reported they hacked for money, and 6 percent said they viewed it as a viable career.

I know some are going to look at this study and slam me for even acknowledging it. However in my own informal pole I’m seeing the same thing. Heck I have a 4 year old that’s in the process of hacking my network.  “Da-da, did you install spyware on my laptop?“Yes, but that’s beside the point!

Most kids know more about technology than their parents which makes a ripe situation for the kid heading down a rabbit hole and the parents unable to pull him out. How can mom or dad prevent the kid from doing something bad if they don’t understand it themselves? The solution? Up your technology and security vocabulary.  And install spyware on your kids PC, you might learn something.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing criminal hackers on Fox News.

Google Hack Whacks Passwords

Code named Gaia after “Greek Goddess of Earth” a Google single sign on password system was hacked in December.

The NY Times reports “the intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.”

Google is a significant part of many individuals and businesses online activities. Millions rely on Google every day to be fast, functional and most important, secure. A breach such as this may erode the confidence of Google users, but for many, they have all their eggs in one basket.

The hack occurred when a Google employee in China received an instant message over Microsoft’s IM program, and clicked and infected the link. Once the Google employees computers were hijacked the criminal hackers obtained access to his files and credentials. This gave the bad guy’s access to Google.

Google has since added layers of encryption and beefed up security for its data centers and end users.

However, now is a good time to go through all your passwords and change them up.

I’ve said this multiple times. DON’T CLICK LINKS IN EMAILS AND INSTANT MESSAGES. These links are merely conveniences.  All you have to do is either go to whatever the link may be in your favorites menu or search out the site online. Spend the extra 30 seconds to leapfrog the links and go there manually.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing a Google hack on Shepard Smith with Fox News.

Home Security Tips When Selling Your House

Selling a home is a big task requiring lots of time and effort. Most people use a professional real estate agent to help them sell (which I recommend), but many today are doing it themselves. When opening your home to strangers the risks to your families’ personal security increase dramatically.

First and foremost recognize that when you are placing ads and alerting the world to come inside and take a peek, you are going to have to make a few adjustments and begin to think differently in this process.

Secure valuables. Lock up or remove anything that you don’t want stolen. If you ever suspect or see someone steal something, let them have it. There is nothing material worth fighting over.

Be suspect of everyone. There isn’t any benefit in being paranoid; however, being a little guarded can keep you from getting into a vulnerable situation. Don’t just be wary of a man showing up unaccompanied. Expect them to show up in a nice car, well dressed, maybe with a wife and kids tagging along. They might have a business card saying they are a doctor or a lawyer. Don’t let your guard down.

When placing ads, all advertisements should state “Appointment only” “Drivers license required” and “Pre Approval Documentation Required.” There are all hoops the bad guy may not want to jump through and you vetting out those who are “just looking” at the same time.

Use the Buddy System. When you set appointments always schedule around a spouse or friends availability so they can join you. There is always strength in numbers. If you have to go it solo, when someone walks in, say, “I’d be happy to show you the benefits of this home! In a few minutes my friend Rocco will be along to assist me,” creating the illusion of the buddy system.

ID and pre-qualify at your first meeting. When you are meeting at your property, get some form of identification. Also, it is to your benefit that a potential client buying a home is pre-qualified. Someone who is pre-qualified by a lender is less likely to be a predator.

Safe open houses. Spend a few minutes considering all the vulnerable points within the home and how you would escape if necessary.

Dress for safety and success. Don’t wear expensive jewelry. A $3-5 thousand-dollar diamond buys a lot of drugs. Dress professionally instead of provocatively.

Pay attention to your intuition. Trust your gut, and don’t discount any troubling feelings you might have about your new prospect. The moment you sense danger leave the house.

Install a home security system. Home security cameras and a home alarm system are great selling points. Install these way ahead of time for security purposes. During showings carry a remote control for your alarm system that has a panic button and can alert law enforcement if you run into trouble.

