Prankster Creates and Kills Fake Social Media Profiles

This is just weird, but what about social media isn’t weird? We “friend” people we’ve never met. We share our plans, location, and mother’s maiden name with the world.

In New Zealand, weird can be defined as a 28-year-old Auckland woman who created and used several fake online profiles depicting young, pretty women to befriend unsuspecting high school boys.

I can definitely see my 16-year-old self falling for this.

Sometimes, after creating a fake Facebook profile, the woman would use her other online personas to break the news that her fictitious creation had been killed, referring her high-school friends to a tribute website where they could leave messages mourning the dead young woman. So far, around 40 of this scammer’s young victim’s have been identified.

What a bizarre prank, playing on the emotional wellbeing of a kid!

Making it even more macabre, the scammer borrowed profile pictures of real Facebook users, as well as pictures of their children, friends, and family, and created memorial videos eulogizing them. Posing as the mother of one of her creations, she informed one boy that her daughter was in the hospital after a suicide attempt.

The woman committing these acts is either extremely disturbed or extremely intelligent. Either way, it’s very creative and probably prone to copycats. This woman should be banned from the Internet entirely.

Social media sites could go a long way in terms of protecting their users by incorporating device reputation management. Once a user has been banned, device reputation allows websites to analyze the history of that user’s computer or other device, which may have been used for spam, phishing attempts, predatory behavior, profile misrepresentation, or even credit card fraud.  Device reputation alerts businesses to suspicious behavior, uncovers the device’s true location, and exposes hidden relationships to other high-risk accounts and devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media scams on CNN. (Disclosures)

Match.com Screening For Sex Offenders a Partial Solution

Dating website Match.com is being sued by a woman who was raped after meeting with a man through Match.com. In response, the website has initiated a system to vet out sex offenders by checking registered users against sex offender registries.

Will this prevent sex offenders creating Match.com profiles? No. Will this prevent sex offenders from raping women they meet on the site? Of course not.

Is it necessary for Match.com to seek out and remove sex offenders? Of course it is. Even though there may be some false positives, even though it’s an imperfect system, it adds a layer of protection that will certainly vet out a bad apple or two, or thousands.

When someone subscribes to a dating site and begins the search for a mate, there is an implied assumption that Match.com has somehow validated other users. While that is definitely not the case, the reality is that new users are approved based on having a working credit card.

Going forward, sex offender registry checks will help, but anyone who meets dates online needs to realize that they are essentially on their own, and that no website can be with you on a date, protecting you from a sex offender.

Dating websites can try to prevent sex offenders from reregistering by recognizing and banning the email addresses or credit cards of unwanted users, but these are imperfect and less than effective security measures.

Dating websites could incorporate another layer of protection, such as vetting the computer used to create the profile in the first place. Device reputation management spots online evildoers in a fraction of a second, by examining the computer, smartphone, or tablet used to connect to the dating website or social network. If a device is associated with unwanted behavior, such as spam, online scams, fake profiles, bullying, or predatory behavior from a previous ban, the website can reject the new account or transaction.

Arguably, dating sites should not have to do any of this, but implementing new layers of security is the appropriate response to an unfortunate tragedy. Let’s hope dating sites get better at policing their members.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating security on The Tyra Show. (Disclosures)

Scams Setting Record Pace

There is limit to what the criminal scammy mind can conjure up.

KMOV reports Scammers have been using military photos to trick unsuspecting women on dating websites into giving them money.

The scam artists use pictures of soldiers and post them as their own. Once they convince the women to trust them, they ask for money. The military says it gets a lot of complaints about scammers swiping official military photos and using them to create dating profiles.

Fox Memphis reports The Shelby County Office of Preparedness is keeping flood victims from becoming scam victims, and making sure they stay safe from fake contractors.

Homes across the county are going to need home repairs due to flooding, so the Office of Preparedness is asking contractors to register their business. The office will then issue ID cards that let flood victims know the contractor is real.

