Dumb Criminal Leaves Behind Charging Phone

/in /by

Fortunately not all burglars are Tom Cruise like in a scene from Mission Impossible. While some are violent, most of them are bumbling buffoons who need their next fix and just jiggle door knobs and make a quick hit and run to sell your stuff for a $10 vile.

One such dumb criminal took advantage of people’s homes after power outages brought on by a winter storm in Maryland. In the course of the storms about 40 homes had been broken into.

In one burglary, as reported in the Washington Post, “as the burglar was rifling through the rooms in that house, the homeowner’s son arrived and startled him. The burglar jumped out a window and fled. The son called police, who searched the house. They were stunned at what was found: a cell phone, charging in an electric socket, that didn’t belong to the homeowner. The phone led police to the burglar, who is now charged in 10 burglaries.”

Apparently, at the burglar’s home he didn’t have any power and used the homes he had broken into to charge up his mobile.

This burglar when through a window and apparently the home didn’t have an alarm.

Protect yourself:

Install signage. “Beware of Dog” and “This House is Alarmed” neon signs for $1.98. One for the front door and one for the back door.

Go to the pet store. Get 2 big dog bowls, one for the front porch and one for the back. Write “Killer” in permanent marker on it. This gives the impression you have a big dog. You can even buy a barking dog alarm.

Lock your doors and windows. Install a monitored alarm system. Consider ADT Pulse that comes with a battery backup even when the poser goes out.

Give your home that lived in look. Leave the TV on LOUD while you are gone.

Install timers on your lights both indoor and outdoor. Close the shades to prevent peeping inside.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Cool Tools To Access Files Remotely

/in /by

Whether you’re a road warrior or simply own multiple PCs and want access to all your data from anywhere, here are a few easy ways to do it, and one not so easy option.

All of these options are secure, as long as you don’t leave a remote PC logged into your account, or log in from a PC that is already infected with spyware or a virus. I only log in from trusted PCs like my own laptop.

LogMeIn gives you remote access to your PC or Mac from any other computer with an Internet connection, for free. Just install LogMeIn on the computer you want to access, and then log into your account from any other computer. You’ll be able to see your desktop and use all your applications, as if you were sitting right in front of your home computer, even if you’re across town, across the country, or across the world. LogMeIn Pro², a paid upgrade, adds additional features like file transfers and remote printing.

Orb is a free program that essentially turns your PC into a server. Once you’ve downloaded and installed Orb, you can use any Internet-connected device with a streaming media player (mobile phone, PDA, laptop) to log into mycast.orb.com and access all your digital media, anywhere, anytime. Orb is also compatible with the Wii, PS3, and Xbox, so you can enjoy your media on your television screen as well! While Orb is heavily focused on delivering digital media, it works with documents as well.

If you’re a Mac guy, then you’re all about Me.com. For $99 a year, Me.com gives you easy access to your most important stuff, including email, contacts, calendars, photos, and files, from one place on the web. And since any changes you make on Me.com are stored in the cloud, you can see them on all your other devices, too.

Mocha Remote Desktop is a free application that provides complete, secure access to all the files and programs on your work PC from your iPhone, iPad, or iPod touch, as long as your work computer is running Windows XP Professional, Windows Vista, or Windows 7.

Remote Desktop is built into the Microsoft Windows operating system. Not all versions of Windows have Remote Desktop functionality, though. Windows Professional and Ultimate editions generally include Remote Desktop by default. This is the cleanest example of real-time remote access technology, giving you the feeling that you’re sitting in front of your home PC’s desktop, from anywhere.

Setting up Remote Desktop is another story.

It’s easiest to do it from within your own internal network. If you want to use Remote Desktop from anywhere else in the world, you’ll need to configure your router and set up port forwarding, preferably with a Dynamic DNS account.

Personally, I like Remote Desktop best, but it takes serious time and effort to get it working the way you want.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses yet another data breach on Fox News. (Disclosures)

Beware Of PC Remote Access Assistance Scams

/in /by

Admittedly, I don’t know EVERYTHING about computers. I know enough to break them and enough to fix them most of the time. But, occasionally I need help.  Generally that help comes in the form of remote assistance from Dell, where I buy all my PCs.

With each PC I get the 3 year Dell warranty, so if something fails they replace or will come in remotely and fix. Just this week, my built in webcam failed. Little bugger was working just fine, then, nothing.  So I reinstalled the software, rebooted and still no webcam. My fear was the hardware failed so I called Dell.

