Protect Your Home This Holiday Season

Burglars are opportunists looking for a score. They case a neighborhood looking for homes that look unoccupied, mailboxes stuffed, news papers piled up, lights off, shades up with a Christmas tree in the window inside with lots of gifts under the tree.

They prefer homes with no signage outside says “This House Is Alarmed” or “Protected By ADT”. Once they determine a valuable target they begin jiggling doorknobs to see which homes aren’t locked.

It’s not uncommon for burglars to walk around the house in broad daylight looking like a contractor, holding a clipboard and in some kind of a uniform. Their goal is to look like they belong there.

The chances of your home getting burglarized are reduced significantly when you put layers of protection in place.

Protect yourself:

Install a home security system and keep it on during the day when you are home or away and especially at night while you are sleeping.

Lock your doors and install good door locks that can’t be easily “bumped”. This generally means spending a little more money and getting advice from a locksmith.

Keep shades down so the bad guy can’t see what you have going on inside.

Put your light on timers to give your home that lived in look.

If you have a garage, pull in the garage when unloading gifts and large purchases

If you travel make sure to have someone collect mail, newspapers and even shovel while you are gone.

Robert Siciliano personal and home security specialist toHome Security Source discussing Home Invasions on Montel Williams. Disclosures

Marketers (and Criminals) Buzz About Mobile Tuesday

Fresh off the most successful Cyber Monday, which turned into a Cyber Week or even a Cyber Month, spanning from mid-November into December, marketers and advertisers are now positioning themselves for a 2012 Mobile Tuesday.

Forbes reports, “Consumers are going mobile in large numbers, and the 2011 holiday season proved it. IBM Coremetrics recently reported that consumers increased shopping on smartphones and tablets on Black Friday. Purchases made on mobile devices accounted for 9.8% of online sales, which is up 3.2% from last year. GSI announced a 254% increase in US mobile sales on Black Friday. PayPal Mobile announced a 516% increase in global mobile payment volume over last year, and eBay Mobile reported US purchases were nearly two and a half times what they were last year.”

Criminals are paying attention.

The National Cyber Security Alliance and McAfee released a study showing that in the last six months, 50% of Americans have used smartphones to research potential purchases, 27% have used them to shop, 12% have used them to shop at auction websites, specifically, and 18% have used their phones to make online payments.

To stay safe while mobile shopping this holiday season:

1. Keep mobile security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.

Retailers should be aware that criminals aren’t just using desktops to commit fraud, but are also making purchases with stolen credit card information via mobiles and tablets. They should adopt security technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once a device has been identified, its reputation can be assessed in real-time to determine the risk of fraud. Is the device exhibiting suspicious behavior, or it already known to have been used for fraud, money laundering, or account takeovers?

Examining a device’s reputation allows businesses to know which online transactions are trustworthy beforehand, rather than waiting until fraud has already occurred.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Mobile Security on Cyber Monday on Fox Washington. Disclosures

A Sherriff Issues Holiday Crime Prevention Tips

A Florida County Sheriff via The Recorder issued the following tips to prevent holiday crime. I’m going to break them down and shorten them up to keep it concise.

“We are coming up on one of the most festive times of the year for families with the celebration of several holidays. However, joy and fun can quickly turn to disappointment and sorrow when someone becomes a victim of a scam, burglary or online fraudulent holiday shopping scheme.”
Scams: Holiday cyber-crimes including fraudulent auction sites.  

Protect: Do business with known sites. Look for high ratings and user approvals.

Scam: Resale of stolen or counterfeit gift cards

Protect: Only buy gift cards from well established retail environments and immediately check the card balance.

Scam: Reshipping merchandise purchased with stolen credit cards.

Protect: Generally reshipped stolen merchandise is much cheaper when sold online. If it’s too good to be true it’s hot!

Scam: Using an auction site or classified pages to advertise an item at a bargain price and the crook will charge your legitimate credit card for the order then use a separate stolen credit card to purchase the product and have it shipped.

Protect: Pay with PayPal so your credit card number and personal information is not shared with the seller.

Scam: Thieves break into cars in mall parking lots.

Protect: Lock your purchases in the trunk or out-of-site.

Scam: Purse snatchers are looking for easy money.

Protect: Carry purses with the strap going over one shoulder under your coat.

The holidays are a time to enjoy and get together with loved ones. An ounce of prevention can prevent holiday heartache.

Robert Siciliano personal and home security specialist toHome Security Source discussing Home Security on NBC Boston. Disclosures.

Protect From Holiday Phishing Shipping Scams

A common holiday shipping phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer. Often the email asks to download a label and the risk there may be downloading a virus.

Scammers are sending emails that look like they are coming from the United States Postal Office, Fed Ex, UPS, DHL, you name it. The email may state in the subject line there is a problem with delivery and reference a code.

In these emails the scammers are trying various ruses to get you to either download a virus or cough up names, addresses, credit card, bank info and even usernames and passwords.

