Springtime Home Improvement Scams Coming

This is the time of the year they come out of the woodwork. Scammers knocking door to door with promises of quality work for exceptionally low prices. The scams often include driveway repaving, chimney repairs, ductwork cleaning, and roofing scams. Toss a criminal handy man in there and you end up missing a jewelry box or wallet.

It doesn’t take much for a contractor to appear legitimate. A simple uniform, business card, truck lettering and a 4 color brochure will easily give the impression of legitimacy. And they may be legitimate, but that doesn’t mean you should just fork over a down payment.

Always do business with someone you know, like, and trust based on a referral. Consider well known brands that often vet out contractors/employees and have zero tolerance policies for shoddy work.

The Better Business Bureau is a great resource for consumers looking to deal with reputable companies. This is your best resource. Look them up on the local BBB website and search the internet to see if there are complaints

Get at least 3 bids to see who has the right price, and that may not be the cheapest either.

Confirm they are properly licensed and insured. In Boston, the Boston Herald reports “state Division of Professional Licensure said it conducted a sting in which it contacted electricians who advertised on Craigslist but did not include a license number, and asked them to come to a home to install a light fixture or socket. When the contractors arrived, officials say they were asked by state investigators posing as the homeowners to produce license information. Officials said some of the unlicensed electricians did not use their last names or demanded cash for payment.”

Get and check references.

Never provide a deposit of more than 25% and never give that deposit until the day they show to do the job.

Find out what kind of warranty they have and get it in writing.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse on Fox News.

Spyware A Major Identity Theft Threat

Spyware is sold legally in the United States. This software records chats, emails, browsing history, usernames, passwords, and basically everything a person does on that PC. Some spyware programs can record everything in a video file, which can then be accessed remotely.

This is all perfectly legal as long as the PC’s owner installs the software. It is illegal to install spyware on a computer that is not your own.

Spyware can be great if, for example, you want to monitor your twelve-year-old daughter who obsessively chats online, or your employees whose lack of productivity has you wondering if they’re watching YouTube all day.

Spyware also comes in the form of a virus, which essentially does the same thing. When you click a malicious link or install a program that is infected with malicious software, several different types of spyware can be installed as well.

Spyware can also take the form of a keylogger or keycatcher, a USB device similar to a USB flash drive, which can connect to a PC and piggyback the keyboard connection. Keycatchers have a made a splash in schools, where students plug them into the back of teachers’ PCs, trying to get test information ahead of time.

In England, two keyloggers were found plugged into public library computers. This would have allowed whoever planted the USB devices to access a record of activity on the compromised computers. “It’s unclear who placed the snooping devices on the machines but the likely purpose was to capture banking login credentials on the devices prior to their retrieval and use in banking fraud.”

Keep in mind that anyone with special access to a computer, including friends, family, and employees, poses the main threat. A cleaning person or security guard could always be paid to install spyware in order to record sensitive data.

Check your USB ports to make sure there are no mysterious devices attached to your PC. Prevent unauthorized password installation by password protecting the administrator account on your PC.

Only download files from trusted websites, and avoid torrents and software cracks, which are often seeded with spyware.

Never click “Agree,” “OK,” “No,” or “Yes” in a popup. Instead, hit the red X or shut down your browser by hitting Ctrl-Alt-Delete.

Keep your operating system’s security patches updated, and be sure to install the latest, most secure version of your browser. And Run McAfee Total Protection, including spyware removal.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing spyware on Fox Boston (Disclosures)

Home Invader Claims Insanity Defense

Certainly when someone hacks another person to death it is safe to say something is very wrong with them.

In criminal trials, Wikipedia defines “the insanity defenses are possible defenses by excuse, an affirmative defense by which defendants argue that they should not be held criminally liable for breaking the law because they were legally insane at the time of the commission of alleged crimes. A defendant attempting such a defense will often be required to undergo a mental examination beforehand. The legal definition of “insane” is, in this context, quite different from psychiatric definitions of “mentally ill”. When the insanity defense is successful, the defendant is usually committed to a psychiatric hospital.”

His defense was that he was insane at the time because of a rough childhood at the hands of an abusive mother. “We taught him the difference between right and wrong,” said Christopher Gribble’s mother. “I believe he knew it was wrong to kill.”

The home invasion goes back to 2009 where a gang of late teens and 20 something’s broke into a home while the mom and daughter were sleeping. The dad was away on business. In the course of events the mom died of a machete wound and the daughter was severely injured.

New Hampshire law makers are reexamining their death penalty law. The House is voting whether to make home invasions like this murder, a capital crime.

I say go for it. However it won’t be a deterrent. Criminals are criminals because the law has no consequence to them. Therefore you must protect yourself. At least lock your doors and invest in a home security system.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse™ on Fox News.

