Banks Need You To Be Responsibly Secure

/in /by

Our culture deemphasizes individual responsibility. In my mind, life begins when you begin taking responsibility for everything in your life. Personal security is fundamentally your own responsibility and, while you may not be responsible for a crime happening to you, you are the one in the best position to prevent it.

In the last decade, as much as 80% of all banking has taken place online, a major change after hundreds of years of traditional banking. Online banking is all about convenience. It has become apparent that these conveniences of technology have outpaced consumers’ security intelligence. It is possible to secure systems in a way that will defeat most online criminal activity, but that level of security comes with inconveniences that the consumer may not be equipped to handle.

Doug Johnson, the American Bankers Association VP of risk-management policy, explains, “The banking industry wants consumers to monitor their online accounts for unauthorized transactions on a continuous, almost daily, basis. That’s because PCs and smartphones have become the online bank branch for a lot of individuals. The customer needs to really recognize that security is most effective when they work in partnership with their financial institution.”

While banks are fighting their own battles to combat fraud and account takeover, it is imperative that the banks’ customers adhere to security fundamentals.

  • Set your computer’s operating system to update critical security patches automatically.
  • Make sure your firewall is turned on and protecting traffic from both directions.
  • Always run antivirus software, and set it to update virus definitions automatically.
  • Use a protected wireless network.
  • Never click links within the body of an email. Instead, go to your favorites menu or type the address into the address bar.
  • Check your online bank statements frequently.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss online banking security on CBS Boston. (Disclosures)

Child Abduction Awareness For Parents

/in /by

When a true stranger steals a child, the child often doesn’t survive beyond 3 hours. Protecting yourself and children begins with understanding basic security. Today most helicopter parents won’t take their eyes off their kids, and I don’t see that as a bad thing.

Always have recent photos and videos of your child for police. Invest in a fingerprint or DNA kit to help investigators.

In the event that a child is approached, the best defense is a good offense. Resistance has often been a proven tactic for removing oneself from a dangerous situation.

Running, screaming, biting, hitting and kicking feel unnatural to teach your kids, but are natural traits they possess (My 2 year old proves this). I say if they are good at it now, train them to do it better!

As soon as your child is at an age where they can comprehend this issue, it’s time to discuss it. Age 4 they have a pretty good grasp, but age five they seem to be on solid footing.

Role play with your kids. This is a delicate balance of awareness and play. Intellectually introduce scenarios for them to respond to. See how they articulate a response. Let them figure it out on their own. Then if they don’t give you the answer you were looking for, work with them to understand the nature of their choice and its negative impact.

Discuss the Internet and online predators. This is an entire future post. But in the meantime, do your research and know what risks they face. Take control of their access to PC’s and monitor everything they do.

Most importantly, this kind of education is about empowerment. It’s about taking control. It’s a gentle awareness that can save their lives. Don’t guilt them into making the right decisions and make them feel bad about not understanding the issue. If they aren’t ready to comprehend the issue then back off.

Robert Siciliano personal and home security specialist to Home Security Source discussing Child Abductions on MSNBC.

Craigslist Scammers Use Emotional Lures

/in /by

At the moment, I have no less than six different tabs open in my browser, each searching Craigslist for different items I need this spring: trailers, boats, patio furniture, musical instruments, and exercise equipment. Every day I refresh my search results, looking for the best deal. I’m confident that I’ll find what I’m looking for. Patience is the key.

Millions are doing the same thing. And unfortunately, many of them are being scammed out of their money as sellers provide explanations as to why an item is being sold, ranging from “not needed” to “my son died.”

A North Carolina woman and her mother were looking for a used car on Craigslist and found an “amazing, like, this can’t be true, deal.” The daughter contacted the seller, who replied with, “Automatic transmission. It’s in perfect condition. Exterior no scratches. Interior no rips, tears, stains.” The seller asked for $3,900, and added that the car had belonged to her son, who had died in a bike accident, and she wanted to sell the car quickly because it brought back difficult memories.

Meanwhile, the mother found a similar deal on a different car, and the seller had a nearly identical story. This raised red flags and both mother and daughter cut off communications with the scammers. They were lucky.

This type of scam works because people can relate to the awful story and are more inclined to help when someone seems to be in distress.

