What It’s Like To Have Your Home Robbed

/in /by

Recently, I worked with a Fox News reporter in Boston on a story about home burglaries and home security systems. The victim in our story states “I see the big smashed in window, glass everywhere,” says David Barstow of Methuen.

While his family was gone for only a couple of hours, a group of teens ransacked and burglarized his home. “It’s that sick feeling in your stomach,” he said. “What if my wife and daughter ever walked in here and they were still here?”

There is a feeling of overwhelm and “what if” that comes from any intrusion such as this. Unfortunately, these feelings sometimes never go away.

David went onto say “Instead of closing your blinds and saying thank God it wasn’t me, it’s going to be you next,” says David “who managed to catch the guys who broke into his house when the crooks returned to his neighborhood to grab some of the loot they left behind. Home security at this house has become a top priority.”

Home security should be a top priority in your home too. I know David’s home security system was installed after his family’s home was burgled. Studies show many people install a system after something bad happens.

It doesn’t have to be that way. Security is about being proactive. Not reactive. Be proactive.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™   on Fox News.

Mobile Apps Are Leaking Data on You

/in /by

Tracking users is all the rage. A battle is being waged over our data, and there are several parties involved in this fight. We voluntarily offer our data to various companies, only to discover that they are using it in ways that we never anticipated.

Smartphones have become almost an extension of ourselves. They are as integral to our lives as clothing. I have mine clipped to my suit when I’m working, jeans when I’m shopping, and pajamas when I’m lounging. And then, of course, it’s on the nightstand when I’m sleeping. It’s even right outside the shower.

And then there are the applications. Most people spend more time navigating their apps than actually making or receiving calls.

The Wall Street Journal found that many app developers haven’t been upfront with their intentions:

“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”

One developer of online ads and mobile apps declared, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.” The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy.

So what to do? Privacy concerns are justified, but what can be done with this data, other than ad targeting? Not much. I don’t see any fraud or identity theft happening as a result of this. They aren’t going to try to sell you anything by cold calling you, and hopefully they’ll refrain from emailing sales pitches.

If you want to cleanse yourself of this type of tracking you can delete and avoid apps, or you could provide false information, but that could violate terms of service, and might even be a useless tactic.

The best you can do is try to understand what you are giving and what you are getting in return, and make conscious decisions as to whether the tradeoff is worth it to you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses leaky applications on Fox News. (Disclosures)

Online Dating Sites a Haven For Criminals

/in /by

I’m weird. I know this because people tell me all the time. They tell me I’m weird because I like to do things that most people don’t. I like to do things that are different, and different usually means weird. One of my little weird things is posing as a woman. Yup. Read on.

I like to expose the flaws in our systems, to find what makes us vulnerable. Much of my “research” (or my “antics,” as some would say) is prompted by my desire to learn more about the scumbags of society, who prey on others.

So I sign up for online dating sites, create a profile as a woman, and wait for men to contact me. My research has led me to discover some particularly shady methods scammers use to target emotionally vulnerable victims. The most common is an advanced fee scam involving a wire transfer.

A divorced mother of three in Britain was taken for £80,000 by a scammer posing as a US soldier. It began when a man who called himself Sergeant Ray Smith introduced himself on a dating website. Soon they were chatting and emailing regularly, and then he was calling her on the phone and asking her to wire him money.

Twenty years ago, online dating wasn’t even a thought. Ten years ago, it was weird. Five years ago, it was new and exciting. Today, it’s as normal as milk and bread. If you are looking for a mate online, you will eventually find someone. Most of my friends who’ve tried it were successful. But by the time a new technology becomes normalized, scammers, who are usually ahead of the curve, are lying in wait. As online dating gradually gained popularity and acceptance, scammers were coming up with ways to take advantage and perfecting their craft. And now it’s a full-time job for them. They know all the new scams and come up with better ways of executing the old ones.

It blows me away that these scams are even possible. In many cases, the same scammers maintain multiple profiles on different dating sites, and the dating sites do almost nothing to prevent or police this.

We caught up with anti-fraud provider iovation to see what dating sites around the world were reporting about fraudster activities.

