How To Recover a Hacked Facebook Account

At least weekly some stressed out victim of a Facebook hack a.k.a “account takeover”, contacts me to help them get their account back in order. While I do have a connection or two at Facebook, I’m not in a position to send an email or flip a switch and make it all good just like that. Facebook doesn’t allow that.

The victim of the hack is in the best position to fix it themselves.

First, be proactive. Set up your computer with auto updates for your operating system, anti-virus, anti-phishing, anti-spyware and have a 2-way firewall turned on and lock down your wireless connection.

Facebook offers a number of security features, Use all of them. Take screenshots of your settings and contact info, print them, and store them in a secure place.

Opt-in security features:

Trusted Friends

What are trusted friends?

Trusted friends are friends you can reach out to if you ever get locked out of your Facebook account (ex: you turn on login approvals and then lose your phone, you forget your Facebook password and can’t get into your login email account to receive a password reset). If you get locked out, we’ll send each of your trusted friends a security code. All you need to do is call your friends and collect the codes.

Secure Browsing (https)

What is Secure Browsing (https)? What are the benefits?

Secure Browsing (https) is an opt-in security feature. When you turn this feature on, your traffic (i.e. all of your activity) on Facebook becomes encrypted, making it harder for anyone else to access your Facebook information without your permission.

Login Notifications

What are Login Notifications?

Login Notifications are an opt-in security feature where alerts are sent to you each time your account is accessed from a new device.

To turn on Login Notifications:

Go to your Security Settings page (Account > Account Security > Security)

Click on the Login Notifications section

Check the box next to the type of alerts you’d like to receive and save your changes

Note: If you want to receive text message alerts, you’ll need to add a mobile number to your account.

Login Approvals

What is Login Approvals?

Login Approvals is an opt-in security feature similar to Login Notifications, but with an extra security step. With Login Approvals, each time you try to access your Facebook account from an unrecognized device (ex: any computer or mobile phone you haven’t named and saved to your Facebook account), you will first have to enter a security code we’ve sent to your mobile phone.

To turn on Login Approvals:

Go to your Security Settings page (Account > Account Security > Security)

Click on the Login Approvals section

Check the box and save your changes

If all else fails go here: https://www.facebook.com/hacked this is the system Facebook has in place to help you get your account back regardless of if the hacker changed your email address.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Almost 80% of Retailers Data At High Risk

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Now, after five years of pushing standards out to merchants and retailers, a Verizon study has found that 79% of retailers are noncompliant. That means your credit card data is at risk in 8 out of 10 transactions.

InformationWeek reports numerous reasons why credit and debit card data is at risk. The first is that the burden posed by PCI causes businesses to view PCI as a nuisance, rather than a standard. Instead of working towards better security, they shun it.

Another risk factor is that most merchants only maintain basic compliance. Credit card processors hold merchants’ feet to the fire by requiring that PCI standards be met, but only audit annually so merchants don’t maintain security throughout the year. When it comes time to be audited, merchants will often fail because they’re unprepared or because the rules have changed.

Finally, lack of awareness increases risk. According to Verizon, “the greater awareness of PCI found in a business, the greater the actual compliance.” Jennifer Mack, director of global PCI services, says, “The more aware your organization is of the standard, the more prepared you are for the type of approach you take.” Seems like common sense to me!

No matter how you slice it, retailers are a target and must employ multiple layers of fraud protection to thwart cyber criminals. One way that retailers are uncovering suspicious activity on their site is by utilizing powerful tools for early detection. iovation Inc., the leader in device recognition technology, allows retailers to create multiple rules and adjust them as threats emerge and evolve.  They do this without collecting any personally identifiable information (PII) from the retailer.

