LinkedIn Gone Wild: Invades Inboxes

/in /by

Did you know there is a setting on LinkedIn where they will email your entire contact list in your behalf to let everyone know about a new position you have taken with a company?

I didnt.

Until I got all kinds of  “Congratulations” in my inbox.

Apparently there is a new setting that by default is left “On” which in fact tells all your contacts that you’ve taken a new job or got a new contract or whatever. And while you may post this to your profile, it may not be something you want to stick in someone’s inbox.

I know it’s posted online for the world to see. But some things posted are meant to be passive not direct. Linkedin is supposed to be a place to catalog your accomplishments and business interests. Not a sounding board to push out content in people inboxes. I choose what to pushout. Not LinkedIn.

What’s bothersome is LinkedIn knows this new feature is a problem and only passively tells their members.

It looks like this:

“”By selecting this option, your activity updates will be shared in your activity feed.

  • Note: You may want to turn this option off if you’re looking for a job and don’t want your present employer to see that you’re updating your profile.””

That’s incredible “if you’re looking for a job and don’t want your present employer to see” THEY WROTE THAT!!!!


OK, so you’d have to be a tool to update your profile with a new job while having an existing job, but the fact that by default LinkedIn has gone in and chosen to tell all your contacts is disturbing. It’s wrong on so many levels they take it upon themselves to send that email.

My issue is I don’t have a “Job” I have “clients” and now my clients think I got a Job. Which is unusual for a consultant to have a job and consult and makes me look like a “Moonlighter”.

It’s just wrong Linkedin. You had no right to do that.

Robert Siciliano has no job. He is a consultant to great security companies. See him discussing home security and identity theft on TBS Movie and a Makeover.

Slam Online Scams

/in /by

#1 Nigerian Scams: While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams happen right here in the good old USA by Americans presenting to offer jobs or may ask help to transfer money.

#2 Romance Scams: If you ever hear talk like this, run far and fast: “In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them! ROMANCE is the key to my happiness and to my heart and soul!”

#3 Classified Ad Scams: This story caught my eye: “An online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet. An ad posted to a local online classified website by a man who claimed he was living in Florida. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.”

#4 Phishing: Phishing continues to become more sophisticated, more effective, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 out of the districts accounts.

#5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins.

Don’t be taken. Keep your head up and recognize when someone’s trying to take advantage of you.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

A Good Decade for Cybercrime

/in /by

Cybercrime is one of the most successful and lucrative industries of our time, growing by double digits year after year. Over the last decade, cyber crooks have developed new and sophisticated ways to prey on an explosion of Internet users, with little danger of being caught. Meanwhile, consumers face greater risks to their money and information each year.

A few famous exploits illustrate different eras of cybercrime:

“I Love You” worm’s false affection: $15 billion estimated damage

Emails with the subject line “I love you” proved irresistible in 2000. Millions of users downloaded the attached file, which was supposedly a love letter but was actually a virus. This infamous worm cost companies and government agencies $15 billion.

MyDoom’s mass infection: $38 billion estimated damage

This fast-moving worm, which first struck in 2004, tops McAfee’s list in terms of monetary damage. It delivered enough spam to slow global Internet access by 10% and reduce access to some websites by 50%, costing billions of dollars in lost productivity and online sales.

Conficker’s stealthy destruction: $9.1 billion estimated damage

This 2008 worm infected millions of computers. It went a step further than the other two worms on our list, downloading and installing a variety of malware that gave hackers remote control over victims’ PCs.

Some of the most common and nefarious scams include:

Fake antivirus software

Selling fake antivirus software is one of the most insidious and successful scams in recent years. Cyber criminals play on users’ fears that their computers and information are at risk, displaying misleading pop-ups that prompt the victim to purchase antivirus software to fix the problem. When victims enter their credit card information, it is stolen and, instead of security software, they wind up downloading malware.

Phishing scams

Phishing, or trying to trick users into giving up personal information, is one of the most common and persistent online threats. Phishing messages can come in the form of spam emails, spam instant messages, fake friend requests, or social networking posts.

Phony websites

In recent years, cyber crooks have become adept at creating fake websites that look like the real deal. From phony online banking to auction sites and e-commerce pages, hackers lay traps in the hopes that you will be fooled into entering your credit card number or personal information.

For your own peace of mind, consider subscribing to an identity theft protection service such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, alerts when suspicious activity is detected on your accounts, and access to fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Mother’s Book Recalls Serial Killer’s ’07 Massachusetts Home Invasion

/in /by

In July of 2007 on a hot summer night a serial killer was arrested after he broke into a 15-year-old girl’s room in Chelmsford Massachusetts in the middle of the night and tried to rape her. The girl’s father heard her scream and held the masked and gloved Lane in a headlock until police arrived, authorities said.

