Mobile Phones Being Hacked and Cloned

Cloning occurs when hackers scan the airwaves to obtain SIM card information, electronic serial numbers and mobile identification numbers, and then using that data on other phones.

Cloning can happen anywhere, anytime that you’re using your phone. The bad guy simply uses an interceptor, hardware, and software to make a phone exactly like yours.

A few years ago, I was in San Diego on business. Two weeks later I received a call from my carrier alerting me to $1500.00 worth of international calls I had not made. The activity triggered an alert within their system and they shut my account down.

Fortunately for me, my carrier recognized the fraud and relieved me of the charges, rather than me discovering it and having to fight to reverse the charges. Apparently, it was a known issue that scammers in Tijuana were cloning U.S.-based phones.

Anita Davis, another mobile clone victim, wasn’t so lucky. One month, her cell phone bill showed $3,151 worth of calls in one month, to Pakistan, Israel, Jordan, Africa, and other countries. Anita called her carrier immediately and told them she didn’t know anyone in those countries, or anyone outside the U.S. for that matter. She says, “They told me I had to have directly dialed these numbers from my cell phone and I needed to make a payment arrangement or they would send my bill to collections.” After begging and pleading, Anita convinced them to drop the charges.

The extent of your vulnerability varies depending on your phone and the network you’re on. Cloning mobile phones is becoming increasingly difficult, but consumers can’t do anything to prevent it from happening. The best way to mitigate the damage is to watch your statements closely. The moment you see an uptick in charges, contact your carrier and dispute the calls.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)



Dealing With Daily Digital Surveillance

Our everyday activities are being monitored, today, right now, either by self-imposed technology or the ever-present Big Brother.

Traditionally, documenting our existence went like this: You’re born, and you get a medical and a birth record. These documents follow you throughout your life, filed and viewed by many. You must present these records in order to be admitted to a school, to be hired, or to be issued insurance. You get a Social Security number shortly after birth, which serves as your national identification. These nine numbers connect you to every financial, criminal and insurance record that makes up who you are and what you’ve done. Beyond that, it’s all just paperwork.

But today, as reported by USA Today, “Digital sensors are watching us”:

“They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped.”

Then, of course, there are geolocation technologies that work in tandem with social media status updates, applications that track you and leak that data, and cookies on websites.

All of these technologies have been around for a while in one form or another. The difference is that today, databases are collecting and sharing that information like never before.

On top of that, new facial recognition technologies will connect your social networking profiles to your face, and that issue will be compounded when you share photographs that are geotagged with your location.

Knowing this, and understanding technology’s impact on what you once considered privacy, ought to resign you to the fact that at this point, privacy is kind of a dead issue. If you want to participate in society you have no choice but to give up your privacy (but not your security), to a certain extent.

Your new focus should be security. Secure your financial identity, so nobody else can pose as you. Secure your online social media identity, so nobody else can pose as you. Secure your PC, so nobody can take over your accounts. And please, there’s no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t just relinquishing privacy; you are compromising your personal security.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses Social Security numbers as national identification on Fox News. (Disclosures)

4 Reasons 2011 is the Year to Get Serious About Security

Prognosticators are silly. Or that’s how I’ve always viewed them, anyway. They combine past experience with their perspective on current trends to make predictions and pretend to be smarter than you.

Many prognosticators in the financial world have failed miserably, and we’re all paying the price now. Their current excuse is “irrational exuberance.”

But prognostication holds a bit more water these days, thanks to technology that can quantify and collate mass amounts of data to provide an educated guess.

Here’s me being a prognosticator: In 2011, unprecedented security issues will reveal just how vulnerable we are and highlight the flaws in our systems. In other words, we have a big challenge.

What makes me say this? Here are just a few reasons:

1. In recent months, “hactivisim” has become a popular term, even among non-technical people.

2. A new virus called Stuxnet has stoked anxieties about cyber warfare.

3. Cybercrime targeting the government has become bolder than ever.

4. Mobile phones are eclipsing wired phones, so software developers are more focused on mobile. But is your cell phone ready to be your bank?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. (Disclosures)


10 Types of Criminal Social Media Impersonators

Social media is the fifth form of mainstream media. At this point, most people know how to use social media, and how to navigate the various websites. But what most users don’t yet realize is how social media can be used against them.

