Trust: A Rare Commodity Online

People lie when they set up online dating profiles, they lie when they put up fake social media profiles, and they lie to the innocent victims of their scams.

Banks and retailers know better than anyone that people lie. There are countless scenarios and justifications, but people who lie invariably do it in order to get something.

In general, we strive to be a kind and civil species. We trust by default. We want to be helpful and accommodating. We don’t want to believe that people lie, but they do.

Dishonesty poses a challenge to banks and retailers in the form of theft. Theft is a big problem on the Internet, and any online business knows that they can’t afford to trust you, regardless of how honest you may be.

The Federal Financial Institutions Examination Council recently instructed both retailers and banks to enhance their security procedures, in response to the increasingly creative lies concocted by scammers.

One of those FFIEC recommendations involves incorporating complex device identification. This means that banks and retailers should adopt technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once the device is identified, knowing the device’s reputation is where it really gets interesting. Is it acting suspicious or is it a known device that has been used in a fraud ring, in money laundering, or has been attempting account takeovers?  Knowing the device’s reputation lets businesses know ahead of time who they can trust online.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures


Beware of Robo-Call Scams

While out for an evening with friends talking about everything under the sun, including security, which I’m obsessed with – and people often quiz me anyways, my mobile rang from an “unknown” number. The caller, a computer, stated “Hello, this is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.” Eastern Bank is local to me.

This is hilarious because I don’t have an Eastern Bank account and I’m in the middle of a conversation with someone about identity theft. So I immediately put my phone on speaker and played the message for everyone who proceeds to look at me and then ask “whats wrong with your Mastercard?” While I’m laughing at the call, they are concerned about my card, not initially realizing this is a scam. No longer funny, this saddens me because these are intelligent people who could easily get bit by this crime.

So I had to explain that this is a “Robo-call scam” where scammers simply use free technology to call thousands of random people by telling a computer to call 555-1212 then 555-1213 in sequential order. Eventually someone is going to press 1 and enter all their credit card information and end up being compromised

I did a little research and Eastern Bank posted this warning that anyone from any bank should heed:

Notice of Fraudulent Phone Calls
Eastern Bank has been made aware that customers, as well as non-customers, are receiving automated calls on their cell phones with the following message:

“This is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.”

The recording then instructs the individual to enter their debit card number. There may also be a variation of this phone call that references other banks or asks the customer to enter their debit card number in order to activate it.

Please hang up and do not press 1.

Please be advised that these calls are a scam and are not being made by Eastern Bank.  This is a phishing attempt by criminals to obtain your personal account information.  Never provide your debit card number or any other private information in response to an unsolicited phone call or email.

REMEMBER: Eastern Bank will NEVER ask you for any private information (such as account numbers, passwords, Social Security numbers) through an unsolicited email or phone call.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Daylight Back to Back Burglaries In Same Town

Most people think that burglaries happen at night, in the dark when burglars can creep undetected. But the reality is most burglaries happen during the day when you are at work. Burglars work too, in the day, 9-5, like you. This is why a home security alarm is so important.

In Warwick Rhode Island police are on the lookout for someone who forced their way into two homes that apparently didn’t have home security systems. Why in 2011 someone doesn’t have an alarm that sends a shrieking siren and calls the police is just mind boggling to me. Anyway the burglars apparently spent a significant amount of time there because they turned everything upside down and were able to steal “large quantities of jewelry, laptops and other electronic equipment from the properties.”

The statement “large quantities of jewelery, laptops and other electronic equipment” is further distressing because these people were naïve enough to believe they wouldn’t be targeted and didn’t even have the sensibility to get a safe!

In one instance the burglars broke a window near a door and were able to reach inside and get a key that was in the lock! Anyone that has a door surrounded by glass should invest in a window film glass protecting product called “Shattergard” that makes it difficult for a bad guy to simply break a window and reach in.

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News. Disclosures

Think You’re Protected? Think Again!

In 1990, when only the government and a number of universities were using the Internet, there were 357 unique pieces of malware. The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC or opening an infected email attachment. That was the anti-virus era.

The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era.

Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. And as big companies get better at locking down their software and protecting their data, criminals are targeting the little guy. Ordinary citizens’ every day digital lives are at risk via infected web pages, instant messaging, phishing, Smartphone viruses, text message scams and now hackers are targeting Macs in a big way.

In the past 20 years, e-commerce and social media have taken over. The numbers behind the explosive growth of cybercrime are astounding. In a little over two decades, we’ve gone from less than 500 pieces of malware to over 55 million annually. Cybercrime has evolved from nothing to a multibillion-dollar industry.

In 1995, 8069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands.