Dell tech support agents always request the user log into a website and punch a code, and then download a program that allows for them to come in and remotely access my PC to diagnose the issue. Every time this occurs I watch each move they make so I’m comfortable knowing they aren’t downloading or installing anything not approved to later access my PC. That said, I trust Dell and don’t think they’d do that, but its good security to watch.

The Windsor Star reports “police are warning people about a new scam to hit the area after criminals almost duped a man into handing over remote access to his computer, along with all his personal and financial information. The so-called technician started by telling the man his computer had sent an error message to Microsoft and he was calling to help him rectify the problem. The scammer told him to press “Windows Key + R” which opens the “Run” dialogue.”

Fortunately, the intended victim got suspicious and hung up.

In this process, if the victim moved forward, he would have inevitably downloaded a program and installed it on his PC that would have allowed the criminal the ability to come into the persons PC any time he wanted.

Any time anyone emails or calls you with a ruse that your PC needs attention, just hang up or delete the email.

And as for my webcam? Dells tech went into my device manager and uninstalled the cam and went to Dells website and got an updated version of my cams software. Apparently, an update I did corrupted the cameras software and the version I had was conflicting. I could have figured this out and it might have taken me another 30-90 minutes to do so. But one quick call to Dell and 10 minutes later it was done. Nice.  Not all remote assistance is bad.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

The Ever Present Credit Card Scam

/in /by

The Ever Present Credit Card Scam

When people ask me, “How do I protect myself from credit card fraud?” I tell them, “Cancel the card, or never use it.” Because that’s the only way. Otherwise, all you can do is hope the merchant has a sophisticated system in place to mitigate the fraud.

The FBI’s Internet Crime Complaint Center’s Annual Report determined that the total dollar loss from all cases of fraud in 2009 that were referred to law enforcement by IC3 was $559.7 million; that loss was greater than 2008 when a total loss of $264.6 million was reported. Some estimate identity fraud in total at over $50 billion.

Flaws in the system used to issue credit facilitate new account fraud, since creditors often neglect to fully vet credit applicants with technology as essential as device reputation. Account takeover requires nothing more than access to credit card numbers, which can be accessed by hacking into databases or skimming cards at a point of sale terminal, ATM, or gas pump.

You should be aware of these common scams:

Micro Charges: Micro charges are fraudulent charges ranging from twenty cents to ten dollars. The idea is to keep the amounts low enough to go unnoticed by cardholders.

ATM Skimmers: Criminals can place a card reader device on the face of an ATM to copy your card data. The device, which appears to be part of the machine, may use wireless technology to transmit the data to the criminals. In many cases, thieves will also hide a small pinhole camera somewhere around the ATM (in a brochure holder, mirror, or speaker, for example) in order to record PIN numbers as well. Always cover the keypad with your other hand when entering your PIN.

Dummy ATMs: ATMs can be purchased through eBay or Craigslist and installed anywhere. (I bought one from a guy at a bar for $750.) A dummy machine has been programmed to read and copy card data.

Phone Fraud: The phone rings and it’s a scammer claiming to be calling from your bank’s fraud department. The scammer may already have your entire card number, which could be stolen from another source. You might be asked about a fictional charge you supposedly made, and when you deny it, you’ll have to provide your three to four digit CVV number in order to have the charge removed. Never give out this type of information over the phone.

Phantom Charges: When searching for something on the web, you come across a great deal. In the process of ordering, the website informs you that a discount is available along with a free trial of another product. Thinking you’re saving money, you take the bait. The next thing you know, your card is being charged every month and the company makes it very difficult to cancel the charges.

Look for and do business with companies that have a comprehensive, defense-in-depth approach to protect consumers against identity and financial fraud. Check your credit and banking statements carefully. Scrutinize every charge and call your bank or credit card company immediately to refute any unauthorized transactions.

(Be sure to do it within 30 or 60 days at most, depending on the type of card.)

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses ATM skimming on Extra TV. Disclosures.

Government Moves Away from SSN as Identifier

/in /by

The Department of Defense proclaims, “The national security depends on our defense installations and facilities being in the right place, at the right time, with the right qualities and capacities to protect our national resources.” But by relying on Social Security numbers as primary identifiers, this same organization puts the identities of soldiers and their families at risk.

Last month, four West Point professors released a journal article arguing, “Despite the Defense Department’s recent advances in protecting personally identifiable information (PII) such as Social Security numbers, the military continues to have a ‘cultural disregard’ for PII.” The professors also pointed out that since the first digits of a Social Security number can be deduced based on birth year and location, restricting use to the last four digits does not adequately preclude identity theft.