But it’s not just “people” getting scammed. It’s big companies too.

The Star Tribune reports A man admitted that from December 2004 through December 2005 he submitted phony invoices to Best Buy on behalf of his shipping company for electronic equipment that was never sent. He had Best Buy send the payments for those invoices, amounting to more than $900,000, to a post office box in Glenolden, Pa.

CliffView pilot reports A Hudson County con man admitted his role in a scheme to steal more than $4.4 million from several Voice Over Internet Protocol service providers by setting up shell companies that he and his cohorts claimed operated from the Empire State Building and other prominent addresses. His victims included AT&T, Cordial Communications, Digerati Networks, France Telecom, and others.

Whether you are an employee from a big or small company or just a concerned citizen you must keep your head up and pay attention to the “intentions” of all those you come in contact with. Whether over the phone, email, internet or mail, scammers are in full force and looking for their next mark.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse on Fox News. Disclosures

Security Expert’s Credit Card Hacked

An excellent way to improve one’s level of security intelligence is to follow the writings of Robert X. Cringley, one of my favorite technology know-it-alls.

Anyway, Cringley’s credit card was recently hacked. And if his card can be hacked, anyone’s can. Like many cardholders, Cringley received a notification from his credit card company’s fraud department, informing him that his card data was being used overseas, on an online dating website.

A scammer used Cringley’s credit card number to create a fake profile, posing as a woman named Katya to lure desperate, unsuspecting men into dating scams.

Cringley determined that the IP address associated with the fraud was anonymized, going through numerous channels to disguise its origin. A Russia-based email address may mean Russian criminals are involved in the hack.

Cringley’s card was used to purchase Badoo credits, which are used to unlock certain features of the dating website, such as chatting with another user or requesting photos. The scammer used Cringley’s card to buy Badoo credits in numerous countries, making her profile internationally accessible.

Cringley surmises that his card data may have been skimmed when he used an ATM or handed his credit card to a store clerk or waiter, or possibly stolen when used to make an online purchase. Even if you are giving your card number to a legitimate online merchant, there’s always the risk they may get hacked. It’s also possible than an unknown worm could have slithered onto Cringley’s PC and sniffed out a credit card transaction.

Even a security expert’s PC can fall victim to hackers, and even someone who knows plenty about security can get hooked. So you must be that much more alert, aware, and on top these issues.

Websites like Badoo can eliminate scammers with device reputation scanning. Real-time device reputation checks, such as those offered by iovation, can detect computers that have been used for fraud, as well as expose all of the accounts associated with the suspicious device or group of devices, allowing websites to immediately shut down sophisticated fraud rings and fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures)

‘Familial DNA’ Helps Catch Killers and Rapists

Along with your neighborhood watch program and wireless home alarm system you should be comforted to know that there are technologies out there being put to use that help catch the bad guy.

Many of us by now know that a sample of Osama bin Laden’s DNA was used to effectively identify him. But how? They didn’t have his original DNA until his death, but they did have samples from bin Laden’s family members, and scientists were able to match them up and determine they had their man.

This is called Familial DNA.

In Las Angeles police captured a serial killer dubbed “Grim Sleeper”, based on pulling his sons DNA. Prior to the Grim Sleepers arrest, his son was arrested for an unrelated charge. From that arrest they pulled his DNA, and it was a partial match to the DNA found at the crime scenes of his father decades ago. This is called “familial DNA”, like father/son, mother/daughter or twins.

However the son was obviously much too young to commit the crimes that his father did in the 80’s, so detectives searched out his social network and on a hunch determined his father would more than likely be the closest match to the sons DNA. Based on where dad lived in proximity to the murders, dad fit the killer’s profile.

Detectives followed the father to a pizza restaurant and let him finish up then went in and grabbed a few hunks of crust and a drinking glass and did a DNA test on it and they found their match.

Raise your glass to science!!

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense and rape prevention on NBC Boston. Disclosures.