In the last 90 days, 230,000 fraud and abuse attempts were reported to iovation from dating sites alone, including:

•   Spamming – 90,000

•   Scams and solicitations – 30,000

•   Inappropriate content – 20,000

•   Chat abuse – 17,000

•   Profile misrepresentation – 15,000

•   Credit card fraud – 14,000

•   Identity mining / phishing attempts – 12,000

iovation has many more categories specific to dating, including bullying, account takeovers, under age members, and so on. What’s unique to their globally shared system is that their clients can choose what to take action on or not.  For example, a dating site may choose to not care about cheating in online gaming sites, but set up rules to trigger multiple account creations looking for profile misrepresentation.  Dating sites can specify which type of behavior to protect their users from.

If more sites incorporated device reputation checks for suspicious computer history and investigated for characteristics consistent with fraudulent use, they’d be able to deny criminals, often before the first time they tried to sign up.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Safe Personal Dating on Tyra. (Disclosures)

Honesdale PA State Police Issue Burglary Prevention Tips

/in /by

The WayneIndependent reports that due to a higher degree of burglaries that citizens should be proactive and protect their properties.

Here is an abridged version of their safety tips with my spin:

Walking in on a burglary?

DO NOT ENTER — a trapped burglar is dangerous. DON’T try to capture him yourself.

Call the police immediately. Always protect the scene — vital evidence may be destroyed needlessly.

If the burglar is caught, testify against him.

Doors/Windows

Lock your windows and restrict the opening to a maximum of four inches. Make sure your basement windows are outfitted so entry through them is prevented.

Equip your exterior doors with good locks. If you don’t have a solid core door install a double-cylinder, dead-bolt lock which requires a key both inside and out. Make sure this is allowed by fire officials.

DON’T leave door keys in mail chutes, under doormats or on top of door frames

While gone for and extended time

Stop deliveries and have a dependable neighbor clear your porch of all items.

Arrange to have your immediate neighbor watch your house while you are away. Leave a key with them and a telephone number where you can be reached in an emergency.

Garages

Keep your garage locked. Remove the keys from your garaged automobiles. Close your garage door each time you leave, even though you may be gone for only a short time.

Consider unplugging the electric opener.

Lighting

Install approved, automatic timers. These can be set to turn on a light in your home at a time when are expected to be on. It will also turn off the light at your normal retirement hour.

A constant light in a room which cannot be looked into from the outside, such as a bathroom, is a good idea.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Being Proactive Isn’t Living In Fear — Smart Home Solution

/in /by

Occasionally, I’m chided by naysayers who accuse of promoting the FUD: fear uncertainty and doubt. They rattle off statistics that point to the chances of something bad happening is slim and one should not be concerned about such issues.

They are right, the stats are correct, and they are wrong, you should be concerned, but not overly. Regardless, directives towards belittling an issue I speak of is generally aimed at their own insecurity they fear addressing.

In their minds they know it’s something they need to deal with but one they’d prefer not because it’s easier to chastise me and minimize the event than it is to address it head on and be proactive in that manner.

The underlying excuses I’ve heard over and over again point to 2 cop-out procrastinating terms including “it can’t happen to me” and “I don’t want to be paranoid.”

To dispel “it can’t happen to me”

Unless you live in a bubble that protects from gamma rays, it can happen. While chances might be slim of any crime occurring, there is still enough of a chance that it will. For evidence just look in your regional or local police blotter and see how many it happens within a 5 miles radius of your home.

To dispel “I don’t want to be paranoid.”

Heck, I don’t want to be paranoid either. And I don’t wish you to be.

To define paranoia: “Paranoid personality disorder is a psychiatric condition in which a person has a long-term distrust and suspicion of others. People with paranoid personality disorder are highly suspicious of other people. As a result, people with this condition severely limit their social lives. They often feel that they are in danger, and look for evidence to support their suspicions. People with this disorder have trouble seeing that their distrustfulness is out of proportion to their environment”

Paranoia is a loss of control and persistent overwhelm. Taking control of one’s personal security is the complete opposite of paranoia. It’s a balanced perspective knowing that yes, these things do happen, chances are slim they will happen to me, and I’m going to be proactive and do my best to prevent it.

No sense in living in fear. But being proactive, that should be common sense.

Be proactive with the help of ADT Pulse™, a new interactive smart home solution that goes beyond traditional home security to provide a new level of control, accessibility and connection with the home.

