Couple Poses As City Inspectors To Rob Homes

NECN reports “a husband and wife from North Carolina are in court in Massachusetts charged with scamming their way into homes. Police say the couple stole from a house by posing as electrical inspectors. The 75-year-old homeowner says he and his wife were distracted by a woman while man ransacked their home. It turned out they were able to frighten their intruders away and nothing was stolen but investigators believe lots of other people were robbed by the couple in many other states.

“This is how they make their living.  This is what they do,” said the Deputy Chief. When they were picked up by police, they allegedly had more than $60,000 in cash and stolen goods with them as well as two children ages 8 and 10.”

What a mess.

This is a common trick a burglar may use to invade your home.  I did this on the Montel Williams Show to prove a point. It was real simple. I ring the door bell standing in the doorway with a clip board, measuring tape and wearing a tool belt, a green jumpsuit and have a badge saying I’m from the local water company. The homeowner, a woman says “Hello, how can I help you?” and I inform the homeowner that I’m with the water company and need to come inside to check the “colorization” and PH of their water.

Every door I knocked on the person let me in. Some people were a little more resistant, but I still got in.

The previous message isn’t a “How to” it’s a “Look for this” so don’t go getting any bright ideas Kojack.

We are a kind, trusting and civil species. We trust by default. We want to help, we want to accommodate and we don’t ever want to think “bad” is on the other side of the door or “bad” will ever happens to us.

There’s lots of bad out there. And sometimes it has kids in the car waiting. What a mess.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Montel Williams.

Elderly Scams Heating Up

Unfortunately the media is reporting lots and lots of scams directed towards the elder population. We’ve discussed these scams at length in these posts, and we are going to again today. As long as there are victims, we need to be reminded of how to protect those who need protecting.

Real time – real life examples are often the best teaching tool providing insight to the scammers process and what to look out for. Print this out or email it to someone who needs to be reminded:

Austin Texas, April 4, 2011: The austindailyherald.com reports “an 85-year-old rural Austin woman is out $3,800 after getting scammed by someone she believed was her granddaughter. The person told her she had been in a car accident in Mexico and needed her to wire money to pay for the accident.”

Perry County PA, March 22: WHPTV.com reports “An 84 year old woman fell victim to a phone call scam from someone saying they were from law enforcement and that her grandson needed bail money. They claimed he was in jail in Haiti. The scammer then put someone else on the line who claimed to be her grandson. She provided her credit card information and a driver’s license number. A charge was later received for $1400. That charge was made in Canada.”

Chicago IL, April 4: The Chicago Tribune reports: “An 86-year-old Tinley Park woman who told police she handed over her savings last week to a man she thought was investigating an earlier scam against her. A con artist posing as an investigator — in this case reportedly wearing glasses, a tan coat and dark dress pants and flashing a gold badge. A Chicago ring whose members allegedly posed as an FBI agent as well as bank and credit-card fraud investigators and stole roughly $100,000 from about 20 elderly victims.

In another Chicago case, an 80-year-old woman was persuaded by a police impersonator to withdraw $18,000 to pay her husband’s bail. She was so panicked, police said, she forgot to check if he was in jail.”

Toronto, April 7th: CityTV.com reports “Man charged with scamming 95-year-old woman out of thousands. Conman duped woman into paying him for furnace repairs he didn’t make. It began when the victim answered a knock on the door of her home.  “He comes to the door and said, ‘I’d like to see the heater,” .The elderly woman let him in and the suspect went down in the basement and stayed there for quite some time while she waited upstairs. When he came up, he said she owed over $7,000.  She told the man she didn’t have that kind of money on her, and he allegedly convinced her to approve a bank withdrawal for the amount.

I repeat: Print this out or email it to someone who needs to be reminded.

I feel like I need to take a shower with a Brillo pad.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Facebook Used To Stop Home Invasion

This is just the greatest story about social media used for doing good EVER. A University of Georgia student was in bed when masked men invaded his home and tied up his 17-year-old sister and his grandmother.

The student wakes up and probably heard yelling and realized what was happening; apparently he didn’t have his phone so he took his laptop and hid in the attic. He logged into Facebook and wrote as a status message “someone please call 911, no phone, hiding in my house, robbery,”

CNN reports “His best friend called police, and sheriff’s deputies arrived, the men scattered as soon as police arrived. But they arrested one of the suspects while two, possibly three, others got away.

They quoted him as saying “Facebook was like the only thing where I knew I could reach someone instantly that was on chat.”

I’ve always recommended having a phone by the bed. I have both a land line and my mobile ALWAYS accessible by the bed.

