Big Game Scores Big For Scammers

Internet criminals follow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays, and the change in seasons. They further capitalize on significant events and natural disasters.

On Super Sunday weekend much of the scamming taking place is designed to separate the public from their money using the Big Game as the lure. People are seeking information on the Game and are being tackled by criminals who steal the ball.

The promise of cheerleader-filled videos along with downloadable player pictures or even Big Game memorabilia will dominate the scamverse.

Don’t get taken:

Ticket scams abound: Auction sites and Craigslist are ground zero for Scammers who buy up a few expensive tickets and, because many tickets are printed at home, the scammer just makes copies and resells the fakes to desperate buyers online or at the game.

Social media scamming: Bad guys who pose as legitimate individuals or businesses offering up Super Sunday media and post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.

Search poisoning: Scammers lure victims to their scam sites via search engines. When a website is created and uploaded to a server, search engines index the scam sites as they would any legitimate site. Doing a Google search can sometimes lead you to a website designed to steal your identity.

Zombie PCs: A botnet is a group of Internet-connected zombie personal computers that have been infected by a malicious application, which allows a hacker to control the infected computers without alerting the computer owners.

Scott Waddell, Vice President of Technology at iovation states, “Criminals will lure Internet users to malicious sites where malware can compromise their computers, making their systems ‘zombies’ in a global botnet. Identity data on these systems can be stolen and remote fraudsters can monitor the systems to compromise online accounts.”

Solutions like iovation’s ReputationManager 360 can identify fraudulent use of stolen accounts through geolocation rules, velocity indicators associated with identity thieves trying to quickly leverage stolen credentials, and the shared reputation view across more than 2,000 fraud fighting professionals strengthening the system every day.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another data breach on Fox News. Disclosures

Custom Fitting A Home Security System

There is no such thing as one size fits all. Today, we have more variety and choice than in the first 1950 years of modernity combined. Why? Because we want it! Transportation fueled by oil and gasoline along with big box retailers and suburbia all transformed life as we know it and choice became an option.

My ADT Pulse system is no different. When the sales person showed me my options, it was like I was 10 years old and he was Santa and I was able to go right in his big red bag of tricks and pick out all the stuff that had been on my list since I was 5!

You wouldn’t think one would get all giddy about a home security system but this is not just home security. It’s home automation that secures your home. We walked through my home and he asked me all kinds of pertinent questions about our comings and goings to help decide on what options would suit us and secure us best.

We discussed all the light switches that I’d want replaced with home automation to be able to turn on remotely and have set to go on when we came home or timed to give the impression we were home when we weren’t.

Next  was all the areas of the home I wanted to install surveillance cameras that would allow me to record and drop in on sections of the house while I’m traveling or even home.

Most importantly, we went through a whole process of thinking like a burglar and determined all the vulnerable areas of the home that needed sensors on doors and windows such as motion and glass break. For me, that was the funniest part. Thinking like a burglar is necessary to prevent a burglar from getting in.

You’d be amazed at the lengths a burglar will go through to get in. And, scaling a 3 story porch and busting through a door or window on a ledge is a welcome challenge for a burglar. I’ve got that covered!

Robert Siciliano personal and home security specialist to Home Security Source discussing burglar proofing your home on Fox Boston

Top 5 Home Burglary Prevention Reminders

Imagine coming home seeing your side door open and some of your stuff on the ground. You wonder what’s happening and think maybe your stupid irresponsible roommate dropped something. But as you look closer the door is smashed and inside the house looks disheveled. Then the sinking feeling of “I’ve been burglarized” sets in. That’s was me.

It was the early 90’s and I had bought my first home at 20 years old. It was a “3 decker” and me and a few friends lived on the first floor and I rented out the rest. It was more of a “frat house” than it was a home. We even gutted a refrigerator and had a keg on tap 24/7/365. Then one night we had a few people over, and they brought a few people we weren’t familiar with.

After an evening of being stupid we headed to bed. Next morning to work. After work reality set in. When I saw what happened, I immediately knew who did it. It was one of the friends of the friend that came to my flat the night before.

Being the “take things in my own hands” 20 years old I was, I went to this person’s house with the police and recovered my stuff. Right after that, I got a home security system.

#1 Secure entrance ways: Burglars often go right through your back or front door. They first ring the bell or knock on the door to see if you’re home, and if you don’t answer they jiggle the doorknob. Lock your doors. Sometimes if the door is locked they will use a crowbar to force it open. Install solid core doors that can’t easily be compromised. Install heavy deadbolts that go deep into the jam with 3-4 inch screws that go into the door’s frame. For sliding glass doors, install an additional wooden dowel preventing the door from being opened from the outside. Make sure your home security alarm has open door sensors.