Connectivity and interactivity are driving the way people live and manage their smart homes. ADT Pulse™ provides customers with anywhere, anytime access to their home via smart phones or personal computers, including an iPhone application to:

• Arm and disarm their home security system.

• Get notified of alarms and selected events via email and text messages as well as video clips.

• View their home through cameras and watch secure real-time video or stored video clips of events from monitored areas of the home.

• Access lights and appliances or set schedules to automate them.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Shoring Up National Cyber Security Infrastructure

/in /by

The wild, wild web is the most exciting, alluring, and all-around awesome thing available to us today. It’s also something we have come to rely on to a fault. And that’s a little scary. The Internet is a decentralized wilderness, used by billions of devices worldwide.

Joe Lieberman, chairman of the Homeland Security and Governmental Affairs Committee, introduced a controversial bill designed to empower the United States to shut down the Internet, explaining, “For all of its user-friendly allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from personal bank accounts to key infrastructure to government and industrial secrets, our economic security, national security and public safety are now all at risk from new kinds of enemies — cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals.”

Regardless of the politics behind the issue, shutting down the Internet would have dire consequence on everything from electricity, water delivery, transportation, and food production. We simply aren’t prepared for that kind of shift.

But the question remains, how do we shore up our nation’s critical infrastructure against online attacks?

States, governments, and corporations are investing billions in online infrastructure. Thousands of cyber security professionals are being trained to keep us safe. I can only hope that many are decentralizing their systems in order to become self-reliant if necessary.

While technologists and government leaders are sorting this out, the weakest link in the chain is still…drum roll, please…you.

Corporations and government agencies are legally required to secure their systems, at least minimally. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure, but this alone is inadequate.

If you buy a bike for your child, for example, it’s up to you to teach him to ride safely, and to require him to wear a helmet. In many places, children are legally required to wear bike helmets. Similarly, you can’t drive a car without a license, and you can’t get that license without proper training.

It should be the same with technology. Before you come to rely on a smartphone or PC, you ought to receive training on how to use it securely. I have enough faith in people to believe that if we truly understand the consequences of inaction, we’ll come together and act to resolve whatever problems we face. We need to get together on this issue and do something about it…like, yesterday.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses the possibility of an Internet crash on Fox Boston. (Disclosures)

One In Seven Social Security Numbers Are Shared

/in /by

More than 20 million Americans have multiple Social Security numbers (SSNs) associated with their name in commercial records according to a new study announced in December from ID Analytics, Inc. The study found that rather than serving as a unique identifier, more than 40 million SSNs are associated with multiple people.

6.1 percent of Americans have at least two SSNs associated with their name.  More than 100,000 Americans have five or more SSNs associated with their name.

Dr. Stephen Coggeshall, chief technology officer, at ID Analytics said. “Most of these cases of duplication are likely due to simple data entry errors as opposed to deliberate falsification. Nevertheless, organizations expose themselves and their customers to risk if they solely rely on the SSN to verify an individual.”

ID Analytics analyzed 290 million Social Security numbers, and found that 1 in 7 are associated with more than one name. Anywhere from 3-4 million names are directly used to commit fraud.

MSNBC reported the same study showed 140,000 SSNs are connected to 5 or more people and 27,000 SSNs are connected to 10 or more people.

Some of these secondary SSNs are the result of typos where an administrator may incorrectly enter a digit and then that secondary SSN is now connected to a person’s credit going forward.

In other cases it is deliberate fraud. When the same person is shown using multiple Social Security numbers on purpose then a flag is raised.

Consumers often find out their SSN is compromised as a result of being denied credit or when bill collectors call them for non payment.

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Online Credit Applications Ripe For Fraud

/in /by

We currently rely on easily counterfeited identification, and we transmit credit card applications using the phone, fax, Internet, or snail mail, all of which are relatively anonymous methods.

Fraudulent credit card applications are the most lucrative form of credit card fraud. Identity thieves love credit cards because they are the easiest accounts to open, and they allow thieves to quickly turn data into cash. Meanwhile, consumers don’t find out that credit cards have been opened in their names until they are denied credit or bill collectors start calling.

Identity thieves use any number of tricks to fool banks, retailers, and creditors into approving their online credit applications, extending credit that leaves the creditor on the line for losses.