Craigslist could prevent the majority of these scams easily by leveraging device reputation management. Many Craigslist scammers are based in Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, Philippines and Malaysia. These countries breed scammers who spend their days targeting consumers in the developed world. But real-time device reputation checks such as those offered by iovation can detect computers that have been used for auction fraud (and expose all of the accounts the device or group of devices is associated with) providing the ability to shut down sophisticated fraud rings and thousands of accounts immediately

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Fox News. Disclosures

If A Robber Wants Your Money, Give It To Them

/in /by

When a robber walks in to a place of business the general advice given is to give them what monetary request they make and let them leave. Fighting for materials items is never a good idea. There isn’t a dollar amount one can put on a life or on a box cutter across the face.

But in recent weeks, 2 Boston area store clerks fought off robbers. One man used a pepper spray and a woman used a metal rod. Both situations could have easily gone wrong, but these two clerks decided to fight. Mind you, I’m no pacifist.

The Boston Globe reported “The man leaned over the counter, said “Hi,’’ and, with a knife in his right hand, calmly warned the clerk to stay away from any alarm buttons, according to a surveillance video that captured the encounter. “Give me the money in the register now. No buttons. Put the phone down.’’ Then he turned his head. And that was when the clerk swung a 4-foot, 15-pound iron rod from behind the counter and brought it crashing down on his wrist.

“He had the knife, and I had something prepared, too,’’ she said, holding the rod that knocked the knife from the man’s hand.”

Video http://www.boston.com/news/local/breaking_news/2011/03/lynn_storeowner.html

Congratulations to the clerk. It’s always nice to hear when good conquers evil. This situation could have gone very wrong if she missed. History proves when a drugged up animal wants your money, they will often take the money and run.

It is true offering resistance has been proven to stop an attack situation more than 80% of the time. But, I only recommend someone offer resistance when their personal security is at risk. You can argue that this woman’s personal security was at stake, but robbery response 101 is to give the money up and let them leave. If they want your money, wallet, purse, just toss it in one direction and run screaming on the other.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

Tax Related Identity Theft Scams Up 300%

/in /by

Cases of stolen tax returns have surged over the past five years, leaving many identity theft victims struggling to recoup their lost refunds.

Approximately 155 million tax forms are filed annually. This provides identity thieves with an opportunity to come out of the woodwork and steal from Americans who are just trying to pay their taxes correctly.

A recent Scripps Howard News Service investigation analyzed more than 1.4 million ID theft records from the U.S. Federal Trade Commission from 2005 through early 2010.  In it they found that fraud complaints about stolen tax return-related identity theft jumped from 11,010 complaints in 2005 to 33,774 in 2009.  That’s nearly 300 percent.

Thieves may steal victims’ refunds, trick them into disclosing Social Security or credit card numbers, or even pose as the IRS. Below is more information for those common and lesser-known tax scams to watch out for.

Employment Identity Theft Scams: If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

Account Takeover Scams: If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it it likely that someone else has filed a fraudulent return on your behalf, in order to steal your refund.

Tax Preparer Scams: In an old scam that’s still in play, tax preparers tell clients they must pay back stimulus payments, and then pocket the money. Ads are also placed by scammers posing as accountants to get your returns. Make sure you do research and choose your tax preparer wisely.

Late Payment Scam: As people fall behind on their taxes, lists are created and are printed in the local paper as public record. Thieves can use these lists to call unassuming people and pose as collectors.

Internet Phishing Scams: The IRS doesn’t send emails. Phony IRS emails that try to lure taxpayers into giving out personal information are a common scam. The messages are generally intended to convince recipients to provide personal or financial information that enables the perpetrators to commit credit card or bank fraud, or other forms of identity theft. Unless you are actively engaged in dialogue with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

IRS Scams: If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

Here are some suggestions to protect yourself and make sure that you get your return:

1. Protect yourself by filing early. It seems crazy to think that someone would fraudulently file taxes in your name, but it’s being done. Once they find a few W2s or other tax-related documents, they can file in your name and claim your refund before you’ve even begun the process. File before they do.

2. Secure your mail with a locking mailbox. Mail is stolen every day, and tax forms tend to include Social Security numbers, making them especially valuable to a thief. Don’t send out your tax return by sticking it in your home mailbox. Instead, take it to the post office or use a big blue post office drop box.

3. Protect your PC. Whether or not you file online, securing your PCs is essential. Make sure you have updated antivirus software, a two-way firewall, that you run spyware removal software regularly, and that your wireless Internet connection is protected with a network key.