In 2000, 56,342 unique pieces of malware were detected, mostly on PCs, but some began spreading to Macs. Then smartphones got the Cabir virus. The “I Love You” worm slithered its way onto millions of PCs, and the MyDoom worm slowed down the entire Internet by 10%, resulting in loses totaling 38 billion dollars.

In 2005, 164,000 unique pieces of malware were detected, including the first virus for Mac OS X and another 83 mobile viruses. 57 million U.S. adults fell for phishing scams via 17,877 different spoof websites. 80% of all email was spam. The Conficker worm, Zeus Trojan, Koobface, Applescript.THT, Storm botnet, and Ikee iPhone virus all made their debuts this year.

By 2010, 54 million unique pieces of malware were spreading to tablets, too. More than 90% of all email was spam. 27% of teens infected their families’ PCs with viruses in 2010. Almost 420,000 phishing sites were discovered. OpinionSpy, Boonana, and MacDefender infected Macs. Hackers commandeered Skype’s instant messaging service to deliver malware. The Gemini and Zitmo Trojans gathered location data and stole financial transaction information.

But if that’s not enough. In 2010, more than three million malicious websites were created, any one of which could infect your computer.

The question is are you protected? Are you using some free download by an unknown company to protect yourself? Or do you have a comprehensive multi layer approach to digital security protecting all your devices?

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)


Check out this video to learn more about: The History of Malware








Social Web Loaded With Profile Misrepresentation

“Social fakes” are invented profiles on social media (often referred to as profile misrepresentation), which can be used to harass or mock victims anonymously. But the more lucrative fake profile is one that imitates a legitimate business, damaging that business’s online reputation.

The imposters’ ultimate goal? Spam leading to scams.

Social-web security provider Impermium published the results of their recent analysis of the cost of social spam. “Online ID signup fraud” is an emerging trend, with fraudulent accounts ranging from a low of 5% to 40% of users. “Scammers are registering accounts by the millions as they perpetrate fake “friend requests,” deceptive tweets, and the like, while the black market for bulk social networking accounts is growing exponentially.”

They also warned about social web abuse, describing current “sleeper cells” as “a ticking time bomb.” Last month, more than 30,000 fraudulent accounts coordinated an attack, in which attackers submitted more than 475,000 malicious wall posts in one hour. According to Impermium, “Even accounts you’ve had for years could be lying in wait for just the right moment.”

Multiple issues stem from fake accounts, such as brand damage for both the website and its users, scams being perpetrated on existing or potential customers, and for social networking websites, an inflated, incorrect summation of active subscribers—to name a few.

Social media sites can use iovation’s device reputation service to help identify fraudsters at account setup.  When a device (or related group of devices) signs up for more than your allotted number of accounts, you can receive alerts on this behavior.  When multiple countries are logging into the same accounts within a specified timeframe, you can set alerts on this activity. When users are constantly changing their device attributes between multiple online registrations (to look like new, legitimate consumers), you can know this immediately—and automatically deny the new accounts outright or send them to your fraud review queue.  If 1,000 accounts were just set up from the same machine, one after another, wouldn’t you want to know that while it’s happening so you can do something before the scams start?

Rather than relying on information provided by the user, which may not be honest or accurate, device reputation technology goes deeper, identifying the computer being used to register an account. This exposes negative behaviors right away, allowing a website operator to deny access to threatening accounts before your business reputation is damaged and your users are abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses hackers hacking social media on Fox Boston. Disclosures

Burglar Hits 60 Houses in 60 Days

Police in Morristown NJ have a prime suspect in mind which they call an “opportunist”. Sometimes the burglar breaks in by using a crowbar or breaking a window but mostly he just goes in through an unlocked door or window.

He’s going after the standard gold jewelry and laptops, stuff that’s easy to fence.

But what makes this story so interesting is the police know who he is but can’t arrest him.  The police Chief was quoted saying “This is a person who knows video surveillance very well and knows technology very well, and he does this for a living and he doesn’t want to get caught.”

The neighbors were quoted as saying stuff like “we never see a police car around” etc and the police respond by saying “the government can’t do everything anymore, the chief said. “We simply need more help from the communities we serve. Most of it is eyes and ears, and picking up the phone.”

The Chief suggested everyone pay attention and even start a neighborhood watch.

Readers of these posts know I’m all about taking personal responsibility. And while law enforcements role is to serve and protect, it is impossible to have a police car parked in every driveway. The fact that this neighborhood doesn’t even have a neighborhood watch in place is telling. These are people who simply aren’t proactive. Windows and doors are unlocked, and it seems residents don’t have home security alarms either.