Social media identity theft occurs for a number of reasons.

1.    An online impersonator may attempt to steal your clients or potential clients.

2.    Impersonators may squat on your name or brand, hoping to profit by selling it back to you or preventing you from using it.

3.    Impersonators who pose as legitimate individuals or businesses can post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.

4.    Impersonators sell products or services and offer deals with links to spoofed websites in order to extract credit card numbers.

5.    An impersonator poses as you, and even blogs as you, in order to damage your name or brand. Anything the impersonator writes that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.

6.    Impersonators harass you or someone you know, perhaps as revenge over a perceived slight.

7.    An impersonator steals a name or brand that has leverage, such as an employee, celebrity, or Fortune 500 company, as a form of social engineering, in order to obtain privileged access.

8.    An impersonator may be obsessed with you or your brand and simply wants to be associated with you.

9. An impersonator might parody you or your brand by creating a tongue-in-cheek website that might be funny and obviously spoofed, but will most likely not be funny to you.

10. An impersonator poses as an attractive woman or man interested in a relationship in order to persuade potential victims to send naked photos, which can then be used for extortion.

Social media sites could go a long way in protecting their users by incorporating device reputation management.  Rather than looking at the information provided by the user (which in this case could be an impersonator), go deeper to identify the computer being used so that negative behaviors are exposed early and access to threatening accounts are denied before your business reputation is damaged and your users abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media Facebook scammers on CNN. Disclosures.

Dumb Criminal Leaves Behind Charging Phone

Fortunately not all burglars are Tom Cruise like in a scene from Mission Impossible. While some are violent, most of them are bumbling buffoons who need their next fix and just jiggle door knobs and make a quick hit and run to sell your stuff for a $10 vile.

One such dumb criminal took advantage of people’s homes after power outages brought on by a winter storm in Maryland. In the course of the storms about 40 homes had been broken into.

In one burglary, as reported in the Washington Post, “as the burglar was rifling through the rooms in that house, the homeowner’s son arrived and startled him. The burglar jumped out a window and fled. The son called police, who searched the house. They were stunned at what was found: a cell phone, charging in an electric socket, that didn’t belong to the homeowner. The phone led police to the burglar, who is now charged in 10 burglaries.”

Apparently, at the burglar’s home he didn’t have any power and used the homes he had broken into to charge up his mobile.

This burglar when through a window and apparently the home didn’t have an alarm.

Protect yourself:

Install signage. “Beware of Dog” and “This House is Alarmed” neon signs for $1.98. One for the front door and one for the back door.

Go to the pet store. Get 2 big dog bowls, one for the front porch and one for the back. Write “Killer” in permanent marker on it. This gives the impression you have a big dog. You can even buy a barking dog alarm.

Lock your doors and windows. Install a monitored alarm system. Consider ADT Pulse that comes with a battery backup even when the poser goes out.

Give your home that lived in look. Leave the TV on LOUD while you are gone.

Install timers on your lights both indoor and outdoor. Close the shades to prevent peeping inside.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Cool Tools To Access Files Remotely

Whether you’re a road warrior or simply own multiple PCs and want access to all your data from anywhere, here are a few easy ways to do it, and one not so easy option.

All of these options are secure, as long as you don’t leave a remote PC logged into your account, or log in from a PC that is already infected with spyware or a virus. I only log in from trusted PCs like my own laptop.

LogMeIn gives you remote access to your PC or Mac from any other computer with an Internet connection, for free. Just install LogMeIn on the computer you want to access, and then log into your account from any other computer. You’ll be able to see your desktop and use all your applications, as if you were sitting right in front of your home computer, even if you’re across town, across the country, or across the world. LogMeIn Pro², a paid upgrade, adds additional features like file transfers and remote printing.

Orb is a free program that essentially turns your PC into a server. Once you’ve downloaded and installed Orb, you can use any Internet-connected device with a streaming media player (mobile phone, PDA, laptop) to log into mycast.orb.com and access all your digital media, anywhere, anytime. Orb is also compatible with the Wii, PS3, and Xbox, so you can enjoy your media on your television screen as well! While Orb is heavily focused on delivering digital media, it works with documents as well.