3 Year Old’s Identity Stolen To Buy Porn

A thief hacked into a woman’s checking account and used her daughter’s name on an electronic check to pay for an online porn subscription. The FBI believes this is a relatively new scam, with reports coming in from across the country.

The little girl isn’t a signer on the account, but the bank cashed the check for $29.95 made out to a porn company in her name.

“Somebody took money from me, somebody took my account number, somebody used my daughter’s name for porn,” the mother says.

According to the Colorado Banker’s Association, “any company you send a check to has enough information to steal from you… Online bill pay isn’t any safer because criminals have been known to hack into computers.”

That’s a serious statement from a bank representative. I can’t help but wonder if it was translated correctly? She went on to note that many checks were being cashed for small amounts, which doesn’t send a red flag to banks.

Consumers often overlook these smaller transactions, or “microcharges,” which are fraudulent charges ranging from 20 cents to $10. The victims of this particular scam would see the fictional merchant’s name and toll-free number on their debit or credit card statements. If they called to dispute a charge, the phone numbers would be disconnected or go straight to voicemail. Many frustrated consumers don’t even bother to dispute the charges.

This scam can often be fixed by paying attention to your statements and refuting charges within a specified time frame. You have up to 60 days, at most, depending on the nature of the card. Check with your bank.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing child identity theft on NBC Boston (Disclosures)

Android Apps Infected With A Virus

Are you one off the 33% of all mobile phones running the Android operating system?  The official Android Market is run by Google and there are over 150,000 applications with an estimated 3.7 billion downloads. More than 250,000 applications have been downloaded with a malicious virus.

The LA Times reports “Google is remotely removing virus-infected Android apps from thousands of phones and tablets in its continuing cleanup of what has become known as the “Droid Dream” scare. Last Tuesday, Google removed 21 free apps that were hacked and loaded with malware, and then distributed on the company’s Android Marketplace.”

Newer reports say more than 50 apps have been infected and removed.

From Google’s blog: “For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data.”

In response Google is remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.

You may be consider this a violation of your privacy that Google can just go into your phone like that, but, first, you agreed to it in their terms and conditions and second they are doing you a service and protecting you from a potential identity theft situation.

Google is sending out emails to all those affected and sending notification via the device itself to let you know what has happened.

If you are unsure if your phone was infected or simply want to be safe, I’d suggest backing up your phones data and re-install the operating system. Contact your carrier or visit your phones manufacturer for instructions.

Robert Siciliano personal and home security specialist to Home Security Source discussing mobile phone spyware on Good Morning America.

Managing a Digital Life: Snooping on a Spouse’s Email

Your spouse, boyfriend, girlfriend, or partner just headed out to do errands without logging out of his or her email account. The computer’s sitting right there. Would you feel compelled to check it out?

According to a recent study, there’s a good chance that you will eavesdrop on your significant other’s cell phone and email conversations.

38% of people who are younger than 25 and in a relationship have snooped on their significant other by reading private email. 10% of the time, this snooping revealed that the other person had been unfaithful, resulting in a break up.

36% of people in long-term, committed relationships indicated they check emails or call histories without their significant other’s knowledge. 3% of married snoopers discovered they were being cheated on.

33% of women say they snoop on their spouse or partner, while 30% of men do.

Is this okay? Trust is a fragile intangible that can be irreparably broken. But aside from the moral and ethical implications, is it legal?

CBS News reports, “An Internet law designed to protect the stealing of trade secrets and identities is being used to levy a felony charge against a Michigan man after he logged onto his then-wife’s Gmail account and found out she was cheating… [He] is being charged with felony computer misuse, and faces up to five years in prison after logging into the email account of now ex-wife…on a shared laptop using her password.”

So before you go clandestine and hack your honey’s Hotmail, know that the long arm of the law may toss you into the hoosegow .

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking email on Fox News. Disclosures

Identity Thief Steals Identity For 17 Years

This mess Joseph Kidd stole Larry Smith’s identity 17 years ago, when Smith was 50 years old. While operating under Smith’s identity, Kidd “spent time in jail, as sent to prison, paroled, obtained welfare and Medicare benefits, and got married.”

He did all this using Smith’s name, which means that Smith has had to deal with the imposter’s actions from afar, as if he himself had a criminal record, was married, and on welfare. While the real Smith has no criminal record, he spent eight days in jail because of Kidd’s crimes. The real Smith has had liens placed on his home, was denied medical care, and lost his driver’s license, all because Kidd stole his identity.

When people ask, “Why would anyone steal my identity? I have no money,” I point to Kidd. When they say, “But I have bad credit,” I point to Kidd. When they say, “I don’t have a computer or credit cards. I pay cash and I don’t bank online,” I point to Kidd.

This is what identity theft looks like. Identity theft goes way beyond your computer being hacked or your credit card number being used without your permission. What happened to Larry Smith is identity theft.