If you are ever a victim of a scam involving the IRS, you may be disappointed by the way it is handled by government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you think you know who is responsible, neither the IRS nor any other government agency will release that information. All you can do is follow the IRS’s instructions for resolving the issue. Be patient, as rectifying it may take many hours, days, or weeks. If you subscribe to an identity theft protection service, a fraud resolution agent may be able to help.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as live access to fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Security Cameras Capture Vandal

/in /by

Back when man was scraping his knuckles on the ground security cameras were the size of mail boxes and were only affordable to businesses.  Banks, retail and convenience stores were the primary consumers of “Closed Circuit TV”.

Today security cameras are as small as a dime and some don’t cost much more. Everyone is installing cameras today and for good reason: They see more than you can, and they see it when you can’t.

WOWT reports a family had their ADT security system installed a little over a year and it has already solved a vandalism problem and given them peace of mind.

“The family’s husband would see a neighbor boy damage their property but every time he called the sheriff’s department he would get the same answer, without proof deputies couldn’t do a thing. The husband said, “I can’t do a thing about it unless you have proof. My camcorder didn’t help that much, you can’t catch them at night or anytime but this (his security cameras) is what captured somebody doing something to the house.”

“One time the siding was damaged, another time the mailbox was knocked over; someone even threw chemicals on their lawn, burning the grass. The security cameras provided pictures for deputies to identify the vandal. It was the next door neighbor kid. There was never another incident of vandalism.”

I have 16 security cameras in and around my home. Seven cameras are inside the home and are connected to my ADT Pulse™ System and I can access them on the internet and with my iPhone.

Recently In my yard a spotlight was broke off its mount. My immediate suspicion was a particular neighborhood kid. I reviewed the video footage from that past week and saw that it was a tree branch that knocked it down. That camera saved me from yelling at someone and looking like a jerk!

Besides the uber cool factor when I whip out my security camera apps at a party, the peace of mind is fantastic.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Man Identified As ‘East Coast Rapist’ Held

/in /by

There are only a few topics I rarely address due to their sensitive nature. Rape is one. It’s hard to write about and even harder talk about it. And being that it has never happened to me, and the fact that I’m a man, it’s a topic I’ve left to female experts in personal security to expound upon.

My overall position is I can’t call myself an expert in this topic so it’s one I should only hint at discussing.

A story in the Boston Globe reveals “Authorities have identified a man they arrested in Connecticut on suspicion of being responsible for rapes and other attacks on 17 women since 1997 and dubbed the East Coast Rapist. Police spokesman Joe Avery said Aaron Thomas, 39, of New Haven, was arrested yesterday afternoon at his home by the US Marshal’s Fugitive Task Force. Avery said Thomas “has been identified as the East Coast Rapist.’’ US Marshal Joe Faughnan said a lead from authorities in Virginia led them to Thomas. Authorities recently posted sketches of the suspect on electronic billboards in states where attacks occurred, including Connecticut, Virginia, Maryland, and Rhode Island.”

This is good news. However there are many other predators to take his place. I’ve seen stats saying 1 out of four American women will be sexually assaulted. Others say a woman is sexually assaulted somewhere in the world every 56 seconds.

Often these assaults are done by someone known to the victim whereas fewer are done by total strangers.

Either way it is essential women take hardcore self defense classes. Self defense is a topic I can speak to. The best program is known as Impact Model Mugging which utilizes a technique called “adrenal stress training”. Look them up and take any class within driving distance. And do it today.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on Fox Boston.

Scammer Guilty of $2.7 Million Online Auction Fraud

/in /by

Auction scams are messy. Consumers who are new to the world of online auctions are more likely to fall victim to deals that are too good to be true. Victims either get stuck with inferior or counterfeit goods, or they are charged and never receive the purchased item at all.

My spouse used eBay to search for skin care products, and was pleasantly surprised by the low prices she found for the products she wanted. Since she doesn’t have much experience with eBay, she called me over to help her complete the transaction. I saw that the seller had no feedback from previous buyers, and suggested that my wife hold off on the purchase. She begrudgingly agreed with me, and the next day when she logged in, the seller had been suspended from eBay. (I told her I’m wicked smart!)

If it looks like it might be fraud, it probably is.