If you’re a Mac guy, then you’re all about Me.com. For $99 a year, Me.com gives you easy access to your most important stuff, including email, contacts, calendars, photos, and files, from one place on the web. And since any changes you make on Me.com are stored in the cloud, you can see them on all your other devices, too.

Mocha Remote Desktop is a free application that provides complete, secure access to all the files and programs on your work PC from your iPhone, iPad, or iPod touch, as long as your work computer is running Windows XP Professional, Windows Vista, or Windows 7.

Remote Desktop is built into the Microsoft Windows operating system. Not all versions of Windows have Remote Desktop functionality, though. Windows Professional and Ultimate editions generally include Remote Desktop by default. This is the cleanest example of real-time remote access technology, giving you the feeling that you’re sitting in front of your home PC’s desktop, from anywhere.

Setting up Remote Desktop is another story.

It’s easiest to do it from within your own internal network. If you want to use Remote Desktop from anywhere else in the world, you’ll need to configure your router and set up port forwarding, preferably with a Dynamic DNS account.

Personally, I like Remote Desktop best, but it takes serious time and effort to get it working the way you want.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses yet another data breach on Fox News. (Disclosures)

Beware Of PC Remote Access Assistance Scams

Admittedly, I don’t know EVERYTHING about computers. I know enough to break them and enough to fix them most of the time. But, occasionally I need help.  Generally that help comes in the form of remote assistance from Dell, where I buy all my PCs.

With each PC I get the 3 year Dell warranty, so if something fails they replace or will come in remotely and fix. Just this week, my built in webcam failed. Little bugger was working just fine, then, nothing.  So I reinstalled the software, rebooted and still no webcam. My fear was the hardware failed so I called Dell.

Dell tech support agents always request the user log into a website and punch a code, and then download a program that allows for them to come in and remotely access my PC to diagnose the issue. Every time this occurs I watch each move they make so I’m comfortable knowing they aren’t downloading or installing anything not approved to later access my PC. That said, I trust Dell and don’t think they’d do that, but its good security to watch.

The Windsor Star reports “police are warning people about a new scam to hit the area after criminals almost duped a man into handing over remote access to his computer, along with all his personal and financial information. The so-called technician started by telling the man his computer had sent an error message to Microsoft and he was calling to help him rectify the problem. The scammer told him to press “Windows Key + R” which opens the “Run” dialogue.”

Fortunately, the intended victim got suspicious and hung up.

In this process, if the victim moved forward, he would have inevitably downloaded a program and installed it on his PC that would have allowed the criminal the ability to come into the persons PC any time he wanted.

Any time anyone emails or calls you with a ruse that your PC needs attention, just hang up or delete the email.

And as for my webcam? Dells tech went into my device manager and uninstalled the cam and went to Dells website and got an updated version of my cams software. Apparently, an update I did corrupted the cameras software and the version I had was conflicting. I could have figured this out and it might have taken me another 30-90 minutes to do so. But one quick call to Dell and 10 minutes later it was done. Nice.  Not all remote assistance is bad.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

The Ever Present Credit Card Scam

The Ever Present Credit Card Scam

When people ask me, “How do I protect myself from credit card fraud?” I tell them, “Cancel the card, or never use it.” Because that’s the only way. Otherwise, all you can do is hope the merchant has a sophisticated system in place to mitigate the fraud.

The FBI’s Internet Crime Complaint Center’s Annual Report determined that the total dollar loss from all cases of fraud in 2009 that were referred to law enforcement by IC3 was $559.7 million; that loss was greater than 2008 when a total loss of $264.6 million was reported. Some estimate identity fraud in total at over $50 billion.

Flaws in the system used to issue credit facilitate new account fraud, since creditors often neglect to fully vet credit applicants with technology as essential as device reputation. Account takeover requires nothing more than access to credit card numbers, which can be accessed by hacking into databases or skimming cards at a point of sale terminal, ATM, or gas pump.

You should be aware of these common scams:

Micro Charges: Micro charges are fraudulent charges ranging from twenty cents to ten dollars. The idea is to keep the amounts low enough to go unnoticed by cardholders.

