Montana Town Sees Significant Rise in Identity Theft

Montana is “Big Sky Country.”  With guns, beer, fishing rods, and meat are sold at gas stations, some argue that it should be called the “Don’t Mess With Me” state.  Butte, MT had Evel Knievel, and he was one tough cookie.

And Butte, like many cities and towns across the country, is facing an identity theft epidemic. The Butte police recently received a staggering 135 identity theft reports in one week!

The Montana Standard reports, “Sheriff John Walsh said the Secret Service suspects the identity thefts may have occurred earlier this year and that the charges are just starting to be made. The unauthorized purchases are common this time of year because it’s the holiday season and clerks are often too busy to check for proper identification, authorities said.”

Walsh has been a victim of credit card fraud himself, with his debit card being used to run up about $900 in fraudulent charges at grocery stores, restaurants, and other businesses.

This type of fraud generally occurs when a bank or retailer’s server is breached. Customer accounts stored on the server are then taken over and used for unauthorized transactions. Your information could be compromised today, but the identity thief might wait months before using it to make the first fraudulent charge.

It’s very important to pay attention to your statements and refute any unauthorized charges immediately. Legally, you are only protected for up to 60 days after an unauthorized charge on your credit card, and an even shorter length of time for unauthorized debit card transactions. Reconcile your online statements weekly, and shred paper statements before discarding.

McAfee Identity Protection includes proactive identity surveillance, which monitors for subscribers’ credit and personal information in online black market forums. Subscribers have access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Data Leakage is a Correctable and Solvable Problem

WNYT.com reports “the Social Security Administration in New York City says that 15,000 Social Security numbers were stolen by a subcontractor who was working in Office of Temporary Disability Assistance making computer infrastructure upgrades.”

In this case the culprit is a subcontractor and succeeded either because he had the contractor’s credentials/passwords and/or the files containing the SSN info weren’t encrypted.

The problem with protecting only with userid/passwords is well understood. Passwords are generally 123456 or otherwise easily cracked. Even if the password is a good one, chances are it is used on dozens of other sites that don’t do a good job of protecting it.

In this case the password gave a “good guy” access and he went rougue.

Some organizations think that deploying Full Disk Encryption (FDE) or File and Folder Encryption (FFE) provides them the desired security level. The point often missed is that even with Full Disk Encryption or File and Folder Encryption in place, users with correct credentials can access, copy, transfer/download to USB sensitive data without any problem.

I’ve said this before and I’ll say it again: Zafesoft can prevent such incidents from both of the above. Company administrators can remove access for a suspected malicious insider at any time and even if they have the physical file with them, it’ll be in encrypted format which they won’t be able to open.

Secondly, the Zafe technology travels with the information so they wouldn’t have been able to open the files even they were a legitimate user unless they were also using an approved laptop that has been registered and authorized with the company.

Moreover the moment they copied the data and tried to open it on a non-authorized laptop an alert would have gone to Company administrators alerting them of a possible theft and they could have prevented the incident from happening.

Robert Siciliano is a Personal Security and Identity Theft Expert. See him discussing another databreach on Good Morning America. (Disclosures)

5 Ways to Update Your PC for the New Year

Out with the old and in with the new. In my household, closets, cabinets, and drawers are purged and reorganized during the last two weeks of December. Anything that hasn’t been used in the past year, is tossed, donated, or recycled. I rarely put anything into storage, since that generally means I’ll never use it again. This process makes room for new Christmas gifts, and clearing out stuff clutter also helps disperse mental clutter.

During the first two weeks of January I do the same thing with gadgets and technology. To get your PC organized and efficient, follow this process:

1. Go through your files, deleting and organizing as necessary.

2. Back up your data. McAfee offers unlimited online backup for $5 a month. For local backup, the 2TB Western Digital MyBook for $99 can’t be beat.  I use both, plus redundant local drives, and I keep them in sync with GoodSync. Including online backup, I have three to four versions of every file.

3. Organize your software. Gather all the disks and serial numbers and back them up in two or three locations. I have all my software on CDs or DVDs, and I’ve also ripped (ripping is the process of copying audio/video/software to a hard disk) into organized folders on external drives. This includes all your drivers, recent versions of browsers, antivirus and anti-spyware software, and any free applications you use.