At the victims’ home, the killer found the back door unlocked. The daughter left it that way when she came home that night, because she thought her brother was coming home later.

The Boston Globe reports the Mom, Jeannie, “has written a book about that night and its aftermath. In those adrenaline charged minutes, she says, ignorance kept her from becoming paralyzed: She did not know she was fighting a serial killer who had killed his previous victim the day before.”

Evil takes many forms. One of its forms is as Adam Leroy Lane. Lane was a truck driver from North Carolina whose route traveled up and down the east coast and attacked or murdered women in New Jersey, Pennsylvania and Massachusetts.

Apparently when the urge struck, he’d veer off the highway and stalk neighborhoods and jiggle door knobs until he found one unlocked with a woman inside. In all the cases, the killer picked his victims at random and attacked them at their homes near interstate highways that he traveled.

Lane was carrying knives, a belt with Chinese throwing stars and choke wire during the attack. Police also allegedly found in the cab of his truck a copy of the movie, “Hunting Humans,” which is about a serial killer. “I study them until I’ve got their pattern and it’s easy to do the rest,” says a line from the movie Hunting Humans.

This is exactly the breed of predator I’ve been screaming about my entire life. The always has been, there is, and there always will be Adam Leroy Lane’s jiggling another door knob.

Protect yourself and family.

  • Lock your doors and windows day and night because you are smart.
  • Beef up the lighting outside your home because you are aware.
  • Install home security cameras because you want a layer of protection.
  • Be proactive with the help of ADT Pulse™, a new interactive smart home solution that goes beyond traditional home security to provide a new level of control, accessibility and connection with the home

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Maury Povich.

Traveling For Winter Vacations? Think Security

/in /by

Contrary to what some might suggest, I’ve never thought it was a good idea to place your name on a “stop mail” list at the post office. Because some crack head postal employee now has a list of opportunities.

It’s the same thing with stopping delivery of your newspaper. Once you are on that list, it is known you are away.

The best case scenario for both issues is to have a trusted friend, family member or neighbor grab your mail and newspaper for you.

Never list your vacation plans on social media. The last thing you need to be doing on Facebook is telling the world you are 2000 miles away.

Put lights on timers to give your home the “lived in look”. ADT Pulse™ does all this form you.

Do all the fundamentals like invest in a home alarm system that sends an alert to local law enforcement that your house has been broken into. Studies show as many as 25% of all American homes are equipped with a home security system. Monitoring is generally a buck a day.

Set yourself up with home security cameras. Mine can be accessed from my iPhone and online. It’s kind of addicting, and I’m always checking out the scene at the homestead when I travel.

Here are a few tips to help protect the safety of your home while you are gone:

  • If you are traveling by car make sure it’s running properly, check belts and tires and oil. Have a good spare and carry an emergency kit.
  • If you are heading overnight pack your car in your garage or late at night under the cover of darkness.
  • Use timers on indoor and outdoor lights.
  • Let a trusted neighbor and the police know you are traveling.
  • Unplug garage door openers.
  • Have a neighbor park their car in your driveway.
  • If grass is still growing where you live and if you’re gone for a bit have a landscaper mow your lawn.
  • Don’t share your travel plans on social media or on a voicemail outgoing message.
  • Lock everything of significant value in a safe.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston

Social Security Numbers Easily Cracked

/in /by

It is easier than ever to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft.

Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people born on the East Coast were assigned the lowest numbers and those born on the West Coast were assigned the highest numbers. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researchers had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” The researchers concluded, “Unless mitigating strategies are implemented, the predictability of SSNs exposes people born after 1988 to risks of identity theft on mass scales.”

While the researchers’ work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations, and educational institutions.

The problem stems from that fact that our existing system of identification is seriously outdated. We rely on nine digits as a primary identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. This problem can only be remedied by incorporating multiple levels of authentication into our identification process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Visit CounterIdentityTheft.com to educate and protect yourself.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Mobile Phones Being Hacked and Cloned

/in /by

Cloning occurs when hackers scan the airwaves to obtain SIM card information, electronic serial numbers and mobile identification numbers, and then using that data on other phones.

Cloning can happen anywhere, anytime that you’re using your phone. The bad guy simply uses an interceptor, hardware, and software to make a phone exactly like yours.

A few years ago, I was in San Diego on business. Two weeks later I received a call from my carrier alerting me to $1500.00 worth of international calls I had not made. The activity triggered an alert within their system and they shut my account down.

Fortunately for me, my carrier recognized the fraud and relieved me of the charges, rather than me discovering it and having to fight to reverse the charges. Apparently, it was a known issue that scammers in Tijuana were cloning U.S.-based phones.

