Almost 5% of Smartphones Lost Every Year

McAfee and Ponemon Institute recently released “The Lost Smartphone Problem,” a study that attempts to determine how many employees’ smartphones are lost or stolen, and the consequences of these lost cell phones on various organizations. Among the 439 sample organizations, the number of missing smartphones is significant: 142,708 in one year.

Approximately 62% of smartphones are company owned devices assigned to employees for business use. 38% are personally owned and are used for business. Roughly 4.3% of these employee smartphones are lost or stolen each year. Of the 142,706 smartphones reported missing by the 439 businesses surveyed, only 9,298—7%—were recovered. 13% of the missing smartphones were lost in the workplace, 29% were lost while traveling, and 47% were lost while employees were working away from the office, either at home or hotel rooms. Employees were unsure where the remaining 11% were lost. And despite the fact that 60% of missing smartphones are believed to contain sensitive and confidential information, 57% were not protected with available security features.

The industries reporting the highest rate of smartphone loss were health and pharmaceuticals, education and research, and public sector organizations.

Based on the costly consequences of lost data assets, it makes sense to allocate the necessary resources to invest in anti-theft and data protection solutions in order to secure smartphones and the sensitive and confidential information they contain.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Hey, Psst, Wanna Buy A Lifetime of Toilet Paper?

I’ve seen lots and lots of scams over the years and many of them involve penny stocks, contractor scams, cash gifting, investment scams, black money and the list goes on. And with each scam you see the question is always asked “How is it that someone could fall for that?” And with some scams it is actually feasible that there is many potential victims for said scam.

A “Toilet paper” scam, well, I guess, could target everyone? Right?

In this particular scam the targets were those who own septic tanks. The ruse was that the federal government is now requiring by law that if you own a septic tank that you need to buy a special toilet paper.

The Miami Herald reported “In phone pitches, salespeople claimed the company was affiliated with the Environmental Protection Agency, the U.S. Food and Drug Administration and the U.S. Department of Agriculture. One product, the $199 Septic Remedy treatment, would eliminate the need to have their tanks pumped, the company claimed.

Victims were also told that they needed special soap, detergent and toilet paper or their septic tanks would not pass federal inspection. But the EPA does not regulate septic tank products, according to the U.S. Attorney’s Office.”

This scam isn’t entirely impossible to believe. And the fact is there are house hold products such as special soap, detergent and toilet paper that is in fact better for the environment and without doing the research probably better for a septic, I can see how these scammer could make a mint on the sales of these products.

Anytime anyone ever calls you, sends an email, snail mail or knocks on your door, do your research. Don’t just automatically believe what someone says, especially if there is money involved.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

5 Insidious Forms of Auto Insurance Fraud

Insurance is intended to have your back in the event that something goes wrong, but some individuals have found loopholes in the system, effectively turning insurance companies into their own personal banks. These scammers have long been known to engage in “slip and falls,” claiming “whiplash,” and engaging in elaborate scams that can take years to uncover and cost insurance companies millions.

Auto insurance scams are some of the most prevalent in the insurance industry, allowing fraudsters to easily obtain policies and take advantage of the “he said, she said” nature of auto accidents.

Here are five major scams plaguing the industry:

1. Ghost brokers: Even in such a heavily regulated industry, scammers are able to pose as legitimate insurance agents, offering steep discounts on consumer policies that are, in fact, worthless.

2. Crash for cash: These are typically rear-end accidents in which the victims unintentionally crash into the scammers. “Crash for cash” scams often occur at roundabouts or rotaries, intersections, and highway on-ramps. See the UK’s top crash for cash hotspots.

3. Soft tissue scams: Scammers may collude with physical therapists, chiropractors, and doctors to fake back pain, neck pain, and other hard-to-prove injuries that can’t be detected on an X-ray.

4. Staging scams: Generally, in this type of scam two or more cars are involved in a preplanned “accident.” The participants have agreed ahead of time to split the proceeds from repairs and injuries.

5. Phantom victims: After either a staged or legitimate accident, people who were not present at the incident are included in the claim.

In most cases, scammers file their fraudulent insurance claims online. The criminals who perpetrate these sorts of online scams tend to repeat their trick over and over, generating a pattern that can easily be detected by iovation’s device reputation service. This service spots online evildoers by examining the computers, smartphones, and tablets being used to connect to a website. If a device is recognized as having previously committed financial crimes, or is a new device but exhibiting high-risk behavior, the website has the opportunity to reject the transaction, preventing losses to the business before they occur.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Redefining Privacy Today

Privacy is really -and only- what you say or do within your own home with the shades down that is (generally legal) and between you and your love-ones that is not being communicated, recorded, broadcasted or reproduced in any way online or in a public forum.