In 2007, an Office of Management and Budget memo ordered agencies to eliminate all nonessential uses of Social Security numbers, and the Department of Defense is currently working on limiting its use of the numbers.

If you are a soldier or have a family member away on leave, there are two ways to protect yourself or your family member:

1. Place an “active duty alert” on your credit report. To place or remove an active duty alert, call all three of the three nationwide consumer reporting companies: Equifax, Experian, and TransUnion. Each will require proof of the soldier’s identity, which may include their Social Security number, name, address, and other personal information.

Equifax: 1-800-525-6285

Experian: 1-888-397-3742

TransUnion: 1-800-680-7289

2. Whether or not you are a member of the military, consider subscribing to an identity theft protection service, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Snow Removal Scams Plague The Elderly

/in /by

The lowest of low life scammers generally prey upon the weaker and often the frail. And all too often that is children or elderly. In this case, snow removal scams happen when we have winters like this one where snow is piling up 6-10 feet over the course of the season.

Daily television news reports highlight roofs collapsing as a result of the heavy snow piling up and people go into panic mode and shovel off their roofs. None of this ever may sense to me especially due to the fact you are more likely to fall of the roof and break a bone than your roof being in danger of collapsing.

NECN reports “an 86-year old man who lives in Amesbury, Massachusetts was embarrassed and nervous after police say he paid an area contractor 48 hundred dollars to clear snow from his roof.”

Strangely the contractors’ last name that did the dirty deed was named “Snow”. Title should read “Scammer Snow snows senior with snow swindle” I should be a writer.

“The Snows are known to authorities throughout the area– in fact — across the country for allegedly preying on elderly people, charging them exorbitant prices for snow removal, paving and construction jobs.”

This kind of scam happens much more frequently than one would think. Before you or anyone you are a caretaker for goes and spends any money on snow removal from a roof, contact your local building department to get an idea if your property is at risk.

Otherwise when making any kind of investment in snow removal expect to pay less than $50.00 per man, per hour plus any heavy equipment charges and get an estimate of how long the project will take. Further, demand the contractor provide a certificate of insurance should something go wrong.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

mCrime Perfectly Positioned to Pounce in 2011

/in /by

The number of households in the United States that rely solely on wireless telephones continues increasing. More than one in four households had cell phones and no landlines in the first half of 2010, which is an increase of 2.1% since the second half of 2009. And almost one in six households uses cell phones exclusively or almost exclusively despite still having a landline.

What’s most interesting is that more than half of adults between 25 and 29 rely on cell phones alone. This is the first time that adults of any age range have been more likely to go without landlines. This trend indicates that those who have grown up with mobile phones as an accoutrement that went along with their lunch box have never bothered to get a landline. In a few decades, the landline will probably be about as obsolete as the rotary phone is today.

As a result of this shift, software application developers are focusing primarily on mobile devices, with PCs demoted to a secondary consideration.

And whenever there’s a major transition to a new technology, the uncertainty and newness creates the perfect opportunity for scammers to launch attacks. Dave DeWalt, chief executive of McAfee Inc. security software, predicts, “2011 is the year of the threat to the mobile device, particularly the mobile app.”

There are plenty of new tablets and smartphone devices coming out this year, along with thousands of new mobile applications. Meanwhile, hackers are creating bugs and viruses that modify the legitimate software industry’s processes.

Expect more scams and more scam warnings in 2011. The main initial concerns involve rogue apps and phishing messages designed to extract credit card numbers and login credentials. As mCrime evolves and criminals begin to make some money, they will have the resources to hire crackerjack programmers to do their deeds.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Are Internet Cookies Good or Bad?

/in /by

Neither, they are just a mechanism to how the Web works.  The bigger question is, are the uses thereof good or bad.

Microsoft, Google, and Firefox are implementing do-not-track features into their browsers, giving consumers the option to block cookies that may track their surfing for advertising purposes.

Most major websites now install cookies on your computer, which, over time, help develop a profile that serves as your digital fingerprint. This is why, after searching for a specific product, you may notice advertisements for that particular product or brand appearing on various other websites.

But not all cookies track you in order to sell you something. Many are there for security purposes. Merchant Risk Council considers “where the line is drawn between the proper and improper uses of this type of technology (protecting against online fraud vs. targeted online marketing).”