The scams work because at this time of the year millions of people are getting stuff in the mail and expecting it. Scammers know there is a better chance that you will open an email, click a link, or even make a phone call in response to an official looking communication from a phish email.

It’s pretty simple not to get scammed here. Realize right now that none of these organizations will send you an email requesting more information from you or for you to download something.  And if you are currently engaged in shipping or receiving packages, go through the normal channels you usually do to make contact. Log into your accounts or go to the existing emails you may have to communicate.

Ultimately just hit delete.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

How Much Fraud On Record-Breaking Cyber Monday?

The Washington Post reports that this holiday season, Cyber Monday expanded into an entire week of record-breaking online shopping. From Sunday, November 27 through Saturday, December 3, consumers spent nearly $6 billion over the Internet, a 15% increase over the same week in 2010. During the first 32 days of the November-December holiday season, online spending had already reached $18.7 billion, also a 15% increase from last year.

Which begs the question: when the dust settles, how much of this uptick in online sales will equate to online fraud? It is inevitable that some consumers will detect unauthorized charges on their credit and bank accounts, and many retailers will suffer high chargebacks.

Consumers should seek out and patronize businesses that implement a comprehensive, in-depth approach to protecting customers from identity theft and financial fraud. They should also check credit and banking statements carefully, scrutinize each and every charge, and call their bank or credit card company immediately to refute any unauthorized transactions.

Retailers should consider adding device identification technology to prevent more crime upfront before product ships and stolen credit cards are charged. This emerging technology examines the PC, smartphone, or tablet being used to conduct an online transaction in order to determine whether the device’s characteristics, behavior, and history indicate a high level of risk. The leading provider of device identification and device reputation services is iovation Inc. Take a look at iovation’s stats from Black Friday and Cyber Monday.

Fraud analysts from online retailers around the world interact with iovation’s database of device intelligence daily, and through sharing information and running real-time risk assessments, they block millions of online fraudulent attempts each year.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesCyber Monday on Fox Boston. Disclosures

4 Tips to Prevent Auction Holiday Fraud

Auction fraud refers to fraudulent transactions that take place through auction and classifieds websites.  Either a product advertised may be misrepresented by the seller or the items sold are never delivered at all.

This holiday season, as you seek out hard-to-find gifts and look for the best prices, keep in mind that not everyone out there on the wild, wild web has good intentions.

Auction sites are ground zero for scammers. It’s very easy to set up a free auction page from anywhere in the world, collect people’s money, and run.

Here are four tips to keep you safe when shopping through auction websites.

  1. Use strong passwords: Use complex passwords that are hard to crack but easy to remember. Passwords should include upper and lowercase letters as well as numbers, and, if possible, other characters.
  2. Look out for phishing emails: Any email that appears to have been sent from an auction site should be considered suspect. Certainly there are legitimate communications being sent by eBay and similar sites, but none of them should require a direct email response. To confirm that a communication is legitimate, always go to the website directly via your favorites menu, log into your account normally, and check your “My Messages” folder, rather than clicking any links within the email.
  3. Secure your device: Whether you shop using a tablet, smartphone, PC, or Mac, they all need some form of antivirus protection. At the very least, the operating system should be kept up to date with all the latest security patches. Any website can potentially pose a threat. Never respond to pop-ups that claim your computer or other device has been infected and instruct you to install antivirus software. This is actually “scareware.”
  4. Buy from trusted sources: Some may not like my saying so, but buying from sellers with no track history is risky. If sellers have less than five transactions under their belt, they may be scammers. My rule of thumb is never but from anyone with fewer than ten transactions, and even then I take all their feedback into account before purchasing. If a seller has ten transactions but all those purchases are less than a dollar in value, that seller is still suspect.

Online classified and auction websites can do more to protect legitimate buyers and sellers by identifying fraudsters faster with advanced device identification.  iovation Inc.’s fraud prevention service is called ReputationManager 360 and incorporates device identification, device reputation analysis, and geolocation, velocity, and anomaly checks in its real-time risk profiling. iovation is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computers, smartphones, and tablets being used to connect to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Black Friday/Cyber Monday Scams on Mike and Juliet Show  Disclosures

Beware of Charity Scams This Holiday Season

Hackers, scammers, cons and thieves take advantage of citizens’ generosity by sending e-mails, making phone calls or even setting up shop on a street corner and try to appear to be legitimate charitable organizations. 

Do not donate cash: Anyone asking to come to your home or office and pick up cash is a scammer. Any phone calls or emails received requesting cash or to wire money transfers is a scam.

Be suspect of all emails requesting donations: I would never click on a link in an email, especially short URL’s. Always manually enter the domain name into the address bar. The best thing is to go directly to the organization’s website.

Check with the Better business Bureau: The first thing you should always do prior to making a donation to any charity is to check their credibility with the BBB. Go online to and search out the charity.