But I’ll be they are installing them now.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures


Check Out These Hurricane Prep Apps

Hurricane Irene whacked the east coast over two weeks ago and people are still pumping out. Roads are still messed up and life has changed for many. My property was in the path, although she went a little west of me so I was spared any damage.

But if she did head a little east I was prepared. What helped me prepare was technology. For almost a week I had sms text messages coming into my iPhone via iMapWeather Radio.

iMapWeather Radio 9.99: only app offering critical voice and text alerts on life-threatening weather events. Your iPhone will “wake up” and also “follow you” with alerts wherever you go. Listen with ease to local weather forecasts while you are on the move. Enjoy the power of a Weather Radio, with all the convenience and precision of a smart phone.

The Weather Channel FREE: Looking for the most accurate weather information available? The Weather Channel’s staff of 200+ meteorologists, along with our patented ultra-local TruPoint(sm) weather technology, allow to provide you with the weather tools you need to plan your day, week, or even the next hour.

National Weather Service’s National Hurricane Center FREE: isn’t an app at all. But it is the source of all apps information. You can go to the site and save the link as “Add to Home Screen”.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on NBC Boston. Disclosures.

Study Shows Banks Blocking More Fraud

Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues. Its members include Citi, Prudential, Bank of America, JPMorgan Chase, Goldman Sachs and Wells Fargo, among others.”

Account takeover occurs when thieves infiltrate your existing bank or credit card account and siphon out your money. This typically occurs after your account has been hacked or your credit card or personal identity has been stolen.

21 of the institutions polled reported a total of 108 commercial account takeovers during the first six months of 2010, compared to 86 for the full year of 2009.

In 2010, 36% of fraud attempts were successfully thwarted, whereas 2009, fraud was only prevented 20% of the time.

I have previously referenced a report from Javelin Strategy: “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

Unfortunately, FS-ISAC’s study failed to disclose what methods were used to thwart the account takeovers. Many financial institutions are protecting their users and themselves by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses discussesonline banking security on CBS Boston. Disclosures


Nicolas Cage’s First Hand Home Invasion Experience


Apparently Nicolas Cage at one time didn’t believe in home security systems. He recently filmed a movie called “Trespass” about thieves’ who con their way into the opulent mansion where Cage’s character lives with his unhappy wife (played by Nicole Kidman) and their daughter, Reuters reports. The tagline for the title is: “When terror is at your door, you can run, or you can fight.” I recommend running.

Cage was quoted saying “It was two in the morning. I was living in Orange County at the time and was asleep with my wife. My two-year old at the time was in another room. I opened my eyes and there was a naked man wearing my leather jacket eating a Fudgesicle in front of my bed,” he told reporters. “I know it sounds funny … but it was horrifying.”

Doesn’t sound funny to me at all. Luckily the man was capable of being talked to and Cage talked him out of the house. Police arrived and arrested him. The man was relatively harmless, he was mentally ill.

Cage was also quoted saying that after the incident he could no longer stay in that home and has since moved.

People whose homes are burglarized or homes invaded often feel a constant sense of un-ease in a home that has been violated like that. Your home is your castle and is supposed to be a place of relief, solitude, safety and security from the sometimes big, bad, ugly, world. When it’s “soiled” like that, the stink never goes away.

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News. Disclosures

Celine Dions Burglar Takes a Bath

The burglar apparently sauntered up her driveway and jiggled the door of an unlocked car in the driveway. The door was open and of course the keys were in the ignition along with the garage door opener.

This was all the burglar needed to open the door, head inside and make himself a tasty snack (pastries, I love pastry, I’m Italian you know.). Meanwhile as he’s munching away he drew himself a nice warm bubble bath. I’ll bet Celine Dion has nice bubbles and a nicer bath. Must be as big as my whole first floor.

Celine actually had a home alarm, but apparently it doesn’t have a siren, I don’t know. Or maybe the burglar was hard of hearing.

A monitored home security system can be as little as $99.00 installed then a dollar a day for monitoring. Celine Dion probably makes $99.00 in a matter of seconds when she’s headlining and performing at the Coliseum at Caesars Palace in Las Vegas.

For the short money that a home alarm costs, she should have one that has a siren. Ya think?

Fortunately for the Dion’s, they were traveling. If you travel away from your home:

  • Don’t leave your keys in your unlocked car in your driveway.
  • Use timers on indoor and outdoor lights.
  • Let a trusted neighbor and the police know you are traveling.
  • Unplug garage door openers.
  • If grass is still growing where you live and if you’re gone for a bit have a landscaper mow your lawn.
  • Don’t share your travel plans on social media or on a voicemail outgoing message.
  • Lock everything of significant value in a safe.
  • Invest in a home security camera system and home security alarm system.

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News Live. Disclosures