Taking Responsibility for Personal Security

The local police generally (for the most part) do not prevent burglaries or assaults. But they do (hopefully) arrest those who perpetrate these crimes. Crime prevention goes way beyond installing a home security system or locking your doors or putting your lights on timers.

Personal security and crime prevention begins with you. It starts with taking responsibility for your little corner of the earth whether at home or on the streets and taking decisive action to prevent being victimized.

Civilized conditioning has impeded our ability to take responsibility.

Civilized conditioning is a double edged sword. On one hand it prevents us from being physical with another person unnecessarily, but on the other hand it prevents us from being physical with another person necessarily to protecting ourselves.

You have been taught all of your life not to hurt another human being and that’s a good thing. From birth we are told to be kind to one another and have manners.

This cultural conditioning allows us to get along in a civilized society but it also puts us in a mode where we do nothing to protect ourselves and think it’s the police that should.

You know bad things happen every day. We are all well aware there are some people out there who are considered un-civilized. These are people who don’t share the same boundaries you and I do. As a result we need to take responsibility.

Invest in a home security system: It’s your responsibility to look out for yourself and your family and make sure your home is safe and secure.

Take a self defense class: There are numerous options to learn self defense in books, videos, online and via local classes.

Teach your kids self defense: A child as young as 5 is perfectly capable of absorbing life saving techniques.

Teach responsibility: It’s not enough to rely on a government or others in authority to protect us. We must invest in ourselves and realizes “if it’s to be, it’s up to me.”

Robert Siciliano personal and home security specialist to Home Security Source

Choosing an Enterprise eBanking Security Solution

In Gemalto’s eBanking Security Guide, a question is asked: “Banking is changing, are you?”

Banking is a changing business. Since the early 1980’s banking has been going digital and moving online. During the last 10 years, we’ve seen a major shift in the services offered and the behavior of customers.

Gemalto’s Senior Vice President of online banking, Hakan Nordfjell, says, “Secure and convenient eBanking is a key factor in the future of banking.”

The convenience of online banking is what makes it so vulnerable to security threats. And in order to prevent fraud, online banking security must be convenient.

Recent technological advances have been vast and rapid. But after 15 years, online banking remains relatively immature, and this immaturity is reflected in a sometimes-inadequate security posture. You’re ebank is part of your business strategy, ebanking has security issues, therefore security should be a part of your business strategy too.

The security solution you choose should not merely function: it should contribute to realizing that strategy. You might want to offer other online security services remotely associated with people being able to identify themselves. Address change notifications, contract signing and more.

Experience shows that a reliable security solution opens up new business opportunities.

Today we worry about malware, spyware, root kits, phishing, social engineering, and a multitude of scams resulting in account takeover, new account fraud, and identity theft. It’s been less than a decade since the widespread use of broadband Internet took online commerce mainstream, and losses resulting from cyber fraud have already topped a trillion dollars.

Enterprises under siege by criminal hackers need qualified professionals to help plan and develop online banking solutions and to ensure that client information is secure.

These professionals know that most security problems are easily solved, but solutions often sacrifice a certain degree of user friendliness. Securing a system as thoroughly as possible would place unreasonable expectations on customers, demanding that they jump through too many hoops to make a purchase.

The ideal system design finds a happy medium, and incorporates functionality, appearance, and scalability.

When launching any security solution, explain to your customers why the change is necessary, and strive to make changes appealing for users. Be sure that your customer support is adequately prepared. Provide clear information and, if possible, allow customers to select which device to use.

When choosing a security solution for your business, consider a resource that offers more than standalone security technology. A real solution takes future needs and potential threats into account, and, crucially, offers a positive user experience.

Visit www.ebankingsecurity.net to learn how to enhance the security of your online banking system.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

Securing a Home with Automation

You know how much you love to and rely on controlling your TV from your couch? I’m a little dumfounded when I can’t find the remote. And by the time I do, I could have easily changed the channel and found what I was looking for, but the process just isn’t the same without the remote control. The operative word in “remote control” is “control”.  While remote certainly is the benefit, it is control that adds to the experience.

