The Consequences of a Teacher’s Facebook Comments

/in /by

We should all know by now that nothing you post on Facebook is private. You may have gone through all the privacy settings to thoroughly lock down your profile, but even so, you can never be sure that your posts will remain hidden. Facebook alters their privacy settings so frequently, you never know when or how the defaults will change. No matter how strict your privacy settings are, accepting a friend request from a stranger (who may be a human resource officer, for example) allows him or her to see your private comments, which can always be easily copied, pasted, and shared with the world.

The New York Post reported, that a Brooklyn NY teacher said some bad stuff regarding her fifth-graders referencing the death of a 12-year-old Harlem school girl who drowned on a class trip.

While on a field trip, the teacher used her Blackberry to post, “After today, I’m thinking the beach is a good trip for my class. I hate their guts.” When a Facebook friend asked, “Wouldn’t you throw a life jacket to little Kwami?” she wrote back, “No, I wouldn’t for a million dollars.”

Yikes!

Normally, this is when I would explain that it is never a good idea to announce to the world how much you hate your boss, neighbor, students’ teachers, or spouse, and that you’d like to boil a bunny on the stove to teach them a lesson. I guarantee that even if you are kidding, someone will be offended. Everything you do on the Internet lasts forever.

However, I’d rather encourage anyone with a position of authority and responsibility for others to please, go ahead and post your feelings, thoughts, and motivations as loudly and as clearly as possible. We want to know who you really are. It’s best that you come out of the closet now, so you can be removed from your position if necessary.

Robert Siciliano personal and home security specialist to Home Security Source discussing sharing too much information online on Fox News. Disclosures.

Fraudulent Credit Applications Starts with the Device

/in /by

When Jim Smith opens a credit card account, he doesn’t have to pay the bill. That’s because Jim Smith is committing new account fraud by using Fred Jones’s name and Social Security number.

All Jim Smith needs is some basic information about Fred Jones, much of which is available in the phonebook, in his trash, in discarded files in the bank’s dumpster, or on social media sites. Maybe Fred also happens to work with Jim, and Jim has direct access to Fred’s files.

Once Jim has Fred’s information, all he has to do is go online with the PC in his cozy office, or head down to the local coffee shop and fire up his iPad, or even fill out a credit card application from his mobile phone.

Scenarios like this one happen all day long across the globe.  Credit issuers are constantly looking for new tools to identify fraudulent applications faster.

Since online credit applicants can fool you with any number of tricks to get approved for credit leaving you holding the bag for losses, instead of verifying identity information on fraudulent applicants, consider verifying the reputation of the device (or computer) being used to submit the application in the first place. When a fraudster connects to your business, the computer being used can be evaluated in a fraction of a second for its risky intentions.

If you know the device being used is a known fraudster, you don’t have to spend the time, resources, and money running other fraud checks such as verifying identity information.  You know the source is suspect and you can block the transaction upfront. Device fingerprinting coupled with the device’s reputation and risk profile helps identify the bad guys in the acquisition channel, so you don’t have to rely on other fraud detection tools that drive up the cost to decision an application.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

Three Dead and One Shot in Home Invasion

/in /by

Not all home invaders invade to steal. Some are simply mentally ill and violent and seek a victim or in this case, victims. Here is an unfortunate example of why you should have a home alarm system and security cameras.

Imagine living into your 80’s only to be taken down by the neighbor from down the street in a fit of rage. With no signs of forced entry the 27 year old with a history of mental illness committed a random act of violence by stabbing a husband, wife and their son before being shot and killed by the son.

Apparently the son had come home to his parent’s home and walked in on the stabbing. He quickly ran upstairs and grabbed a gun and shot the suspect a bunch of times.

There were no signs of forced entry where the attack occurred. Investigators found one unlocked door between the garage entry and main house.

I’ve seen studies published declaring as much as 50% of all people suffer some form of mental illness. Not all are violent, but the ones who are, are all around us. For your own safety, develop a personal security mindset. This means thinking proactively by asking “what if” questions and visualizing possibilities. By predicting and then preventing bad things from happening, you are actively involved in your personal security and that of your families.

When you do this, develop a strategy to that ensures your families security. Lock your windows, bolt your doors and install a home security system.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News Live. Disclosures

ATM Scammers’ New Tactic: Glue

/in /by

You can almost hear the scammers’ “Eureka!” moment in their evil dungeon lair: “We don’t need no stinking $5000 high-tech remote access Russian-built skimmer – we just need Elmer’s!” And then a crime is committed and history is made.

The San Francisco Examiner reported, “thieves glued down the ‘enter,’ ‘cancel’ and ‘clear’ buttons on the keypad and wait until the customer goes into the bank for help before withdrawing money from their account. The robbed customers have already punched in their PINs when they realize the keypad buttons are stuck. The unwitting customers either do not know that they can use the ATM touch screen to finish their transaction, or become nervous when the keypad isn’t working and react by leaving the ATM.”