4. Download and run Belarc Advisor, a free utility that takes a snapshot of your entire system and tells you everything that’s installed, including serial numbers, and helps you identify bloat (bloat is when computer programs have many unnecessary features that are not used by end users). Print it out or turn into a PDF with free PDFCreator.

5. Reinstall your operating system. (This is easier than it sounds.) Reinstalling your operating system every year or two eliminates bloat and malware and speeds up your PC. Once you’ve followed the first four steps, the reinstall process is easy and efficient. It sometimes takes a second try to get it right, but once it’s done it’s done. Just search online for your operating system’s reinstall requirements. It is always best to have a second Internet-connected PC at your disposal, so if you do run into problems you can search for help online. Once the reinstall is complete, go to “Windows Update” in your control panel or programs menu to update your operating system’s critical security patches.

If you elect not to reinstall your operating system, at least complete the first four steps, and then proceed to “Windows Update.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking hotels on CNBC. Disclosures

Home Invasion Victim Shot With His Own Gun

Years ago, I appeared on the Maury Povich show to discuss weaponry. The producers called me to discuss a show they had in mind where the shows subjects were those facing jail time or in jail because they killed their attackers.

In each case, it was their word against a dead mans. Some of the subjects were victims of domestic violence where others were victims of home invasions or stalking. The producers asked me what the subjects could have done differently so they wouldn’t be facing jail time. My response was “use non-lethal weapons” opposed to lethal such as guns or knives.

While I believed this was (and still is) a sensible alternative, I was booed and ridiculed. Even Maury thought my suggestion was poor. I further suggested placing non-lethal weapons like pepper spray strategically throughout the home as a layer of defense. Again, I was ridiculed. It’s not that I’m anti-gun, it was, and is an alternative. Another option.

I know that you don’t bring a knife to a gunfight. I understand non-lethal doesn’t always work. I get that people love their guns. I also know that when you kill someone it’s your word against a dead mans and facing life in prison is an option even when you shoot and kill an intruder in your own home.

Plus, there is always the chance that the same weapon can be used against you.

The New York Times reports that a “New York man suffered a bullet wound to his leg after being shot with his own gun during a struggle with an intruder when a man entered his home through an unlocked door around 9:30 a.m. The homeowner grabbed a .22-caliber rifle and confronted the intruder. Police say the two men got into a struggle, during which the gun went off, striking the homeowner in the lower leg. The intruder stole property from the home and fled.”

Call me crazy, but first, have a home security system that helps prevent the home invader from getting in. And while I’m sure there are plenty of stories that involve the homeowner shooting a killing the home invader, there are as many where the homeowner was shot with his own gun. What do you think?

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Maury Povich.

10 Tips to Post Holiday Home Security

For Christmas, one of my neighbors got a 60 inch LCD screen TV. I saw the same TV at Costco for $2000.00. Another neighbor got a Mac Book Pro. I saw this online for $2000.00. Another neighbor got a Nikon Digital SLR camera, and I saw this at Amazon for almost $900.00. These are neighbors I’ve never spoken to, ever. I know this because the boxes were prominently displayed in their trash like trophies one would put on a mantel in their living room.

Trash day is coming and burglars may case your neighborhood looking for boxes where electronics such as computers, flat panel TVs, game consoles and other re-saleable items are. Then, while you are at work, they just break into your home and take it.

It’s pretty obvious whose home and who is not when the lights are off or there is no car in the driveway. All a burglar has to do is ring a door bell to see of you are actually home. If no one answers they jiggle the door knob to see if it’s locked or not.  If it’s locked they will head to the back door and jiggle that.

Many times they will walk right in because people are often irresponsible and leave the doors unlocked because they believe “it can’t happen to me”. If the doors are locked they may try a few street level or basement windows. Brazen burglars will not waste any time and may break glass or use a crowbar and forcibly enter the residence.