Anita Davis, another mobile clone victim, wasn’t so lucky. One month, her cell phone bill showed $3,151 worth of calls in one month, to Pakistan, Israel, Jordan, Africa, and other countries. Anita called her carrier immediately and told them she didn’t know anyone in those countries, or anyone outside the U.S. for that matter. She says, “They told me I had to have directly dialed these numbers from my cell phone and I needed to make a payment arrangement or they would send my bill to collections.” After begging and pleading, Anita convinced them to drop the charges.

The extent of your vulnerability varies depending on your phone and the network you’re on. Cloning mobile phones is becoming increasingly difficult, but consumers can’t do anything to prevent it from happening. The best way to mitigate the damage is to watch your statements closely. The moment you see an uptick in charges, contact your carrier and dispute the calls.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)


Dealing With Daily Digital Surveillance

/in /by

Our everyday activities are being monitored, today, right now, either by self-imposed technology or the ever-present Big Brother.

Traditionally, documenting our existence went like this: You’re born, and you get a medical and a birth record. These documents follow you throughout your life, filed and viewed by many. You must present these records in order to be admitted to a school, to be hired, or to be issued insurance. You get a Social Security number shortly after birth, which serves as your national identification. These nine numbers connect you to every financial, criminal and insurance record that makes up who you are and what you’ve done. Beyond that, it’s all just paperwork.

But today, as reported by USA Today, “Digital sensors are watching us”:

“They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped.”

Then, of course, there are geolocation technologies that work in tandem with social media status updates, applications that track you and leak that data, and cookies on websites.

All of these technologies have been around for a while in one form or another. The difference is that today, databases are collecting and sharing that information like never before.

On top of that, new facial recognition technologies will connect your social networking profiles to your face, and that issue will be compounded when you share photographs that are geotagged with your location.

Knowing this, and understanding technology’s impact on what you once considered privacy, ought to resign you to the fact that at this point, privacy is kind of a dead issue. If you want to participate in society you have no choice but to give up your privacy (but not your security), to a certain extent.

Your new focus should be security. Secure your financial identity, so nobody else can pose as you. Secure your online social media identity, so nobody else can pose as you. Secure your PC, so nobody can take over your accounts. And please, there’s no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t just relinquishing privacy; you are compromising your personal security.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses Social Security numbers as national identification on Fox News. (Disclosures)

4 Reasons 2011 is the Year to Get Serious About Security

/in /by

Prognosticators are silly. Or that’s how I’ve always viewed them, anyway. They combine past experience with their perspective on current trends to make predictions and pretend to be smarter than you.

Many prognosticators in the financial world have failed miserably, and we’re all paying the price now. Their current excuse is “irrational exuberance.”

But prognostication holds a bit more water these days, thanks to technology that can quantify and collate mass amounts of data to provide an educated guess.

Here’s me being a prognosticator: In 2011, unprecedented security issues will reveal just how vulnerable we are and highlight the flaws in our systems. In other words, we have a big challenge.

What makes me say this? Here are just a few reasons:

1. In recent months, “hactivisim” has become a popular term, even among non-technical people.

2. A new virus called Stuxnet has stoked anxieties about cyber warfare.

3. Cybercrime targeting the government has become bolder than ever.

4. Mobile phones are eclipsing wired phones, so software developers are more focused on mobile. But is your cell phone ready to be your bank?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. (Disclosures)

10 Types of Criminal Social Media Impersonators

/in /by

Social media is the fifth form of mainstream media. At this point, most people know how to use social media, and how to navigate the various websites. But what most users don’t yet realize is how social media can be used against them.

Social media identity theft occurs for a number of reasons.

1.    An online impersonator may attempt to steal your clients or potential clients.

2.    Impersonators may squat on your name or brand, hoping to profit by selling it back to you or preventing you from using it.

3.    Impersonators who pose as legitimate individuals or businesses can post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.

4.    Impersonators sell products or services and offer deals with links to spoofed websites in order to extract credit card numbers.

5.    An impersonator poses as you, and even blogs as you, in order to damage your name or brand. Anything the impersonator writes that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.

6.    Impersonators harass you or someone you know, perhaps as revenge over a perceived slight.

7.    An impersonator steals a name or brand that has leverage, such as an employee, celebrity, or Fortune 500 company, as a form of social engineering, in order to obtain privileged access.

8.    An impersonator may be obsessed with you or your brand and simply wants to be associated with you.

9. An impersonator might parody you or your brand by creating a tongue-in-cheek website that might be funny and obviously spoofed, but will most likely not be funny to you.

10. An impersonator poses as an attractive woman or man interested in a relationship in order to persuade potential victims to send naked photos, which can then be used for extortion.

Social media sites could go a long way in protecting their users by incorporating device reputation management.  Rather than looking at the information provided by the user (which in this case could be an impersonator), go deeper to identify the computer being used so that negative behaviors are exposed early and access to threatening accounts are denied before your business reputation is damaged and your users abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media Facebook scammers on CNN. Disclosures.