Robert Siciliano personal security expert to Home Security Source discussing Real Estate Agent Security on Inside Edition.

Scareware Incorporates Customer Service

Robert Siciliano Identity Theft Expert

Fake anti-virus software called ’scareware’ pops up in your browser and begins to scan your hard-drive made to look like a legitimate scan. It often grabs a screenshot of your “My Computer” window mimicking your PCs characteristics then tricking you into clicking on links. Pop-ups bombard you and warn you that your PC is infected with an Ebola- like virus and your PC will die a horrible death with fluids running from all ports if you don’t fix it immediately for $49.95.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure.

The rougue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their PC.

The best way to prevent seeing a pop-up for scareware is using the latest Firefox or Internet Exploer browser. An updated browser lets few, if any pop-ups through. No pop-ups, no scareware. If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way. Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America.

Awareness Based Security Initiatives

When something bad happens in a neighborhood, like burglaries, car theft or violence, the residents will often “react.” First thing they do is call the local home security alarm dealer, then a locksmith and maybe the local police to give a speech. For some, this may be the first time they lock their doors.

Reacting to a bad situation is often the catalyst that gets people motivated to take control of their personal security. People develop a sense of fear and make these security decisions not because they are security conscious, but because they are scared. While fear is certainly a motivator, it doesn’t always teach us a needed lesson.

The main problem with fear based motivation is eventually that person will no longer have the imminent fear and they stop locking their doors or setting their alarms. They may even start leaving their keys in the cars ignition again. Now they are as vulnerable as they were before.

Benjamin Franklin once said “To be safe, means never to be secure.” What Benny meant was that the moment that you believe you are fully “secure”, when you have the belief that you no longer need to be vigilant, when the awareness wears off and you think “its not going to happen to me.” Now your guard is down and you are a better target for the bad guy.

Always keep your head up, lock your doors, install a home security system and leave it on. If you think you live in a neighborhood where “you don’t need to lock your doors” then you are delusional.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.

Stealing Identities of the Dead

Robert Siciliano Identity Theft Expert

Stealing the identity of the living is so 2009. Stealing the identity of the dead is so wrong, and so easy. It is made even easier by public records. A provision in federal law that reformed welfare in the 1990’s also created a loophole that could allow swindlers to obtain the Social Security numbers of the recently deceased.

In some state’s, Registry of Vital Records and Statistics include Social Security numbers on all certified death certificates. And anyone can obtain a death certificate from the registry for $18.

Wired reports Identity thieves filed for $4 Million in tax refunds using names of living and dead. A group of sophisticated identity thieves managed to steal millions of dollars by filing bogus tax returns using the names and Social Security numbers of other people, many of them deceased.

The thieves operated their scheme for at least three years from January 2005 to April 2008, allegedly filing more than 1,900 fraudulent tax returns involving about $4 million in refunds directed to more than 170 bank accounts. The conspirators used numerous fake IDs to open internet and phone accounts, and also used more than 175 different IP addresses around the United States to file the fake returns, which were often filed in bulk as if through an automated process.

The scam took advantage of the IRS’ quick turnaround in processing refunds for electronically filed returns. The IRS typically processes a refund request without verifying the taxpayer’s information — such as whether the taxpayer is alive — or confirming that the taxpayer is legitimately owed money.

Generally, a death is reported to the Social Security administration in a relative and timely fashion, but not always. As far as I can tell there is no form for merely “reporting a death” to the IRS. However, the IRS demands a final accounting, and it’s up to the executor or survivors to file the paperwork. When a taxpayer dies, a new taxpaying entity – the taxpayer’s estate – is born to make sure no taxable income falls through the cracks.

The 3 credit bureaus maintain a list of deceased based on the Social Security Administration’s data. However it can take a months for the bureaus to update their databases with information from the SSA. By contacting the credit agencies directly, you can report a death and have more confidence that the information will be used immediately.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News.