For post holiday security, use these home security suggestions:

  1. Lock your doors and windows
  2. Install a monitored alarm system. Consider ADT Pulse.
  3. Give your home that lived in look
  4. Leave the TV on LOUD while you are gone
  5. Install timers on your lights both indoor and outdoor
  6. Close the shades to prevent peeping inside
  7. Use defensive signage
  8. Store item boxes for at least 90 days because if you have a defective product you will need the box for a return
  9. After 90 days tear up the box so it’s undistinguishable then recycle or put it in a black trash bag
  10. Update your home inventory. This is a good time to catalog/document/video tape what you own. Contact your insurer to discuss what they need to properly insure your new gifts.

Robert Siciliano personal and home security specialist to Home Security Source discussing burglar proofing your home on Fox Boston.

10 Considerations When Choosing a Home Security System

1.    Do some research. What is the installer’s reputation and history?  How large is the company?  How many current customers?  Is it local or nationwide?  Is their primary business security?

2.    How “new” is the home security product? Today’s home security systems are far more superior than those available in past years.

3.    Does the home security company offer monitoring? A reputable home security company should provide its own central station monitoring instead of having another company monitor for them.

4.   Does the home security company have redundant monitoring facilities? Make sure they have backup monitoring centers throughout the country in case of natural or manmade disaster.

5.   Does the home security company’s monitoring facility have back-up power? Find out if the monitoring facility has gas or electric-powered generators – as well as battery back-up to ensure that monitoring continues despite power failures.

6.    Spend time thinking about the “amount” of security you need. The basic elements of a standard system include a key pad, a control panel, a siren, an inside motion detector, at least two door contacts, as well as connection to a central monitoring station for around the clock coverage. I’d recommend cameras too.

7.    Secure your home from “hidden” household dangers. Equip your home with effective smoke, fire, carbon monoxide and flood detection systems.

8.    Ease-of-use and convenience to ensure a high level of usage. Be sure to choose something that can be armed and disarmed easily by all family members.

9.    Make sure the system you install has a battery back-up. If the power goes out, you want the monitoring and protection continuous.

1.    What other benefits does the company offer?

# A money-back service guarantee?

# Guarantee against theft?

# A relocation package so a new security system is installed in case you move?

# Is there a Web site that provides customer service?

# Is there a website that you can access your system and control it remotely?

Be sure to spend time with your security specialist to develop a security plan and system that meets you and your family’s specific needs.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

2010 Saw Dramatic Rise In Home Invasions

Maybe it’s the economy or maybe people are just getting nuttier, but my news alerts have been pouring in describing horrific home-invasions with many resulting in growing levels of violence.

In some places, there is a correlation between home invasions and organized crime, drugs, prostitution and gambling.

In Calgary, our neighbor to the north, the Calgary Herald reports “The violent home confrontations typically see victims assaulted, threatened and bound with duct tape, plastic zip ties or rope while thieves ransack their homes for cash and valuables.”

It seems that home invasion has become a crime that knows no boundaries.

The pseudo good news is in 2/3rd of the home invasion cases the parties involved (invaded and invaders) were heavily into lowlife activities. So if you are not dealing drugs or involved in gang activity then you’re less susceptible.

However in almost 1/3rd of the cases the victims were people who kept large sums of money in their homes. So if you are a person who stuffs your mattress with cash you are more vulnerable.

If you fit into the category of mattress stuffer:

#1 Put your money in the bank! It makes no sense to have wads of cash around. Even if it’s in a safe, a home invader will force you to open it.

#2 If you insist on having wads of cash around then tell no-one! Home invaders are often deprived people in a position of trust who turn on their victim.

#3 Take some of that money and invest it into a home security system. For about a dollar a day your home can be fully monitored and alarmed.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Montel Williams.

10 Security Tips For Holiday Shopping

1. During the holidays, criminals engage in “black-hat SEO,” wherein they create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising via Google AdWords. They use keywords to boost rankings on Internet searches, causing their spoofed websites to appear alongside legitimate websites. These same processes are also used to infect unsuspecting users with malware.

2. Many victims who wind up on malicious websites when holiday shopping have found their way to these sites via phishing emails, which offer high-end products for low prices. It’s easy enough to avoid this. Common sense says that whenever you receive an unsolicited email offer, you ought to automatically be suspicious. The same applies to any offers received through tweets, or messages sent within social media. Scammers are committing social media identity theft everyday. If you aren’t familiar with the online retailer behind an offer, don’t even bother clicking a link, especially if the offer sounds too good to be true.