ATM Skimmers: Criminals can place a card reader device on the face of an ATM to copy your card data. The device, which appears to be part of the machine, may use wireless technology to transmit the data to the criminals. In many cases, thieves will also hide a small pinhole camera somewhere around the ATM (in a brochure holder, mirror, or speaker, for example) in order to record PIN numbers as well. Always cover the keypad with your other hand when entering your PIN.

Dummy ATMs: ATMs can be purchased through eBay or Craigslist and installed anywhere. (I bought one from a guy at a bar for $750.) A dummy machine has been programmed to read and copy card data.

Phone Fraud: The phone rings and it’s a scammer claiming to be calling from your bank’s fraud department. The scammer may already have your entire card number, which could be stolen from another source. You might be asked about a fictional charge you supposedly made, and when you deny it, you’ll have to provide your three to four digit CVV number in order to have the charge removed. Never give out this type of information over the phone.

Phantom Charges: When searching for something on the web, you come across a great deal. In the process of ordering, the website informs you that a discount is available along with a free trial of another product. Thinking you’re saving money, you take the bait. The next thing you know, your card is being charged every month and the company makes it very difficult to cancel the charges.

Look for and do business with companies that have a comprehensive, defense-in-depth approach to protect consumers against identity and financial fraud. Check your credit and banking statements carefully. Scrutinize every charge and call your bank or credit card company immediately to refute any unauthorized transactions.

(Be sure to do it within 30 or 60 days at most, depending on the type of card.)

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses ATM skimming on Extra TV. Disclosures.

Government Moves Away from SSN as Identifier

The Department of Defense proclaims, “The national security depends on our defense installations and facilities being in the right place, at the right time, with the right qualities and capacities to protect our national resources.” But by relying on Social Security numbers as primary identifiers, this same organization puts the identities of soldiers and their families at risk.

Last month, four West Point professors released a journal article arguing, “Despite the Defense Department’s recent advances in protecting personally identifiable information (PII) such as Social Security numbers, the military continues to have a ‘cultural disregard’ for PII.” The professors also pointed out that since the first digits of a Social Security number can be deduced based on birth year and location, restricting use to the last four digits does not adequately preclude identity theft.

In 2007, an Office of Management and Budget memo ordered agencies to eliminate all nonessential uses of Social Security numbers, and the Department of Defense is currently working on limiting its use of the numbers.

If you are a soldier or have a family member away on leave, there are two ways to protect yourself or your family member:

1. Place an “active duty alert” on your credit report. To place or remove an active duty alert, call all three of the three nationwide consumer reporting companies: Equifax, Experian, and TransUnion. Each will require proof of the soldier’s identity, which may include their Social Security number, name, address, and other personal information.

Equifax: 1-800-525-6285

Experian: 1-888-397-3742

TransUnion: 1-800-680-7289

2. Whether or not you are a member of the military, consider subscribing to an identity theft protection service, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Snow Removal Scams Plague The Elderly

The lowest of low life scammers generally prey upon the weaker and often the frail. And all too often that is children or elderly. In this case, snow removal scams happen when we have winters like this one where snow is piling up 6-10 feet over the course of the season.

Daily television news reports highlight roofs collapsing as a result of the heavy snow piling up and people go into panic mode and shovel off their roofs. None of this ever may sense to me especially due to the fact you are more likely to fall of the roof and break a bone than your roof being in danger of collapsing.

NECN reports “an 86-year old man who lives in Amesbury, Massachusetts was embarrassed and nervous after police say he paid an area contractor 48 hundred dollars to clear snow from his roof.”

Strangely the contractors’ last name that did the dirty deed was named “Snow”. Title should read “Scammer Snow snows senior with snow swindle” I should be a writer.

“The Snows are known to authorities throughout the area– in fact — across the country for allegedly preying on elderly people, charging them exorbitant prices for snow removal, paving and construction jobs.”

This kind of scam happens much more frequently than one would think. Before you or anyone you are a caretaker for goes and spends any money on snow removal from a roof, contact your local building department to get an idea if your property is at risk.

Otherwise when making any kind of investment in snow removal expect to pay less than $50.00 per man, per hour plus any heavy equipment charges and get an estimate of how long the project will take. Further, demand the contractor provide a certificate of insurance should something go wrong.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.