Once the customer has gone into the bank to alert a manager or teller, the scammer walks up to the ATM and uses the touch screen to complete the transaction.

Amazing. Even more amazing is that if a criminal were caught gluing ATM keys, he would most likely only receive a misdemeanor vandalism charge, as opposed to a larceny, which would put him in jail. The law has yet to catch up with this new and brilliantly simple crime.

So if you happen upon a glued ATM remember that you can finish your transaction using the touch screen. Once you’ve done so, alert the bank manager as soon as possible so nobody else gets scammed!

When using an ATM, pay close attention to the machine and be alert for anything that seems out of place. Wires, double sided tape, odd configurations or skimming devices on the face of the ATM, or a card that gets stuck in the reader are all red flags.

Don’t necessarily use the first ATM you see. Choose ATMs in secure locations, and be on your guard, even when using an ATM at a bank branch.

Above all, check your bank statements at least once every two weeks, and refute unauthorized transactions within 30 days.

Robert Siciliano personal and home security specialist to Home Security Source discussing ATM skimming on Extra TV. Disclosures.

Clients Alert Banks to Fraud

/in /by

In a perfect world there would be no sickness, nothing would ever break, everyone would get along, yummy food wouldn’t make you fat, and there’d be no crime. However, there are forces over which you and I have no control and we have to struggle simply to maintain balance.

In a perfect world, a bank wouldn’t need you or me to help detect fraud.

According to a survey of banks and credit unions, 23% learn of fraud through their own auditing processes. This means that more than three quarters of all bank fraud is detected either by customers or third parties. Just 32% of banks felt prepared to prevent online bank fraud.

That’s far from perfect, which means you, the customer, must pay close attention to your accounts.

Check your online statements frequently. I no longer receive paper statements and I don’t wait for my monthly online statement, either. Once a week, I check each individual account online. Check your investment accounts, credit cards, checking and savings account, and any other account that holds your money or grants you credit.

Create a bookmarks folder with links to all your accounts and set a consistent time to check each account, every week. Monday mornings, Wednesday afternoons, or Friday afternoons work for me.

Sign up for Mint. This service helps track activity on your bank and credit card accounts and sends notifications of any transactions involving any linked account.

The moment you spot a discrepancy, contact the institution and remedy the issue. Remember, as accommodating as a lender may be, they will often put up a fight before crediting your account for any losses. Persistence pays off.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses identity theft in front of the National Speakers Association. Disclosures

 

67% of Companies Fail Credit Card Security Compliance

/in /by

All merchants who accept credit cards are now subject to strict Payment Card Industry standards, rules, and regulations, which require a level of security that took about five years to finally implement.

 

PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve the security of credit card data processing, adequate attention has yet to be given to the identification, authentication, and accountability of cardholders.

 

For consumers, the primary concern is account takeover. Account takeover occurs when your existing bank or credit card accounts are infiltrated and your money is siphoned out. A hacked account or stolen credit card is often to blame.

 

InformationWeek reports that according to a new Ponemon Institute survey, “50% of security professionals view PCI as a burden, and 59% don’t think it helps them improve security. Furthermore, comparing this study with the inaugural one conducted in 2009, the number of respondents who said they had sufficient resources to comply with PCI dropped from 40% to 38%. Ponemon also found that the number of organizations that had experienced a data breach in the past two years increased from 79% in 2009 to 85% in 2011.”

 

Retailers who invest in device fingerprinting and device reputation make it much easier to identify bad guys during purchases, making those stolen credit card numbers way less valuable to thieves. By instantly evaluating a device’s history for criminal activity and assessing risk on new devices within a fraction of a second, retailers can stop fraudulent transactions before the order is accepted and product shipped.

 

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston.

5 Online Security Using PayPal

/in /by

Sometimes home security begins online. Many millions use and rely on PayPal for convenient and secure ecommerce transactions. But is it safe? The short answer is “yes”. The longer answer is “it depends”.

PayPal has numerous redundant measures of protection in place to protect their user accounts. PayPal falls under many of the same rules and regulations as banks and retailers.  They don’t have a choice to be secure or not, they have to be.

But PayPal is just like everyone else, they are under constant attack.

Most security issues with PayPal aren’t actually with PayPal at all, but with its users.

1.    Don’t click links in emails that come from PayPal. The emails may not be from PayPal but from scammers trying to phish your information. Always directly log into PayPal to access your account.

2.    Don’t link your bank account to PayPal. If your PayPal account is compromised then the money stolen will be from your bank account opposed to your credit card account. There are many more layers of security in your credit card connected to PayPal.

3.    Keep your PC security updated. Your PC is a path to PayPal, your bank or any other online accounts you have. Many of those accounts are only as secure as your PC. Make sure you have updated anti-virus, firewall, spyware detection/removal etc.