#2 Windows: When a burglar encounters a locked door they may look for unlocked windows. Lock your windows. As an extra layer of security install a wooden dowel on top of the window to prevent it from being opened. Install window film that prevents the glass from being broken. Install glass break sensors to compliment your home security system.

#3 Lighting: Lighting on the exterior is an effective way to keep the bad guy away. The benefit of additional lighting helps your neighbors to see suspicious activity at night. Include timers on indoor light to give your home that lived in look.

#4 Home Security Systems: Most people install a home alarm after the home is burglarized. Don’t wait to be a victim of crime before you smarten up.

#5 Security cameras: Compliment your alarm with surveillance cameras. I didn’t get cameras until they were affordable. If I had got them years ago, it would have saved a lot of heartache. Today they are inexpensive and easy to install.

Oh, and what happened to the guy who broke into my house? He was arrested and was in and out of jail for the next 15 years. Last time I saw him was when he was on the front page of the Boston Globe because he had cut a woman’s head off.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover

Preventing False Alarms

If you have a home security system, you know the pain associated with false alarms. I have set this thing off at least a 100 times and then I have to run like a gazelle to the keypad to shut it off then wait for alarm central to call me so I can give them a PIN.

Many, if not all of us are guilty of setting off our alarms accidentally. Sometimes we open a door or window that sets it off, other times we mess up the secret code. The result of this mishap is usually a very loud siren and the attention of your neighbors. If you don’t call to cancel in time, then it results in law enforcement showing up.

In many counties, towns, cities and states there are laws and ordinances that impose a fine for false alarms.

1. Have your service provider set up your home alarm system to call your mobile phone first, then your home phone second. If you don’t answer the phone, then, they will call the police.

2. Program your mobile phone with your alarm service provider’s number and call them the second you falsely set off your alarm. Memorize your PIN so you aren’t fumbling for it.

3. Don’t carry your PIN in your wallet. If your wallet is lost or stolen, your address and alarm PIN is in the hands of a stranger.

4. Whenever you are setting up any access for anyone to enter your home while you are gone, your risks for false alarms go up dramatically. Provide specific hands on instruction on how to disable and reset the alarm. Telling someone over the phone how to do it is often insufficient.

5. With the new ADT Pulse system there are 5 ways to turn off the system including a wired keypad, touchpad, iPhone app, remote control and a PC. I have different devices strategically placed throughout the house, so I can easily set and deactivate whenever needed.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

Check Your Credit/Debit Card Statements NOW!

The holidays are over. Your used your credit card in so many places you forget where. Now is when the bad guy may pull up that “skimmed” card number they got from you when they were working as a temp at the mall.

Every time you use a credit card, you increase the chances of that card number being used fraudulently.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Select online shopping websites carefully. Phantom websites exist to collect personal and credit card information. They can appear online any time of the year, but the holidays are prime time. They imitate the look and feel of a legitimate website, and many simply copy the web code from well-known online retailers, right down to the names and logos. You may even order a product and get it. But now they have your card number. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#3 Beware of phishing and vishing. When you used your card, the skimmer may not have picked up the 4 digit CVV security code. You may receive a voicemail or an email requesting that data so the bad guy can complete a transaction.

#4 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano personal and home security specialist to Home Security Source discussing credit and debit card fraud on CNBC.

Who Owns the Online Road?

“Net neutrality” refers to the idea that Internet service providers should treat all sources of data equally. There has been debate as to whether ISPs should be permitted to treat their own content preferentially, or allow certain content providers to pay for faster transmission, creating two tiers of web service. There is also a question as to whether these companies can block or create hurdles to reach content representing controversial points of view.

The New York Times reports, “The proposed rules of the online road would prevent fixed-line broadband providers like Comcast and Qwest from blocking access to sites and applications. The rules, however, would allow wireless companies more latitude in putting limits on access to services and applications.”

A two-tiered web is one in which powerful companies have the ability to play favorites. Major corporations with deep pockets could purchase higher speed service to transmit their own content, while consumers would lack those resources. Some say a two-tiered Internet would bring consumer connections to a crawl. While there probably will be some abuses, I’m sure that if this happens, these abuses will come to light relatively quickly.

What has many up in arms has been the broadband carriers’ attempt to block websites or applications. In some cases those sites may compete with the carrier, or they may be a drain on resources, such as with torrent downloading sites. It doesn’t look like carriers will be allowed to block anything, but this battle is just beginning.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses the possibility of an internet crash on Fox Boston. Disclosures

Front Row Seats When Internet Doomsday Hits Egypt

Most of us would have no idea Egypt had pulled the plug on the Internet unless it was splashed all over the news. However one company called iovation knew right away.