Let me say this another way. Yes you can stand in front of your TV and switch channels, but you will quickly get bored and settle for something you may not want. Where-as with the remote, you have a whole different level of control that lets you jump around and handle the TV and the entertainment experience in another more satisfactory way. We wonder how people ever functioned without a remote. Actually, that’s easy to answer. There were less than 20 channels. People watched maybe 4 of them. So there weren’t many options. It was easier back then to be content.

Today we have so many functions within our homes that it seems primitive that many don’t have the ability to control them from one place whether remotely or within the home. Automated systems and remote security systems like ADT Pulse™ and ADT Pulse™ for business allow homeowners or operators of a business to control a building’s key functions without even having to be present.

Get control over:

Home Security systems

Video monitoring

Heating and cooling systems

Lights

Automated alerts: your homes automation and home security monitoring can send calls, texts and emails to your mobile or work email letting you know if there’s beam an attempted burglary, or even if a pipe bursts.

Increase your homes security and save time, money and enjoy the conveniences of remotely controlling your home.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News. Disclosures

Teacher Bit by Social Media Identity Theft on Twitter

Here’s an identity theft story you’ll love to hate.

In Panama City Florida a local and respected teachers’ identity was used to create a fake Twitter profile which spouted off derogatory comments about autistic students. The teacher works with special needs students and had no idea this was going on until she was informed by officials questioning her and the profile.

The Twitter profile included the teachers name, photo, and town along with the derogatory comments. People all over the world started contacting locals officials demanding her ouster after they saw what “she” was writing.

When this came to the attention of the school they immediately brought her in for questioning to determine if she was the author. Their initial questioning led them to believe she was not the author; however they made her bring in her laptop and examined her hard drive for further investigation.

As I’ve said before, identity theft is the only crime I can think of where you are guilty until proven innocent.  Once something like this happens it can quickly and easily damage your reputation.

Online Security Tips:

Right now grab your name on all the popular social media sites. Sign up for every one of them even if you don’t intend on using them. If your name is gone use a hyphen or a dash. For free search over 500 popular social networks and over 200 domain names to instantly secure your brand across the social web at Knowem.com.

Set up Google Alerts to determine of your name is being used online. You want to instantly know if someone is using your name for any reason.

The worst thing you can do is nothing. Sitting back and just letting someone use your name can damage your brand, YOU.

Robert Siciliano personal and home security specialist to Home Security Source discussing social media identity theft on Fox Boston. Disclosures.

Burglars Pose As Doctors, Victims Take Pills

There is unfortunately no limit to how naïve (and stupid) and vulnerable the public is to the evil (and creative) criminal mind when it comes to home security and burglary.

I haven’t seen reports of this happening in the US, yet, but in Turkey which is somewhere over there, burglars are actually donning white coats, and stethoscopes and knocking on peoples doors to burglarize them. They begin to use a ruse that may involve instantly reducing high blood pressure or another ruse conning the victim into ingesting a heavy sedative knocking them out.

Humans need to be led. Meaning we need leaders such as Presidents, Dictators, Prime Ministers, Generals, Police, Teachers etc. We need authoritarian figures to tell us what to do. Otherwise many of us would be wandering around bumping into walls (visualize that!).

Criminals know that we bow to authority so they pose as police, fire, inspectors, and DOCTORS.

The Turkish police were so alarmed by this trend they set out to test the public with their own “pose as a doctor” scam with a placebo pill in hand and got an astounding 86 percent of people to take the pills!!!

Can you say OMG!?!?

In other parts of Turkey the police tested people at apartment complexes to see what kind of apartment security systems may be in place. Most buildings have some form of intercom with a buzz-in system to let people in. But when the police would randomly select an apartment number and the person responded, the cops would state “I’m a burglar please open the door” Ands of course the police were amazed that every time they tried this, someone at the building would eventually let them in.

Come on people, I’m trying here. Is anyone listening?

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse on Fox News. Disclosures