As devices (such as computers and mobile devices) with fraudulent histories connect to the retailer’s website, the business is alerted in real time. And when velocity or geolocation alerts are triggered, the retailer knows in real time. iovation’s living database of device intelligence is shared across its global base of finance, gaming, travel, shipping, dating and retail clients. They share information to detect fraudulent activity as soon as possible, before product is shipped and chargebacks and fees are incurred. They call it device reputation.  I call it another bit of common sense for retailers.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

Introducing: 99 Things You Wish You Knew Before Your Identity Was Stolen

Yes, it’s a glorious day with the birth of my new book. I’ve spent 15 years in the trenches, reporting on all issues of personal security. Now I’ve taken what I know about protecting your identity and avoiding fraud and packed it all into 99 tips, a quick read of less than 35,000 words. Now you can also become an expert on how to protect yourself from these horrible crimes.

But I didn’t do it by myself. McAfee, the largest and most trusted name in digital security, helped me. Their teams of threat experts are constantly fighting off the bad guys, and I drew upon their vast experience and research.

In 99 Things You Wish You Knew Before Your Identity Was Stolen, I proactively demystify identity theft and computer fraud by presenting the relevant information surrounding these issues in the form of simple, bite-sized chunks, In order to make consumers, families, employees, and small businesses safer and more secure. Readers will learn the difference between scareware, ransomware and spyware. They’ll learn about the types of cybercriminals, such as black hats, crackers, script kiddies, and hacktivists. And most importantly, readers will learn how to protect their identities, both online and in the physical world.

As millions of consumers begin searching and shopping online during the holiday season, McAfee understands the necessity of spreading awareness of cybercriminals’ tactics and methods for protecting oneself from identity theft and online fraud.

So, from November 9th through the 15th, McAfee will be offering a complimentary PDF copy of my just-released book through Facebook. To get your free copy, click “like” on McAfee’s page.

After November 15th99 Things You Wish You Knew Before Your Identity Was Stolen will be available in print, ePub, and PDF, and can be found on Amazon, the Amazon Kindle, the Sony eBook Store, and 99-Series.com from $5.99-$14.97.

Robert Siciliano is an Online Security Evangelist for McAfee. See him discuss identity theft on YouTube. (Disclosures)

Thinking About Building a Safe Room?

A safe room also known as a panic room is designed to keep bad out and extend your lifetime. Bad could be in the form of Mother Nature’s wrath, manmade disaster or a human predator.

There are varying levels of options and financial investments based on what exactly you want to protect yourself from.  For example if you live in a part of the world where tornados are a problem then you may build your safe room with similar security features as you would when trying to protect from a predator. But may not as extreme as protecting yourself from manmade disaster, like nuclear fallout.

FEMA has a guide that begins the process of building a safe room and asks you to consider: When extreme weather threatens, individuals and families need advance warning and protection from the dangerous forces of extreme winds. Individuals and communities in tornado and hurricane areas need structurally sound safe rooms and early alert systems.

What is the cost of installing a safe room?

Can I install a safe room in an existing home?

Can I build the safe room myself?

Where is the best location for the safe room?

Where can I find plans for safe room construction?

FEMAs guide discusses having a safe room in your home or small business that can help provide “near-absolute protection” for you and your family or your employees from injury or death caused by the dangerous forces of extreme winds.

This is a good start for anyone considering a safe room of any kind. In the next post we’ll get into detail about what designs may be considered when building one to protect for predators and even manmade disasters.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

Human Security Weaker Than IT Security

Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement.

Despite the amount of criminal hacking that goes on, users who effectively implement the appropriate measures and refrain from risky behaviors enjoy relative security.

The Wall Street Journal reported on a study by Dartmouth’s Tuck School of Business, quoting professor Eric Johnson:

“Criminal hackers are increasingly turning to digital versions of old-fashioned con games, literally gaining the confidence of employees through innocuous-seeming phone calls purporting to be from fellow workers, or even through regular mail, in order to entice them into downloading malicious code or revealing a password. The threat of data leakage is thus highest where a human is put in a position to decide whether to click on a link or divulge important information. The [phishing] techniques have become more hybrid.”

If you are reading this, chances are you do a pretty good job with information security to prevent identity theft, at least on the consumer level. But you also need to start thinking about avoiding Jedi mind tricks. Within the security world, these cons are known as “social engineering.”

Whether you receive a phone call, an email, or a visitor at your home or office, always question those who present themselves in positions of authority.