Basically “just like that” the up to 1000 fraud checks they receive every hour out of Egypt dropped to zero. At first glance one would think there was some type of meltdown or maybe Egyptian scammers all of a sudden decided to get a job.

Normally, iovation would see thousands of queries from Egyptian customers interacting with businesses of all types, including social networks, online dating sites, online gaming sites, banks and retailers. Then at about 6:00 pm Eastern time, nothing.

“We’ve got a unique view of the Internet at iovation. Our service experiences the interaction of unique computers and mobile devices from every nation on earth, across a broad swath of Internet commerce,” says VP of Corporate Development, Jon Karl. “When we’re seeing Egypt’s Internet fall off a cliff, it’s at a more precise individual user level rather than just through aggregated online traffic. While transactions from Egypt represent a very small percentage of the queries to iovation’s service, it has a ripple effect that’s felt by a wide variety of our customers.”

NPR reports “Egypt has apparently done what many technologists thought was unthinkable for any country with a major Internet economy: It unplugged itself entirely from the Internet to try and silence dissent. Experts say it’s unlikely that what’s happened in Egypt could happen in the United States because the U.S. has numerous Internet providers and ways of connecting to the Internet. Coordinating a simultaneous shutdown would be a massive undertaking.”

And while experts say it is unlikely in the U.S., a bill is in fact being proposed to unplug the Internet. “Legislation granting the president internet-killing powers is to be re-introduced soon to a Senate committee, the proposal’s chief sponsor told Wired.com.” Scary stuff.

iovation, is headquartered in Portland, Oregon, and has pioneered the use of device reputation to stop online fraud and abuse. The software-as-a service used by online businesses assesses risk of Internet transactions all over the world and recognizes if a device such as a PC, tablet or smartphone has a history of fraudulent behavior.  This helps organizations make educated decisions if they want to do business with the person using the device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses the possibility of an internet crash on Fox Boston. Disclosures

Google Adds Security to Search

The Internet can be a dangerous neighborhood, and safety precautions are a necessity. . IBM Internet Security Systems blocked 5,000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily. The US government servers and sites are targeted 60 million times a day, or 1.8 billion times per month.

While the government fights to protect itself, you and I are on our own, and most civilians are completely unprepared for an attack.

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write, “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” In other words, citizens need to take personal responsibility and start acting securely, rather than expecting it to all be done for them.

But Google is lending a helpful hand.

In December, they posted the following announcement on the Google blog:

“Today we’ve added a new notification to our search results that helps people know when a site may have been hacked. We’ve provided notices for malware for years, which also involve a separate warning page. Now we’re expanding the search results notifications to help people avoid sites that may have been compromised and altered by a third party, typically for spam. When a user visits a site, we want her to be confident the information on that site comes from the original publisher.”

You can see an example of a search result notification here. Clicking the “This site may be compromised” warning brings you to an article with more information, and clicking the result itself brings you to the target website, as usual.

My observation has always been if a person decides to use the Internet, they should take some basic courses via your local adult education offering and read up about how to log in securely . New scams pop up every day, and one has to be aware of their options.

Thanks, Google, for lending a hand.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. Disclosures

Robbers Put Gun To Baby’s Head During Home Invasion

WOW!!!!! Like the baby is going to cause any threat to the pig home invaders.

This happened in Pee Dee which is a region of South Carolina in the northeastern corner of the state. “Pee Dee” who knew? Seems it was named after an Indian tribe. Makes sense.

Anyway CarolinaLive.com reports: “Just before 3 a.m. on a Friday, a woman says she heard someone knocking at her front and back doors to her apartment. According to police, the woman cracked open the door and that’s when four masked, armed men forced their way inside. They made the woman and her baby lie on the floor.  At one point, the robbers put a gun to the baby’s head.

The men demanded money and the woman’s purse. The robbers then put a gun to another woman in the home who was upstairs. They stole $10 from a glass vase and left.”

10 bucks. That’s $2.50 each for the masked invaders. They can each by a bag of Munchos and a Snickers.

Rule #1:  You tell your kids not to talk to strangers; therefore, do not open your door to a total stranger, especially at 3 AM and ESPECIALLY IF HE IS WITH 3 OTHER GUYS WEARING MASKS!!!!!!!!!!!

Rule #2:  You are better off not answering the door at all, keeping the doors locked as they should be and call the police especially at 3AM!!!

Rule #3:  If you have a home security system (which you should) you can always set off the panic alarm in this instance and a call will be made to the police department along with a blaring siren that may deter the masked invaders.

Rule #4:  Learn from this incident. It is much better to learn from others mishaps than to learn from your own.

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.