It doesn’t need to be this way.

Instead of simply verifying the identification provided by fraudulent applicants, newer technologies allow creditors to verify the reputation of the computer or smartphone being used to submit the application. By instantly evaluating a device’s history for criminal activity, creditors can prevent fraudulent transactions.

“In addition to telling businesses that a single device has been involved in fraud, iovation can also determine if that device is associated with bad activity through its associations,” said, Jon Karl, VP of Corporate Development for iovation.  “Beyond fingerprinting and reputation, we provide our clients with early warnings about devices visiting their website in real-time, based on the behavior of devices and accounts associated with that device.”

Device fingerprinting and device reputation analysis help identify bad guys during the application process, allowing creditors to avoid more expensive solutions.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosure)

Lost or Stolen Mobile Can Lead to Identity Theft

/in /by

We lose stuff. You put something down, you get distracted, you forget about it and it’s gone. Stuff falls out of pockets and bags all the time. I’m one of those people that’s so smart, I’m stupid and absent  minded when it comes to my stuff. Where’s my wallet, where my keys, where’s my phone? After 40+ years I have a system of where I put my stuff, but it’s far from perfect.

At Oktoberfest many smart stupid people lost stuff including 410 wallets, 4 wedding rings, 1 toaster, 1 set of dentures, 1 prosthetic leg and 320 mobile phones. I could easily be a one legged, toothless, ringless mess who lost his mobile and wallet.

That’d be me hoppin around trying to make a call worried if my wife would be more upset I lost my leg or ring. NO MORE OKTOBERFEST FOR YOU!

While wallets are problematic, phones are the biggest issue here. Number of phones left in taxis every 6 months = 3 per taxi. Number of phones stolen in London alone = 120,000 a year!!!

Your phones transmit almost 17 billion texts per day, then 52% of us store passwords on our phones, 87.5 million of us bank on our phones and I bet even more of us have naked pictures on there… of our pets.

Much of this loser-ness can lead to identity theft if that mobile falls into the wrong hands.

So what are your options for protecting your digital life extension?

Invest in a service that locates, locks, wipes and when you get a new phone, restores your data.

McAfee WaveSecure will:

# Remotely lock down your device. Wipe out important data stored on your mobile to protect your privacy

# Back up your data from your phone or remotely on the web. Access your data online from anywhere. Restore your data to a new phone

# Locate your lost phone and plot the locations on a map. Track SIM cards inserted and phone calls made to help get your lost phone back

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Fake Cops Home Invasion — Respecting Vs. Trusting

/in /by

We live in a society that has many rules. We need rules because without rule, we’d devolve into chaos. Those rules are often broken by those who believe they are above them or are simply so desperate that they need to break them to get their next fix.

Some of these rules are more “guidelines” than they are law. One rule that makes it difficult for us to see the truth sometimes is “respect authority”. Authority is generally granted to those in a trusted position and comes in many forms such as a teacher, coach, politician, priest and law enforcement.

Unfortunately, those given the responsibility of authority are human, and humans are flawed, and too often when put in a position of power and authority they abuse it or simply can’t’ handle it.

In the past 24 hours in the news, I’ve seen a teacher who fought a kid, a cop who lost his badge, a politician so full of himself he sent semi-clad pictures of himself to a woman not his wife, and a confession by clergy to stop abuse.

This brings me to my point:

Home invasion by three men dressed as cops: “The trio turned up at a house dressed as police officers and claiming to have a search warrant, all black clothing with bullet-proof vests, even pulled up to the home in a vehicle that had a red flashing light and a siren, police said. Once inside, they used plastic ties to handcuff the six occupants and locked them in a room in the basement, police said. The fake cops then ransacked the home in search of cash. Several hours later, when the bandits had fled, the victims managed to free themselves and set of a house alarm.”

It is important to respect the position of the title. Everyone deserves some respect until they don’t. But, to blindly trust the person behind the title/uniform/badge etc, can get you hurt.

To question authority is not to revolt, but to decide for yourself if they should be trusted. And if your home alarm is on all day while you are home as it should be, and someone knocks on the door for any reason, contact a supervisor to confirm the legitimacy of the visit.

Don’t just trust. Trust needs to be earned.

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.