You should never automatically place your trust in a stranger.

Within your own home or business, set clear guidelines regarding what information should or should not be shared.

Keep in mind that when you lock a door it can be unlocked, either with a key, or with words that convince you to unlock it yourself. Always view every interaction, whether virtual or face-to-face, with a cynical eye for a potential agenda.

In the end, if a bad guy has pulled the wool over your eyes, they often will want to infect your Mac or PC. Keep your computers operating systems critical security patches up to date and install a total protection product.

Robert Siciliano is an Online Security and Safety Evangelist to McAfee and Identity Theft Expert. (Disclosures)

Phone Scammers Have No Shortage of Targets

Scammers call as a grandchild with a bad crackly phone connection in another country on vacation hoping the victim will believe they are their grandchild who needs to get bailed out of jail. Other scammers call informing the victim they won the sweepstakes or lottery and only need them to pay by credit card or wire money to insure the winnings end up in their back account.

Sometimes the caller will say they are a lawyer from a foreign land and a long lost relative just died and left a large amount of money that desperately needs to get into the victims back account. All that needs to happen is the victim coughs up bank routing numbers and authorizes a cash transfer. And if the phone ever rings and it’s someone telling you they are selling stocks, bonds or gold or can get you a tremendous rate on your mortgage, chances are they are just another scammer trying to separate you from your money.

Amazingly, Alexander Graham Bells little invention has allowed scammers for well over 100 years to use his tool of technology to fleece unsuspecting citizens, and rob them of their personal security. Just like the internet today, people believe that the anonymous person on the other end of the communication is who they say they are.

The naïve and false belief to trust the authoritative figure who informs you that you either stand to gain or lose something based on your compliance is a tried and true method of scammers.

Really, the key to preventing phone scammer: hang up.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Defense Begins in Petit Home Invasions

It’s as hard for me to write this as it is for you to read this. In one of the worst publically known home invasions of the 21st century one defendant has received the death penalty while the other is facing the same fate. Joshua Komisarjevsky, confessed to the attack on the home and family of Dr. William Petit, and the murders of his wife, Jennifer Hawke-Petit, 48, and girls Michaela Petit, 11 and Hayley Petit, 17.

The 2 home invaders met in jail and after they got out one night set out to rob some people at ATMs and ultimately landed at the Petit home. The father was sitting on his sun porch when the two men came in and Komisarjevsky hit him with a baseball bat.

Then both men went up stairs to tie up mom and two kids. A short while later one of them escorted the mother to the bank to take out $15,000.00.

When they came back each of the men sexually assaulted the mom and a daughter. To cover up the DNA evidence they debated to burn the house down killing the victims and destroy the evidence.

After what Komisarjevsky described as a brief argument they agreed and poured gasoline all over the house. The mom and her daughters died of smoke inhalation.

In his confession Komisarjevsky stated “They did every, they did, they did what they were supposed to do. There was no reason for them to die. They were compliant the entire way, both you know, very bright young ladies.”

We can “what if” all day long and play out different endings as a result of actions or inaction taken. I’ll simply offer this; while compliance is how most of us are raised and is necessary in a civilized society, sometimes noncompliance is in order in an uncivilized situation.

Robert Siciliano personal and home security specialist to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Reinforcing Your Doors Security (Part 3 of 3)

Frightening Statistics:

1 of every 5 homes will experience a break-in or violent home invasion.

80% of break-ins occur forcibly through a locked door.

burglary occurs every 15 seconds in the United States.

This is why installing multiple layers of protection including a home security alarm, door reinforcement and numerous other methods are fundamental to your homes security.

In a recent post I discussed 5 different kinds of door reinforcement devices and then focused on door frame reinforcement. Here I’m reviewing door brace options. Door braces are usually floor mounted alloy metal devices that come in two parts. One is the horizontal floor plate screwed right in the floor and the other is a vertical plate that inserts in the floor plate tightly fit up against the door.