3. If a familiar and trusted website sends you an email offer and you decide to click, make sure you’ve been taken to the correct URL for the retailer. Beware of cybersquatting and typosquatting, in which the address only resembles the legitimate domain.

4. When placing an order online, always look for “https://” in the address bar, signifying that a page is secure. Scammers generally don’t take the time to create secure websites. Note that an image of a closed padlock also indicates that a website is secure.

5. Beware of emails from eBay scammers. I’ve been getting ten a day. The fact is, it’s difficult to tell a real eBay offer from a fake one. If you are seeking deals on eBay, go directly to the site itself, and don’t bother responding to emails. If a deal in an email is legitimate, you can find it by searching eBay.

6. Whenever you decide to make an eBay purchase, look at the seller’s history. eBay is based on the honor system. If a seller is established and has a record of positive feedback, they should be trustworthy.

7. Don’t worry about credit card fraud. But do pay close attention to your statements. Check them online at least once every two weeks, and refute unauthorized charges within two billing cycles, otherwise you will pay for an identity thief’s shopping list.

8. Don’t use a debit card online. If your debit card is compromised, that money comes out of your bank account directly and immediately. Credit cards offer more protection and less liability.

9. Avoid paying by check online. It’s fine to use checks in person, but when using an unfamiliar virtual website, it is not. Once money has been taken from your account and the goods, you’ve ordered fail to arrive, getting it back proves difficult if not impossible. Use a UniBall gel pen to prevent check washing.

10. Do business with those you know, like, and trust. I, for one, am guilty of buying from retailers who offer the best deals. But I only buy low-ticket items from unfamiliar sellers, generally spending less than $50. It’s best to buy high-ticket items exclusively from retailers that also have brick and mortar locations.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto, and he is running the Boston Marathon in April 2012 to support Miles for Miracles for Children’s Hospital Boston.

Traveling for the Holidays? Get The “My TSA” iPhone App

Each holiday season, the TSA prepares its workforce of 50,000 transportation security officers to provide a smooth experience for holiday travelers. Since this is the busiest travel time of the year, the TSA is reminding passengers of the security procedures in place, so you know what to expect before leaving home.

Children: The TSA has implemented new procedures for passengers age 12 and under. Pat-downs will be reduced, although not eliminated, to resolve parental alarm without sacrificing effective security. Children are also permitted to leave their shoes on at security checkpoints.

Liquids: Families or individuals traveling with medically necessary liquids can use Family Lanes for a more pleasant travel experience. There are Family Lanes at every security checkpoint, allowing families and travelers with special needs to go through security at their own pace. Individuals carrying medically necessary liquids, gels, and aerosols in excess of three ounces will also be directed to these lanes.

Food: Everyone either wants to bring a favorite food to their holiday dinners, or leftovers or other items they’d like to bring back home with them. Travelers should know that while pies are permitted through security checkpoints, the following list of liquids must be checked, shipped, or left at home:

  • Cranberry sauce
  • Creamy dips and spreads (cheese, peanut butter, etc.)
  • Gift baskets containing liquid food items
  • Gravy
  • Jams
  • Jellies
  • Maple syrup
  • Oils and vinegars
  • Salad dressing
  • Salsa
  • Sauces
  • Soups
  • Wine, liquor, and beer

The Transportation Security Administration’s “My TSA” iPhone app, which you can download for free through iTunes, provides real-time operating status updates for U.S. airports from the Federal Aviation Administration, allowing you to check approximate wait times at security checkpoints, flight delays, and weather conditions. You can also share your wait times with others, and provide immediate feedback to the TSA concerning your checkpoint experience. It includes a tool to quickly confirm whether an item is allowed in carry-on or checked baggage, plus information about ID requirements, restrictions on liquids, and tips for packing and dressing to speed up the process of going through security checkpoints.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto, and he is running the Boston Marathon in April 2012 to support Miles for Miracles for Children’s Hospital Boston.