4.    Use a trusted PC. I would never use anyone else’s computer to login to my bank or PayPal

5.    Use a trusted internet connection. Banking online or using PayPal from a free internet café invites trouble. Your best bet is a hard wired connection from home.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Scam Artists Sell Over $4 Million in Fake Tickets Every Month

/in /by

Second-hand ticket retailer viagogo has revealed that scam artists that have been selling fake tickets are collectively reeling in just over $4 million a month, or $49 million a year.

Viagogo found that more than 67,000 fake music festival tickets were sold last year. In 2011, that number could reach 100,000. Most of this scamming occurs during the summer, the most popular season for concerts.

Ticket scams have been occurring for years. When a ticket is nothing but a piece of paper with a barcode that is scanned at the gate, counterfeiting is child’s play. Some events provide wristbands to ticketed attendees, and these wristbands can also be easily faked.

Watermarks and other security features make tickets a bit more difficult to recreate, but these low-tech methods of determining a ticket’s authenticity are often lost on the general public. The victim only realizes the scam when he’s denied entry to an event.

Avoid scalpers, period. Unless you know them personally, just buy tickets at the venue’s window. When purchasing tickets online, stick to legitimate websites. An online search will probably turn up plenty of options, but only buy from familiar, trusted brokers.

Scam artists often take advantage of online ticket companies by buying up blocks of tickets with stolen credit cards, either to counterfeit or simply to overcharge the public.

Fortunately, some ticket brokers have deployed device reputation, which allows them to uncover computers or other devices responsible for fraudulent activity or exhibiting suspicious behavior at the point of sale, and deny transactions from these devices. This kind of visibility gives ticketing services businesses a powerful advantage. More than ever, they can easily identify the scam artists where they’re coming from.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses yet another data breach on Good Morning America. (Disclosures)

Beware of Wedding Crashers This Season

/in /by

Here is why home security video systems are essential. In the movie “Wedding Crashers” actors Vince Vaughn and Owen Wilson crashed weddings in pursuit of women and wine. Their antics were perceived as relatively harmless because they were two fun guys injecting their lively fun attitudes into the party.

But in the real world a wedding crasher is a thief. They either steal a meal or more than likely steal the newlywed’s gifts.

In one of my past lives between bartending, barroom bouncing, pipefitting and beginning a security business I was a wedding DJ. Never be a wedding DJ if you don’t want to go head to head with a bridezilla and her mother.

At the end of one wedding I worked, the bride and groom along with a few from the wedding party were frantically scouring the room looking for the bag of envelopes. At one point the bride came up to me with her voice raised and accusatorily asked me if I knew where the bag was. Her husband quickly apologized and whisked her away. All I could do is feel bad.

Unfortunately for them the facility had no surveillance cameras and the gifts were located at the opposite side of the room from me and near the entrance/exit. Someone easily walked in and out and ruined and chance achieving a storybook wedding.

Outside of Boston two women were recently caught on video surveillance stealing over $2800.00 and several stolen items from a wedding. Both women dressed for the occasion, mingled, and eventually made their heist. Once the fraud was discovered the couple quickly called security and the police were notified. More than likely the thief’s car was identified on camera leaving the parking lot and the police got a plate number because they were able to go directly to the thieves homes and recover the lost goods.

In this case security video saved the day. In the future it would also make sense to have signage informing potential thieves they are on surveillance. This added layer of protection will stop many thieves.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

Get Digitally Secure before it’s Mandatory

/in /by

For the past decade, much of banking has taken place online, after hundreds of years of traditional banking. Banks have streamlined their processes, but must also cope with fraud. With banks absorbing billions in losses, consumers also pay.

In a recent survey of 1,000 U.S. residents, 60% responded that dealing with fraud is the banks’ responsibility, while only 6% believed that responsibility rests with consumers. 48% said they were concerned about the risk of fraud, and 14% had fallen victim to fraud in the last two years.

Advances in technology have made banking more convenient but have also outpaced consumers’ security intelligence. It is possible to secure systems against most cybercrime but that level of security often proves too inconvenient for consumers. As long as banks continue absorbing losses from fraud, consumers remain blissfully ignorant of the consequences of inadequate security.

Meanwhile, other countries take different approaches. South Korea has introduced a “Zombie PC Prevention Bill,” which makes installing and using security software mandatory for all citizens. A New Zealand law reserves the government’s right to confirm that personal computers are adequately protected.

Protect your computer by setting its operating system to automatically update critical security patches. Always run antivirus software and set virus definitions to update automatically. Use a protected wireless network and make sure your firewall is protecting both incoming and outgoing traffic.

Never click links within the body of an email. Instead, go to your favorites menu or type the address into the address bar. And be sure to check your online bank statements frequently.

You can find more tips from JustAskGemalto on how to bank safely online here.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. Disclosures