If the home invaders bypass all the solid core doors and other layers of protection I have in place and for whatever reason my home security alarm is disabled (which isn’t very possible because it’s battery backed and wireless), or the dog doesn’t attack them and they cut the phone lines or simply take a phone off the hook, then my mobile is right there.

Long story short, have a mobile by the bed, or at least a laptop so you can post a status update that you’ve just been invaded by masked thugs. Unbelievable!

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.

The Rise of Smartphones

More consumers than ever before are buying smartphones. A smartphone is an Internet-enabled mobile phone with the ability to purchase and run applications. Smartphones are generally equipped with voice, data, Wi-Fi, Bluetooth, and GPS functions. Operating systems include Google’s Android, Apple’s iOS and Windows’ Mobile 7. Most function on a 3G wireless connection and can switch to Wi-Fi when it’s available. Newer models are being built to accommodate the upcoming nationwide deployment of 4G wireless networks.

“Worldwide mobile phone sales to end users totaled 417 million units in the third quarter of 2010, a 35 percent increase from the third quarter of 2009, according to Gartner, Inc. Smartphone sales grew 96 percent from the third quarter last year, and smartphones accounted for 19.3 percent of overall mobile phone sales in the third quarter of 2010.”

In the U.S, there are 293 million cell phone subscribers and cell phone penetration is  over 93%. In 2010, more than one in four households had cell phones and no landlines, which is an increase of 2.1% over 2009. Almost one in six households use cell phones exclusively, despite having a landline. Wordwide, there are 5 billion  smartphones in use.

The number of mobile broadband subscriptions surpassed the half billion mark in 2010, and in 2011 broadband subscriptions are expected to exceed one billion. As more and higher speed networks are built, more consumers will gravitate toward the mobile web. Smartphone users are downloading billions of apps and spending millions via mobile payments. In fact, for the younger generation, smartphones are used for a majority of ecommerce transactions. Many of these people haven’t been inside a bank in years!

Taking Security Measures.

As more people switch to smartphones, mobile security concerns increase. Here are a few reminders to help keep your data secure on your phone:

1) Use a PIN to lock your phone: 55% of consumers do not use a PIN to lock their phones. Mobile content is especially vulnerable to hackers and thieves.

2) Don’t store banking passwords on your phone: 24% of consumers store computer or banking passwords on their smartphones. 40% of consumers say losing their phone would be worse than losing their wallet, and two million mobile phones are lost or stolen every year. That’s one every fifteen seconds.

3) Register for a service that can remotely locate, access and wipe your phone: There are services that can remotely access a lost phone, pinpoint its location, and, if necessary, wipe the data from the phone. Now is the time to consider investing in one, before you lose your phone.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto. (Disclosures)

“Digital Goods” Fraud is Big

The Wall Street Journal reports that digital items within games and social networks accounted for $2.2 billion in sales in 2009, and are expected to account for $6 billion in sales by 2013. Billions more are spent on music and other downloadable digital media.

“Digital goods” are any products that are stored, delivered, and consumed electronically. Within a variety of online communities, including social media and online gaming websites, “virtual currency” is used to purchase virtual goods. Clothing and supplies for Second Life avatars are examples of virtual goods, which sometimes add points and enhance the player’s status within the game.

While it may be “hard to imagine fraudsters’ interest in items like computerized swords for a fantasy game…these goods are often easier to obtain than physical goods and criminals have learned that there are ways to convert them into cash.” Criminals can use stolen credit cards to purchase digital goods, and then sell them at a discount, “the online equivalent of selling stolen Rolexes on the street corner.”

The difficulty for digital goods merchants is the nearly instantaneous delivery. A traditional merchant must physically process and ship an order, which leaves time for more scrutiny. But with virtual goods, there’s little time to investigate the validity of an order.

When a credit card is not physically present, merchants can protect themselves by leveraging device reputation analysis. iovation’s ReputationManager 360 is used by many of the world’s largest gaming sites and digital goods providers. Gaming operators can customize business rules around geolocation, velocity, and negative device histories (including gold farming, code hacking, virtual asset theft, and policy violations) to identify nefarious accounts activity, or fraudulent use of stolen accounts. More than 2,000 fraud-fighting professionals who contribute to iovation’s global database every single day continue to strengthen the system, while maintaining a safe and inviting environment for their players.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Epsilon Breach Reminds of Security Awareness

Epsilon is a marketing company that has millions of emails on file of consumers who have made purchases or are affiliated with various banks, retailers, hotels etc. Epsilon sends over 40 billion emails out a year and was recently breached in a hack attack. Consumers are now receiving breach notifications from the likes of financial institutions such as Citigroup, Capital One and JPMorgan Chase, and hotels such as the Marriot and the Hilton.

The result of the breach will mean consumers will receive phishing emails that look like one of the legitimate entities breached but are in fact fake trying to trick the victim into entering their usernames and passwords or providing personal information such as credit cards or even Social Security numbers.

This is made possible by the fact that the consumer is accustomed to receiving similar emails on a regular basis and may not be able to tell the difference between a real or fake.

This breach should unquestionably heighten consumers’ awareness of their personal security in regards to their information security and also their physical security. Criminals are targeting the public in more ways today than ever before.

Being overwhelmed and paranoid is unnecessary, but being alert and focused is essential.

A constant vigilance is required in order to protect yourself and family from the onslaught of scams and potential violence that is being perpetrated every moment of every day.

Meanwhile:

Never enter personal information into an email not initiated by you.

Never click links in an email. Go to your bookmarks or manually type in the address.

Consider changing up your email address if it has been breached.

Change all your passwords to different passwords. No two accounts should have the same password.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Study Shows Single Software Security Incidents Costs Average $300,000

A recent study of more than 150 organizations conducted by Aberdeen Group(1) found that the average total cost to remediate a single application security incident is approximately $300,000. As security incidents can happen at any point in the application life cycle, modernization initiatives can prove especially costly if they are not proactively secured from development to operations.

“Application security” is an often used term when, during the software development cycle, the software or application goes through a series of “penetration tests” designed to seek out vulnerabilities that could be exploited in the field. It is important to understand that flaws, bugs, holes, vulnerabilities, or whatever you call them, are often detected after the launch of software. This costs companies big bugs when a security incident arises.

While both developers and criminals have many of the same tools, the bad guys seem to have an edge and are often able exploit those flaws before developers can find and fix them.

HP today announced the first application security analysis solution that discovers the root cause of software vulnerabilities by observing attacks in real time.

HP Fortify Real-Time Hybrid Analysis, used in concert with the new HP Fortify 360 v3.0 and HP Application Security Center 9.0, helps organizations proactively reduce business risk and protect against malicious software attacks.

Enterprises using the new HP offerings can deliver the application security intelligence required to effectively manage risk across the life cycle. By taking a pragmatic approach that secures applications from development to operations, organizations can develop a scalable, repeatable and cost-effective security assurance program to further reduce risk.

“The traditional approach of single-point security solutions helps secure parts of a business, but limits enterprises from making informed decisions,” said Joseph Feiman, vice president and fellow, Gartner. “To make optimal security and risk management decisions, enterprises must move from technological security silos to enterprise security intelligence. This can be achieved through the interaction of different technologies as well as contextual analyses of integrated security and business information.”

Based on advanced application security technologies, the new solutions help clients:

—  Immediately respond to business threats: With new technology that correlates code-level analysis, HP Fortify Real-Time Hybrid Analysis allows organizations to observe security attacks as they happen to identify the point of vulnerability in code;

—  Manage enterprise risk from applications: Proactively protect against threat risks and address compliance requirements through HP Fortify 360 Server, which detects security vulnerabilities across architectural layers and prioritizes remediation;

—  Accelerate innovation with the latest technologies: Through expanded automation and web services testing capabilities, HP WebInspect 9.0 and HP Assessment Management Platform 9.0 increase security testing coverage of complex Web 2.0 applications;

—  Enhance productivity through greater collaboration: With new features that centralize vulnerability and remediation issues, HP WebInspect 9.0 reduces the time to recreate and fix security defects, allowing developers, quality assurance and security teams to cover more applications with fewer resources; and

—  Protect the integrity of the enterprise: Providing new programming language support and integrations with HP WebInspect, HP Fortify On Demand tests the security of all applications quickly, accurately and affordably.

“Applications bring new enterprise opportunities, but the threat landscape is constantly evolving,” said John M. Jack, vice president, HP Fortify business unit, Software, HP. “With new advanced real-time security technologies, HP is delivering the application security intelligence needed to drive innovation while lowering the enterprise risk associated with it.”

These new security solutions are key elements of the HP Security Intelligence and Risk Management Framework, which helps businesses and governments in pursuit of an Instant-On Enterprise. In a world of continuous connectivity, the Instant-On Enterprise embeds technology in everything it does to securely serve customers, employees, partners and citizens with whatever they need, instantly.

The new HP Fortify releases, part of HP Hybrid Delivery, are offered through multiple delivery models, including on-premise, on-demand software-as-a-service and managed services.

Robert Siciliano is an Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Twitter Scam Hooks Thousands

Twitter’s numbers are astounding. In the physical world, when communities become larger and more densely populated, crime rises. The same applies to online communities.

CNET broke down Twitter’s recent blog post, which celebrates their significant numbers: “It took three years, two months, and one day for Twitter to hit 1 billion tweets; now, a billion tweets are posted in the course of a week. An average of 460,000 new accounts were created per day over the past month, and an average of 140 million tweets were posted per day. Twitter now has 400 employees, 50 of whom have been hired since January.”

Spammers, scammers, and thieves are paying attention.

Techland reports, “At least 10,000 Twitter users fell for a scam that spread like wildfire across the social networking site early today. Quick action by link shortening service bit.ly – as well as thousands of people retweeting warnings – brought the scam attack under control in a few hours.”

Common Twitter scams include:

Hijacked Accounts: Numerous Twitter accounts have been hacked, including those of President Obama and, recently, Ashton Kutcher. Kutcher’s account was most likely “Firesheeped,” which can occur when a wireless device is used to access an unsecured site.


Social Media Identity Theft: Hundreds of imposter accounts are set up every day. Sarah Palin, St. Louis Cardinals coach Tony LaRussa, Kanye West, The Huffington Post, and many others have been impersonated by fake Twitter accounts opened in their names.

Worms: Twitter has been plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.

Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

Social media sites could go a long way in protecting their users by incorporating device reputation management. Rather than accepting information provided by an anonymous user, device reputation allows social sites to leverage knowledge about a device’s history—which could include spam, phishing attempts, predatory behavior, profile misrepresentation and even credit card fraud.  Device reputation alerts businesses to suspicious behavior exhibited while bad actors are on their websites, uncovers the device’s true location, and exposes hidden relationships to other high-risk accounts and devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media hacking on Fox Boston. (Disclosures)

Epsilon Breach Will Impact Consumers for Years

This week consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton HHonors and others, letting them know that their e-mail addresses have been exposed due to the recent Epsilon data breach.  This provides a perfect opportunity for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords.  Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing  or spear phishing ones.

Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades. Email addresses fall in the middle because consumers have the ability to change them, but often weigh the pros and cons and keep them for convenience sake.  This is what makes getting phished a higher probability.

McAfee Labs believe scammers will probably wait until they figure out how best to turn their scams into money, and may wait until the news cycle dies down.  That’s why it is important for consumers to stay vigilant for a period of time…really for the entire time you posses a hacked email address.

Here are some tips for consumers to stay safe:

– Consider ditching your compromised address and starting new.

– Be aware that companies will never ask you for credit card information or other personal information in email.  If you are being asked to provide that information, it’s a scam.
– If you are suspicious of an email, go directly to the Web site of the company that purportedly sent it and don’t follow links in the email as those may be fraudulent. Call the company’s number listed on their Web site, not the number in the email as that may be a fake
– Consider unsubscribing from email communications and re-subscribing using a new email address for commercial communications. That way you know that messages that land in that new inbox are more likely to be genuine as the new address wasn’t part of the breach

– Use the latest security software, including Web security features to protect you from going to malicious Web sites such as phishing sites

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing the Epsilon breach for McAfee on Fox News. (Disclosures)

Home Invader Gets Life

The trial and sentencing of a New Hampshire home invasion that goes back to 2009 where a gang of late teens and 20 somethings broke into a home while the mom and daughter were sleeping is over. The dad was away on business. In the course of events, the mom died of a machete wound and the daughter was severely injured.

CBS News reports “Judge Gillian Abramson imposed the mandatory sentence of life without parole, telling Gribble (the lead home invader/murderer), “infinity is not enough jail time.”

Gribble claimed the insanity defense and admitted he did it along with a guy named Spader and that they intended to kill anyone they found in the house.

“Most of Gribble’s knife blows targeted the girl. A lead investigator said that even as she lay on the bedroom floor bloodied and feigning death, she opened one eye and watched as Gribble plunged a knife into the throat of her mother, Kimberly Cates.”

The father said in a victim impact statement:  “I’ve lived the accounts of Kim’s murder one excruciating blow after another. Through these accounts I have heard my wife’s last breath, heard my daughter’s screams, seen my daughter’s perfect body mutilated. I don’t have any illusions this invasion of the sanctity of our home will ever be behind us. Jaime and I won’t live a day without thinking of the horrific things that happened in our home and that Kim will never again be with us.”

Here are 5 tips to help keep you safe and prevent a home invasion:

1. Never talk to strangers via an open or screen door. Always talk to them through a locked door.

2. NEVER let children open the door. Always require and adult to do it.

3. Install a home burglar alarm and keep it on 24/7/365. With a home alarm system on, when someone knocks on the door, a conscious decision has to be made to turn off the alarm. Most people will keep it on.

4. Not all home invaders knock, some break in without warning.  Just another reason to have that alarm on.

5. Install a 24-hour camera surveillance system. Cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.