Several companies use cookies as well as other technologies, such as tokens, along with sophisticated and unique pattern matching that can only be derived from extensive and unique experiences with a shared reputation database, to identify and re-identify devices.

I don’t see any physical harm or identity theft ever happening as a result of of this refined marketing or especially device identification, especially when it comes to techniques meant to watch your back and protect you.

With privacy watchdogs addressing this kind of advertising as a major concern, and the Obama administration now stepping in, we will surely see the implementation of some standards in this kind of marketing practice over the next few years.

The MRC wonders, “As this issue gets more play, and consumers become more aware of this technology, will there be any effect on “good customer” behavior by potentially scaring people away from online shopping?”

I doubt it. But right now, government, industry, and consumers need to understand the difference between good cookies and bad cookies, before rash decisions designed to give us slightly more privacy make us more vulnerable to fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Digital Lifestyle: 4 Essential Mobile Travel Apps

/in /by

You don’t reach Platinum Medallion status on Delta by sitting on your back porch. I got there by schlepping all over the country, from one airport and hotel to the next. And technology definitely plays a major role in making my trips more manageable.

I swear by the following apps:

Tripit is a free app that keeps your itineraries easily available on your smartphone and gives you instant access to any information you might need on the road, even when you can’t connect to the Internet. (Flight times, confirmation numbers, and even maps.) Email your receipts from airlines, hotels, and rental cars to your TripIt account, and this highly intuitive app organizes the information by date and time.

FlightTrack costs $5, and it’s the best app out there for tracking flights, with beautiful, zoomable maps and real-time departure schedules, delay updates, and gate numbers at a glance. FlightTrack will alert you to cancellations and even help you find an alternate flight. Full international coverage means you can track flights worldwide. FlightTrack works in tandem with TripIt.

AroundMe is a free app that quickly provides information about your surroundings. How many times have you needed to find the closest gas station? AroundMe identifies your position and shows you a complete list of all nearby businesses in a selected category, including banks, bars, gas stations, hospitals, hotels, movie theaters, restaurants, supermarkets, and taxis. Each listing includes distance from you, a map, and directions, plus you can easily add the information to your contact list or email it to a friend.

Yelp has a free app for your iPhone that can help you find whatever you need when you’re on the road, whether it’s a burrito joint that’s open right now, the closest Irish pub, or a gas station that you can drive to before your tank hits empty. You can search for places to eat, shop, drink, relax, and play, and read reviews from an active community of locals. The iPhone’s built-in location finder makes it easy to search for places nearby. This is similar to AroundMe, but I always use Yelp for restaurants because of the detailed user commentary.

There are thousands more in this category. Some work better than others. What travel apps do you use?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Criminal Hackers Responsible For Most Data Breaches

/in /by

According to the Identity Theft Resource Center, there were at least 662 data breaches in 2010, which exposed more than 16 million records. Nearly two-thirds of breaches exposed Social Security numbers, and 26% involved credit or debit card data.

The ITRC elaborated, “Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events that occur. It is clear that without a mandatory national reporting requirement, many data breaches will continue to be unreported, or under-reported.”

The majority of these attacks were malicious hacks or insider theft, rather than the result of employee errors. InformationWeek reports, “Some states, but not all, have data breach notification laws, which require any organization that suffers a breach to notify that state’s affected residents. Interestingly, the ITRC found that information about 29% of the 662 reported breaches for 2010 could be credited to authorities in those states.”

The Privacy Rights Clearinghouse’s Chronology of Data Breaches found that more than 500 million sensitive records have been breached in the past five years. Examples of incidents in which personal data is compromised, lost, or stolen include “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

Cases of identity theft are skyrocketing, and 32% of all identity theft victims had their Social Security numbers compromised.

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using those numbers to open new financial accounts, or to obtain credit cards, mobile phones, or even bank loans. Some victims have had their mortgages refinanced and their equity stripped.

To protect yourself from a similar fate, you can:

1. Refuse to provide your Social Security number.

2. Invest in an identity protection service. There are times when you cannot withhold your Social Security number, but an identity protection service can monitor your personal and financial data. McAfee Identity Protection provides alerts if your information is misused, credit monitoring and unlimited credit checks, and if necessary, identity fraud resolution. (For more information, visit CounterIdentityTheft.com.)

3. Protect your PC. McAfee Total Protection software provides the most effective protection of the data stored on your computer against virus, online and network threats.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss the use of Social Security numbers as national identification on Fox News. (Disclosures)