I called Mr. Jordan Frankel known as The Security Sensei of ShatterGARD Glass Protection, Inc. A Division of Global Security Experts to review the OnGARD Security Door Brace. Jordan is a passionate inventor and well sought after expert in home security worldwide. In our conversations he was flying between Saudi Arabia, China and somewhere stateside. He’s like the Thomas Edison of home security.

I’ve known of door braces for some time now. Usually they are a “door bar jammer” which are installed under the doorknob and pitch to a 45 degree angle to the floor. The OnGARD Security Door Brace is in a another league.

What I like most about this device is simply how difficult it becomes for a 250 pound man to kick in your door. The device installs on the floor with four heavy screws and you’re done. It works best when you are home as this device essentially (for lack of a better tem) barricades you in. I asked Jordan how else this would work if I wanted to keep it installed when I leave the home and he suggested if you have a garage door then enter and exit through the garage, which makes perfect sense. The OnGard is less than a foot wide and 4 inches tall but is a beast. I like a door brace in combination with door frame reinforcement to add 2 effective layers of door reinforcement security.

I’m sleeping even better these days.

Robert Siciliano personal and home security specialist to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

 

Reinforcing Your Doors Security (Part 2 of 3)

In a recent post I discussed 5 different kinds of door reinforcement devices. In this post I’m going to review a door frame reinforcement device by Door Devil. I reached out to other manufacturers of door frame reinforcement and only Nick Fairless from Door Devil was kind enough to respond and send out a device to test.

The Door Devil Anti Kick Door Jamb Security Kit is made of a 1/16“ heavy steel and is 4 feet in length and is installed on the door jamb center, right over the exiting strike plates. Standard door security is comprised of (2-4) small screws through 1-2 small strike plates attached to a thin door frame. A strong kick focuses on this single weak point and easily blows apart the door frame. That’s why kick-ins are (by far) the #1 tactic for home invaders.

|Door Jamb fortified with Door Devil™ provides additional security with:

1) 48″ steel door jamb reinforcement replaces 3″ brass strike plate

2) Force is diffused across 4 feet of the door frame

3) 3.5″ heavy screws drive into 2×4 studs behind door frame

4) 3″ screws reinforce hinges – provide extra door security

What I like most about the door frame reinforcement technology is that it’s always there. Meaning there are no moving/additional parts, it requires no effort other than an initial install and then locking your doors. By itself the Door Devil is one layer of security in addition to a home security alarm and cameras and does a great job. Keep in mind that after about a minute of kicking and shouldering a door, most burglars would give up.

There is one more layer of door security I’d recommend in the category of “door brace” discussed in post 3.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News. Disclosures

 

Searching for Hotties Leads to Hacked PCs

Five or ten years ago, it was relatively easy for scammers to trick people into opening email attachments that would launch malicious programs on victims’ PCs. Nowadays, most email providers won’t permit .exe attachments, so viruses may be saved as compressed files, or hidden behind links that appear to lead to PDFs or word documents.

Scammers have been very productive in creating spoofed or infected websites, which are designed to infect your web browser with viruses. More than three million of these websites were born in 2010 alone.

The bait that lures victims to these infected websites may be the latest Twitter trend, a breaking news story, significant world event, ringtone downloads, pornography, or celebrity pictures.

Cybercriminals often use the names of popular celebrities to tempt viewers to visit websites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of the trendy content they were expecting.Hot stuff model/television host/Seal’s wife Heidi Klum is this year’s “Most Dangerous Celebrity.” Heidi herself may be sweet as pie, but the allure of her looks has captured scammers’ attention, leading them to exploit her fame to draw in victims.

McAfee found that searching for the latest Heidi Klum pictures and downloads yields more than a 9% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses, and other malware.

McAfee security experts urge consumers to surf safely by using McAfee Total Protection security software, a security suite that offers consumers antivirus, anti-spyware, identity, and firewall protection, plus a feature called SiteAdvisor, which displays red, yellow, or green web safety ratings within Internet search results pages. It also blocks risky websites, adds anti-phishing protection, and helps users surf, shop, and bank more safely.

Robert Siciliano is an Online Security and Safety Evangelist to McAfee and Identity Theft Expert.(Disclosures)