A Romanian man recently pled guilty to charges of wire fraud and conspiracy before a Chicago judge, after having acted as a money mule in a scheme that scammed eBay, Craigslist, and AutoTrader users out of $2.7 million. The man’s associates in Romania used auction websites to sell nonexistent cars, motorcycles, and RVs. Buyers paid by wiring money to the scammers’ accounts, but never received the expensive items they had supposedly purchased.

Online classified and auction websites could prevent fraud and protect their users by incorporating device reputation management. One anti-fraud service getting lots of attention for delivering fast and effective results is ReputationManager 360 by iovation Inc. This software-as-a-service incorporates device identification, device reputation and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse in real time by analyzing the computer, smartphone, or tablet connecting to their online properties.

While iovation does not collect any personally identifiable information (PII) from their business clients, they have a very unique view into the connections between computers and the accounts they access. For example, what might typically look like one transaction to a single auction site is often a coordinated attack across multiple sites.  When a group of devices hits multiple sites, across various industries, iovation can detect the attacks through velocity triggers and shared experiences across their customer base to alert the affected business and thwart the attacks.

A device reputation check used on a scammer setting up a new account in an online action site would stop him at the front door, leaving no chance to post fake items for sale which would soon cause damage to the business and its customers.

eBay makes safety recommendations for users, and the first rule is to use eBay’s built in payment system, and not to use alternate payment methods, like wiring money.

Never provide sensitive personal information like your account password, a credit card or bank account number, or your Social Security number in an email.

Before you bid or buy on eBay, know your seller. Look at your seller’s feedback ratings, score, and comments to get an idea of their reputation within the eBay marketplace.

I generally recommend using PayPal to help prevent online identity theft. If you use your credit card, check your statements frequently and refute any unauthorized charges immediately.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

When a Good Guy Steals Your Identity

/in /by

Chris Roberts is a hacker. But not a black hat hacker, like the bad guys you may associate with the term. He’s a white hat hacker, or an ethical hacker, and no, that isn’t an oxymoron. Chris is the kind of guy you definitely want on your team, because if he weren’t, he’d be your worst nightmare.

I had the opportunity to meet up with him at the McAfee Focus 2010 event. His appearance fits the hacker stereotype: he’s tall and lanky, with a Viking beard and, I’m pretty sure, some tattoos. And he carries around a bag of tricks that could probably take down the Pentagon. He’s got every sort of gadget that could be used to sniff, spy, and hack.

Companies hire Chris to determine what their weaknesses are, and how vulnerable they are to a potential attack.

NetworkWorld profiled Chris, and, in the article, he brought attention to the fact that many people assume they won’t be targeted by identity thieves because they don’t have money, or status, or even good credit:

“So many people look at themselves or the companies they work for and think… Why would somebody want something from me? I don’t have any money or anything anyone would want… While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal.”

No kidding.

Your Social Security number, which represents your total identity, is always valuable to a criminal. Because our system lacks full accountability when it comes to identification, anyone can use your data to pose as you.

Until the day comes, if it ever does, that we are effectively identified and authenticated, we will always be vulnerable to imposter fraud and identity theft.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss credit and debit card fraud on CNBC. (Disclosures)

Dumb Criminal Tries To Guess PIN 50 Times

/in /by

What do you do when you are picked up in a cab and the driver suspects your home will be vacant while you are gone?

The Manchester Evening News reports “A BUNGLING burglar went to the same ATM more than 50 times – to try and guess the PIN numbers of bank cards he had stolen. He thought he might strike it lucky if he kept on putting in random sets of four numbers into the ATM machine. But, with the odds of correctly guessing a card’s PIN number ranked at one in 10,000, and he never managed to make a single withdrawal.”

Police believe the dumb criminal may have used his job as a taxi driver to pick out homes where he had picked people up and he would then return to at night and break into. He pleaded guilty to eight counts of burglary and was jailed for three years four months.

Whenever I’m picked up in a cab from my home I always get on the phone and fake or make a real call and say “Bill, can you make sure when I’m gone that the Dog stays in the house? He got out again and bit someone bad, there was blood everywhere, and please set the home alarm, and I’ll only be gone a short time this is just a shuttle”.

This puts enough doubt in the mind of the cabbie to choose my home as his next target.

Get the new ADT Pulse™ system which has 5 ways to turn on/ off the system including a wired keypad, touchpad, iPhone app, remote control and a PC.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.