Give only to charities, not individuals: Any communication from someone requesting money because of their hardship is an obvious scam. But some people are saps for an emotional sob story. While you may be savvy enough not to fall for these scams, someone in your life who may be naïve could.

Consider giving to the Red Cross: The American Red Cross is the most known and credible organization on the planet for helping out those in despair. Give now and give as much as you can.

Never give out credit card numbers via an unsolicited email.

Never give out PIN or account numbers to anyone for any reason

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

Boosting Healthcare Security with Smart Cards

The Smart Card Alliance has put together a list of frequently asked questions about how smart cards work in a healthcare environment, and provided excellent answers. A smart card resembles a typical credit card, but is embedded with a small microprocessor chip, which makes it “smart.” That chip is a powerful minicomputer that can be programmed in different ways to boost security.

Data and applications can be securely stored and accessed on the chip, enabling secure data exchange. Smart card technology provides high levels of security and privacy protection, making it ideal for handling sensitive information such as identity and personal health information.

One of the frequently asked questions addressed by the Smart Card Alliance is how a smart card-based healthcare ID can help patients. The answer, in part, is that this technology allows medical providers to authenticate patients’ identities. “Accurate identification of each person that receives healthcare” is “the cornerstone of quality medical care and good health systems management.” This benefits patients in several ways, including:

Decreases medical errors. Optimal medical care requires that a healthcare provider have access to all relevant medical history and know what medications have been prescribed. A validated patient identity can be linked to a healthcare organization’s medical records. Using a smart card also allows the storage of patient record numbers

Reduces medical identity theft and fraud. Medical identity theft and fraud is a growing concern to healthcare consumers and providers. Using smart card technology enables the addition of security elements such as a picture, personal identification number (PIN) or biometric (e.g., a fingerprint) so that a lost or stolen healthcare ID card cannot be used or accessed by anyone else. The data kept on the card can also be encrypted so that no one can access your data without your permission.”

You can find more information on smart health cards and the benefits to using them on, but in short, smart card-based technology can help you, as a patient, get better quality healthcare, delivered faster and more cost-effectively. And that’s good for everybody.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How the “National Strategy For Trusted Identities in Cyberspace” Benefits Consumers

In May 2009, the President’s Cyberspace Policy Review called for the development of “a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.”

That “vision and strategy” came to fruition in the form of the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), which calls for an “Identity Ecosystem” that would be “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”

Online anonymity has fueled fraud to the point where billions of dollars are lost every year. As people become less trusting of the Internet, many are pulling back. Methods of authentication that rely on usernames and passwords are broken and ineffective. Viruses infect personal and business PCs and allow criminals to remotely control the infected devices and access sensitive data and accounts.

We need a system that doesn’t grant access based solely on a password. Establishing trusted identities will provide enhanced security, improved privacy, and economic benefits. Ultimately, this system will enable new types of secure transactions, offer more control of personal information, and thwart cybercrime and identity theft.

President Obama explained the thinking behind the White House’s strategy:

“Giving consumers choices for solving these kinds of problems is at the heart of this new strategy. And it is one that relies not on government, but on the private sector, to design the technologies and tools that will help make our identities more secure in cyberspace and to make those tools available to consumers who want them. It asks companies to pursue these solutions in ways that will not impinge on the vitality and dynamism of the web, or force anyone to give up the anonymity they enjoy on the Internet.”

Want more information? You can also hear from Michael Garcia, Cybersecurity Strategist for the Department of Homeland Security on the NSTIC program and its many benefits.

Sounds like a good plan to me. Sign me up!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Keeping Tabs On Your Home When Away

You may have a single family home, second home, or apartment. And no matter what your abode sitchy is, there is no place like home. Whenever I leave, I miss my family, house, and stuff.  When we go on vacation, we are always happy to go home. I hope your sitchy feels the same.

And whenever I leave there is always a discomfort that when I’m not there to guard the castle, I’m concerned that something can go wrong. Mother Nature can make a mess of things with inclement weather, Father Time wears things down and they may break while you are gone, brazen burglars ransack your stuff, tempted teens use your vacated home as a party palace and worse than it all, freaky follies occur like a busted water pipe on the second or third floor completely ruining your home.  Water is big time destructive.

I’ve remedied most of these issues by installed a surveillance system by ADT Pulse on my property. Mine is a little over the top, however it serves as a good guide.

I have 16 surveillance cameras including 8 on the inside and 8 on the outside. Each camera is strategically placed to give me a remote view of each critical access point on the perimeter and on the inside.  There are also cameras in the garage and mechanical room. Each camera is set up to record video whenever there is motion. Each “event” is then sent via text message to alert me to the activity.

In the event that a water pipe lets loose I have water sensors tied directly to the Internet. If the water heater or any water dependant appliance gets all freaky In the kitchen I’ll be alerted via text to the issue.

When I’m home my touchpad’s or PC are alarm central. And when I’m out or away it becomes laptop, iPad or mobile. No matter where I am, I have full access to the goings on of my property.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures