5 Tips to Avoid bin Laden Scams

After Osama bin Ladens Death a flurry of internet scams hit the internet. Most notably scam emails with links to pictures, videos and phony Facebook messages with links to videos that don’t exist.

When clicking these links your PC can be infected with a RAT which is a remote access Trojan and all your information may end up in the hands of a criminal.

Bottom Line: Be wary of any unsolicited messages that claim to have news on bin Laden, and never click on links or attachments included in these messages.

Tips to Avoid Becoming a Victim:

1)    Never download or click anything from an unknown source. If you really think your friend is sending you a video clip, double-check with the friend to be sure before you click on the link.

2)    Before clicking on any links related to the news, check to see that the address is going to a well-established site. If it is a shortened URL, use a URL preview tool such as http://hugeurl.com/, to make sure it is safe to click on.

3)    The most common threats are links to spam and malware. Buy consumer security software from a reputable, well known vendor, such as McAfee, and make sure the suite includes anti-virus, anti-spyware, anti-spam, anti-phishing, a two-way firewall, and a website safety advisor to stay protected against newly discovered malware and spam.

4)    If your social media account has been compromised, change your password immediately and delete all dangerous messages and links. Also, let your friends know that your account could be sending them spam in your name.

5)    Contact the Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.

To sign up to receive alerts by email, please visit: http://home.mcafee.com/consumer-threats-signup. To see if your machine has been infected, scan your computer for free using McAfee Security Scan Plus: http://us.mcafee.com/root/mfs/default.asp?cid= 9913

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Spring Is In The Air (And So Are Dating Scams)

Despite the recession, online dating and matchmaking services are becoming increasingly popular. More than ever before, people are looking for love online.

Like a roller coaster, online dating can be fun and exciting, or it can be nauseating. Most dating veterans have been there, done that, with a few regrets and lots of lessons learned. While you may have already experienced a lot, you have yet to see it all.

It’s essential to be able to distinguish a conscious, healthy search for a mate from one that is potentially destructive.

Water seeks its own level, as the saying goes, which means that unhealthy and insecure people tend to find one another, which leads to destructive relationships. What’s worse is that insecure people are often unconsciously drawn to dangerous and sometimes violent mates.

Emotionally healthy, mindful people refuse to settle for unsuitable mates. People who are secure and self-aware tend to be more capable of recognizing threats to their personal security. When a person or situation triggers their suspicions, they trust their instincts and remove themselves from potential danger, cutting their losses and chalking it up to a learning experience.

Scammers take advantage of the insecure by telling them what they want to hear. They often mirror the tone and demeanor of the person with whom they are communicating. Beware of anyone who seems to echo who you are and what you want.

If more dating websites incorporated device reputation management to check for suspicious computer history, and investigated the behavioral characteristics consistent with fraudulent use, they’d be able to deny criminals the first time they tried to sign up.

If you use an online dating service, be on guard for scams. Stick to legitimate, well-known websites, and get referrals from friends who have successfully met romantic partners online.

When creating your dating profile, take care to consider the image you want to project. Never post personal information, including your full name, address, or phone number.

To vet potential dates, check whether the information in their online dating profiles matches other information available online.

If a potential date asks you for a loan or any financial information, immediately report them to the dating website.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating safely on The Tyra Show. (Disclosures)

Top 5 Business Security Risks

1. Data Breaches: Businesses suffer most often from data breaches, making up 35% of total breaches. Medical and healthcare services are also frequent targets, accounting for 29.1% of breaches. Government and military make up 16.2%, banking, credit, and financial services account for 10.5%, and 9.2% of breaches occur in educational institutes.

Even if you protect your PC and keep your critical security patches and antivirus definitions updated, there is always the possibility that your bank or credit card company may be hacked, and your sensitive data sold for the purposes of identity theft.

2. Social Engineering: This is the act of manipulating people into taking certain actions or disclosing sensitive information. It’s essentially a fancier, more technical form of lying.

At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information. All five holdouts were women who gave up zero data to the social engineers.

3. Failure to Log Out: Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and, once selected, will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

4. Inside Jobs: With millions losing jobs, there are many opportunities for an insider to plug in a thumb drive and steal client data or other proprietary information. Networks are like candy bars, hard on the outside, soft and chewy on the inside. Insiders who fear layoffs may be easily tempted to use their access to profit while they have the chance.

5. Fraudulent Accounts: Many businesses lay claim to thousands or millions of members or clients who have access to web-based accounts. No matter the nature of the business, social network, dating site, gaming site, or even bank or retailer, some percentage of the accounts are ongoing instigators and repositories for fraud. Troublemaker accounts infect the overall stability of any organization, and flushing them out is essential.

One anti-fraud service getting lots of attention for protecting online businesses from crime and abuse is ReputationManager 360 by iovation Inc. The service is used by hundreds of online businesses to prevent fraud by deeply analyzing the computer, smartphone, or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

Predators Using Social Media to Stalk Kids

All the advice one hears when told how to keep your kids safe on the internet from your home computer goes out the window when a mobile phone and other portable devices are introduced into the child’s life.

The sage advice was to put a PC in the living room and monitor your kids activity. Today that becomes impossible when there are tablets, iPads, mobile phones, laptops, online games and webcams. All these technologies provide new opportunities for the bad guy.

Child predators are often those who gravitate towards trusted positions in society where they have direct access to kids. Others hang out in Internet chat rooms and slowly groom their victims. Now many of them are on hundreds of different social networks.

In 2010 the CyberTipline received more than 223,000 reports of nefarious online behavior.“The increase in the number of reports of child pornography and online sexual solicitation of children is alarming,” said Ernie Allen, President & CEO of NCMEC.  “The child pornography images we are receiving are becoming more violent and the victims much younger.  We are even seeing infants being sexually abused.”

With the openness of social media, predators know what a kid likes, doesn’t like, who their friends are, and often their phone numbers, where they live, go to school, sports teams they play on etc. The list goes on and on.

Many of today’s social media sites are also incorporating location based services which allow the user to broadcast their location via a Smartphone or their home. Pictures and status updates can be tagged with relatively accurate positions giving way to much information for the criminal.

MissingKids.com suggests Allowing kids to go online without supervision or ground rules is like allowing them to explore a major metropolitan area by themselves. The Internet, like a city, offers an enormous array of entertainment and educational resources but also presents some potential risks. Kids need help navigating this world.

Robert Siciliano personal and home security specialist to Home Security Source discussing Internet Predators on Fox Boston.

How Important is Cyberspace

Cyberspace has become as essential to the function of daily modern life as we know it, as blood is to the function of our bodies. And I don’t believe that’s an overstatement. If the Internet suddenly vanished, there would be deaths as a result.

Our dependency on the Internet has long since passed the point of turning back, and I think we’ve made a mistake in that approach. Fortunately, it’s extremely unlikely that the Internet will go down entirely.

The U.S. and most other developed countries are thoroughly electrically and digitally dependent. Critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied.

Wired op-ed by Deputy Secretary of Homeland Security Jane Holl Lute and Bruce McConnell, a Senior Counselor at the department, points out that no single individual or entity has the capacity to protect the Internet, not would we want to rely on one entity. They stress the necessity of collaboration among, private citizens, corporations, and government.

The most important part:

While America is deeply reliant on cyberspace, the health of this critical ecosystem is itself a work in progress. Indeed, tomorrow’s threats and defensive capabilities have probably not yet been invented. Government must engage: to secure government systems, assist the private sector in securing itself, enforce the law, and lay the policy foundation for future success. Where industry lags, policy change can incentivize key actions. Today’s environment does not, for example, adequately incentivize companies to write secure software. This must change.”

What this is saying is, essentially, “This ain’t no dress rehearsal.” This is the time to act, particularly for those companies that are engaged in commerce or in support of our critical infrastructures.

Robert Siciliano, personal security expert contributor to iovation, discusses the possibility of an Internet crash on Fox Boston. (Disclosures)

Most Unwanted Criminals: Dumpster Divers, Sly Spies, and War Drivers

There is no shortage of bad guys, identity thieves, and hackers trying to separate you from your money. They range from previously discussed pickpockets, Trojan viruses, and ATM skimmers to dumpster divers, spies, and wireless hackers.

Dumpster Diver Dan is a liar who poses as a garbage man and turns trash into cash. Dan dives into dumpsters and trashcans seeking financial statements, credit card applications, and any other personally identifiable information he can piece together. Once the puzzle is complete, he may have enough data to take over existing accounts or create new ones in your name.

Invest in a quality crosscut shredder and shred everything with any information that can be used against you.  Names, account numbers, statements etc. Consider turning off paper statements and going entirely digital. Invest in identity protection, too, because even if you shred sensitive documents, your accountant, school, or doctor may toss your data in the trash.

Sly Spy the Silver Fox may pretend to be a free Wi-Fi hot spot, acting as an “evil twin,” providing wireless Internet access through her laptop while sniffing your account information, logins, and personal data. If you have file sharing turned on, she can browse your PC’s folders and files, and even plant a malicious program that gives her backdoor access whenever you connect to the web in the future.

Never choose an “ad-hoc” computer-to-computer wireless network that may imitate a legitimate wireless connection. It’s best to invest in a cell-based Internet, requiring a username and password. Always wait until you’re on a secure network before doing any banking or shopping. And turn off file sharing whenever you do connect to a hotspot.

Derek the Driver (as in war driver) navigates your neighborhood and local office parks on foot or in a car, seeking out unprotected, unsecured wireless connections to exploit. He hops on your Internet and looks through your data. Worse, he can use your Internet connection and your IP address to conduct illegal activities like downloading child porn, sending spam, or launching hack attacks. It gets scary when the law knocks on your door, blaming you for what a war driver did using your Internet connection.

Learn how to secure your wireless Internet connection at www.McAfee.com/wireless. It is important to observe basic security precautions to protect your identity. However, the safety of your information with corporations and other entities that you transact business with is very often beyond your control. Consumers should consider a McAfee Identity Protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com. (Disclosures)

Don’t Forget About Garage Security

When you think about home security you may not think about garage security because you don’t actually live it in. But a garage is often one of the best ways for the bad guy to break into your home, especially if it’s an attached garage.

Criminals scope out the exterior and seek the path of least resistance. If the garage has an entrance door and a garage door they will determine which is easiest to compromise.

An entrance door that has small windows is easily compromised when a little window near a door lock is smashed and the burglar reaches their hand through and opens the door.

Once they are in the garage they have access to the interior door which is often unlocked. I’ve seen footage of burglars breaking into a garage and using the homeowners own chainsaw to cut through a door or wall to gain access to the home. This method won’t trigger any interior door alarm sensors because the door is never opened.

Garage doors are easy to break into with a coat hanger as demonstrated in this video on YouTube. Another way would simply be to drill a hole thru the door and slide a coat hanger in pulling down on the emergency pull cord.

Both of these tactics can be remedied by installing a zip tie as demonstrated in this YouTube video.

In my garage my home security system includes a sensor on the door, so if the door is opened the alarm goes off. There is also a motion sensor in the garage so if all else fails the motion sensor picks up movement. And to document anything happening there is a home security camera connected to my ADT Pulse system.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse on Fox News.

Another Reason To Secure Your WiFi

Sounds crazy but in every presentation I do I stress the importance of making sure your wireless connection is secured to prevent sex offender neighbors or whackos parked in front of your home or business from surfing for child porn and downloading it to your PC or theirs via your internet connection.

The AP reports in Buffalo NY “Lying on his family room floor with assault weapons trained on him, shouts of “pedophile!” and “pornographer!” stinging like his fresh cuts and bruises, the Buffalo homeowner didn’t need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.”

Guys wireless got jacked by a child pornographer.

Once a predator uses your Internet connection to go to into the bowels of the web, your Internet Protocol (IP) address, which is connected to your ISP billing address, is now considered one that is owned by a criminal. If law enforcement happens to be chatting with that person, who’s using your Internet connection to trade lurid child porn, then someone may eventually knock on your door at 3 AM with a battering ram. Hackers can use a virus to crack your network and gain remote control access, and then store child porn on your hard drive.