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing an identity theft pandemic on CNBC. (Disclosures)

Software Makes Dumbphones Smart for Facebook

Facebook for SIM, from Gemalto enables anyone to enjoy Facebook on all handsets, even if without a data connection or data subscription. With this technology, Gemalto brings Facebook to millions of mobile phone users regardless of their handset type.

Increasingly people want to be able to stay connected and communicate with their friends on Facebook anytime, anywhere,” said Henri Moissinac, Head of Mobile Business, Facebook. “Gemalto has developed a creative solution in Facebook for SIM that enables people without mobile data plans to stay connected to their friends on Facebook in an affordable way.”

Gemalto’s software development team has embedded the software application into the SIM. This ensures the Facebook application is compatible with 100% of SIM-compliant mobile phones.

From Wikipedia: “A subscriber identity module or subscriber identification module (SIM) on a removable SIM card securely stores the service-subscriber key (IMSI) used to identify a subscriber on mobile telephony devices (such as mobile phones and computers). The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.”

The innovative solution provides mobile subscribers with simple and convenient access to core Facebook features such as friend requests, status updates, wall posts or messages. It also offers unique functions: people can sign up for this service and log in directly from the SIM application. Interactive Facebook messages pop-up on the phone’s screen so people can always share up-to-the-minute posts and events. One can also automatically search their SIM phonebook for other friends and send them requests.

Facebook for SIM is extremely easy to use and is available to everyone. No data contract or application download is needed, because the software is embedded in the SIM and it uses SMS technology. As a result, it works for prepaid as well as for pay-monthly customers. Following an initial limited free trial period, Facebook for SIM then operates on a subscription model via an unlimited pass for a given period of time.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Search Engine Doesn’t Need Kids SSN

When Google launched Doodle-4-Google, in which children can compete to design Google’s homepage logo, they requested contestants’ Social Security numbers in an effort to prevent duplicate entries.

Americans have become accustomed to handing over the last four digits of their Social Security number as a password or identifier for various accounts and applications. But with the development of new technologies that have cracked the code for the distribution of Social Security numbers, the last four digits have become as sensitive and valuable as the first five.

The coder or marketer at Google who believes it’s reasonable to request the last four digits of children’s Social Security numbers is probably someone who readily shares his or her own number, which is not a good idea.

Researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

The New York Times reports, “Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number… So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.”

The primary issue here is new account fraud, or financial identity theft in which the victim’s personally identifiable information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Aside from subscribing to an identity theft protection service, it’s difficult to stop or prevent new account fraud. One way that online businesses can mitigate the issue would be to verify the reputation of the computer or smartphone being used to submit credit applications, rather than simply verifying the Social Security number or other identification information provided by credit applicants.

By evaluating a device for criminal history or high risk while its connected to the online site, creditors can automatically detect and reject fraudulent applications.  This worked very well for one Fortune 100 credit issuer.  A Forrester Consulting Total Economic Impact study found that the device reputation service provided by Oregon-based iovation Inc., identified 43,000 fraudulent credit applications and saved the financial institution $8 million USD over two years in reduced fraud losses and operational efficiencies that their fraud prevention process and team gained.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses child predators online on Fox News. Disclosures

Identity Theft Ring Operates From Federal Prison

For nearly a year, a prisoner at Fort Dix Federal Correctional Institution operated an identity theft ring from his jail cell. “Federal prosecutors say the man was able to get personal information communicated to him while in the prison, including names, addresses, and Social Security numbers of credit card holders at various department stores. He would then contact the stores and add additional users to the accounts or open new accounts in the person’s name.”

His eight accomplices, who used the fraudulent credit accounts to spend more than $250,000, recently pled guilty to charges related to identity thefts.

This type of organized crime ring is made up of many players, including:

Kingpin: This ringleader intimidates those on the outside into acting on his behalf while he’s behind bars. His associates are primarily motivated by money, but the kingpin often relies on violence to keep them in line.

Insiders: Department store employees had access to account data. These insiders violated the trust of their employer and fed the information to the ringleader in prison.

Mules: Street level criminals who don’t mind being recorded on surveillance cameras will often use the stolen accounts to make big-ticket purchases in stores.

Store clerks: Mules often need a cohort at the register who allows a purchase to be made without checking the mule’s ID.

Fences: The fraudulently purchased merchandise end up being handled by a fence, who sells the items on the black market or trades them for drugs. Fences often interact with drug dealers, who tend to have the money for purchases.

A similar group targeted Apple stores, obtaining stolen account numbers, which they used to forge credit cards and buy laptops, iPhones, and other items. Again, a ringleader orchestrated the scheme from behind bars.

This is what we are up against: organized criminals with no consideration for the law, working in trusted positions with access to our information. You can shred all day and limit the amount of information you give out. But your identity is at risk, no matter what.

It is important to observe basic security precautions to protect your identity. However, the safety of your information with corporations and other entities that you transact business with is very often beyond your control. Consumers should consider an identity theft protection product that offer daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)