This is the kind of “breach” that can cost you thousands in legal fees, your marriage, relationships, your job, and your standing in society.

Anyone using an open unsecured network risks exposing their data or having it used as a portal for committing crimes over the web. There are many ways  for a bad guy to see who’s connected on wireless and to gain access to their information.

When setting up a wireless router, there are two suggested security protocol options. WiFi Protected Access (WPA and WPA2) which is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy.

Follow your routers instructions to set up its security or find yourself a 14 year old to do it for you.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

McAfee’s Most Unwanted Identity Theft Criminals

McAfee has created a tongue-in-cheek list of the most unwanted identity thieves, describing the various techniques thieves use to steal your information. It’s clever and, unfortunately, very real.

Pauly the Pickpocket & Sally Sticky Fingers work as a team to lift wallets and mobile devices from pockets and purses, often in broad daylight. Sally creates a distraction by dropping a shopping bag, crying for help, or stopping suddenly in your path, and then Pauly bumps into you from behind and picks your pocket.

To avoid having your pocket picked, keep your wallet in your front pocket, or keep your purse closed and hold it in front of you. Thin out your wallet and skip the backpack. Lock your cell phone with a password. And consider investing in McAfee’s Lost Wallet Protection service.

Trojan Sea Biscuit is a two-faced liar who sneaks malicious files into emails and hides viruses in PDFs and other downloadable files. He’s the champion ringleader in the ultimate identity theft derby of phishers, hackers, botmasters, and keyloggers.

To avoid a Trojan infiltration, use comprehensive security software, and be sure it’s set to update automatically. If a popup window prompts you to update software, hit escape or shut down the program. Go directly to the manufacturer’s website for the update.

Tim “The Skim” McCash is known for installing skimming devices and tiny cameras that can read your card data and PIN code. He targets ATMs at banks, concerts, arenas, convenience stores, and gas stations with the goal of draining your account of cash or credit before you or your bank recognizes the fraud.

To avoid having your credit or debit card data skimmed, use the same, familiar ATM whenever possible, and beware of ATMs with devices covering the card slot. Look for external devices like mirrors, brochure holders, or light bars that may hide a camera. Always cover the keypad with your other hand as you enter your PIN. And check your bank and credit card statements online at least once a week.

McAfee, the most trusted name in digital security includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Hackers Cheat a Stock Market Game

Gaming websites, like banks and retailers, are forced to deal with online fraud and other abuses, which cost the industry hundreds of millions of dollars each year.

Many gaming sites have increased efforts to detect suspicious players, but savvy criminals have learned to mask their true identities, changing account information to circumvent conventional methods of fraud detection.

When players conspire to hack one game, they compromise the integrity of the entire website. Other players eventually realize that the deck is rigged against them and that the website’s fundamental security has been compromised. The website becomes useless to honest players, who take their business elsewhere.

Earlier this month, six buses transported online entrepreneurs to Austin for the South by Southwest conference, as part of the Startup Bus project.

As reported by CNET, “The coders and would-be Mark Zuckerbergs [took] part in a high-paced competition” in which they formed teams and competed to come up with “the best, and most viable, tech start-up” during the 48-hour drive to Texas. As it turns out, some “buspreneurs” collaborated (or conspired, depending on your perspective) to create automatic scripts that would effectively stuff the ballot box on behalf of three of the teams.

Elias Bizannes, who founded the Startup Bus project, explained, “The good news is that this exploit is no longer a problem and the fake accounts will be penalized. We’ve identified 1,300 fake accounts, with 900 from the same IP address, so not exactly done smartly by them. It’s a problem not with technology, but identity – which to be honest, is just a problem across the Internet.”

It is increasingly necessary for online gaming sites to deploy more effective security solutions, including analysis of information beyond that which is voluntarily provided by users. By leveraging a device reputation check from services like Oregon-based iovation, gaming websites can reject problem players within a fraction of a second, and avoid further problems from users whose devices are already known to be associated with fraudulent behavior.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another data breach on Good Morning America. (Disclosures)