In the past 5 years we have learned that everything from the websites we visit, the apps we download, the social networks we belong to, and the mobile phones we carry, pretty much know everything about us down to the text messages we send and receive.

Privacy is a very hot topic and probably one of the most misunderstood since the turn of the century. Over the past decade a battle has been fought by three very distinctive groups and they are as follows:

#1 Privacy advocates: These are your everyday well meaning and well informed people all the way up to privacy professionals who, day in and day out preach the absolutes of privacy and why we need it. They are evangelists of the issues and tell anyone and everyone the importance of privacy whether they want to hear it or not.

#2 Sales, marketers, advertisers, SMB and big business who stand to gain from knowing every last details about what you like, don’t like, who your friends are, your income, and basically your over all demographics defined in 33 bits of data. They offer us all the free stuff we can consume online and build communities that tie us all together. They track us and sell our data and sell advertising targeted directly at you.

#3 The Cattle: These are your everyday people that just go with the herd and aren’t all that concerned about privacy but might care just a little bit. They are more concerned about living happily ever after with as little friction as possible. Ultimately they want to use all the services and websites we have today and don’t want to pay for them if they don’t have to.

Most people are in the herd, which is why privacy is becoming a very different ideal today than it was a decade ago. It’s perfectly OK to fight for your privacy and insist on it by those you do business with. But know that it’s often the decisions and choices we make, (like checking a little ‘I agree’ box) which is why we are where we are today.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

How Device Reputation Can Help Prevent Fraud in the Insurance Industry

Insurance companies, like banks and retailers, are forced to deal with a wide spectrum of fraud, which costs the industry and its customers billions of dollars each year. According to the Insurance Fraud Bureau, “Undetected general insurance claims fraud total £1.9billion a year adding on average £44 to the annual costs individual policyholders face, on average, each year.”

Savvy criminals who perpetrate insurance fraud have learned to mask their true identities when setting up policies online, regularly changing account information to circumvent conventional methods of fraud detection. Now, more than ever, insurance companies need to be wary of these schemes from the onset and deploy effective solutions to analyze information beyond that supplied by users.

By initiating the application process with a device reputation check provided by iovation Inc., insurance companies can stop fraud before it happens and avoid further checks and fees when a device is known to be associated with identity theft and other frauds.

The insurance industry has an opportunity to work in tandem with merchants, banks, and others to share data that helps pinpoint the devices responsible for fraudulent activity. Shared device reputation intelligence makes this possible for the first time.
The insurance industry can utilize the established reputations of over 800 million devices in iovation’s device reputation knowledge base. While a computer applying for insurance on a site may be new for the first time, it is rarely new to iovation’s global client base. By assessing risk based on the device in real-time, an insurance company can better determine whether a particular device is trustworthy before a transaction has been approved or an account has been opened.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Woman Scammed of 400K

Police are warning elderly and those who have elderly parents that not all scams are done online. Some are executed using good ole’ snail mail and the telephone.

An “80-year-old woman received a letter in the mail claiming she had been awarded a large amount of money, but was required to pay fees and complete paperwork before the money would be released. According to police, the woman, without the knowledge of her children, started sending money. She started receiving notices indicating she would be awarded more money, and the scam went on for about a year. She sent about $400,000, police said.”

Scams like these are extremely easy and very lucrative for criminals. Elderly or those in your life that may be considered naïve are often the target because of their gullible nature. But other times it’s the time and culture they were raised in. There are numerous ways in which criminals pull at the heart strings of their victims to get them to open their bank accounts. Often it’s the same people who are targeted over and over again.

The most effective way to prevent these crimes from happening to all those concerned is to get better control over the release of funds from any of their financial accounts. Meaning if they have a big bank account set it up so two signatures are required for a check to be written. If the person is concerned they don’t want to be inconvenienced with every check they write then set up two accounts. One with a little money and one account with more funds effectively locked down.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

5 More Online Security Tips for Valentine’s Day

A scammer typically contacts a target and strives to project an image of someone who has it all together financially and socially, claiming to be a successful entrepreneur or something similar. Or scammers may claim to be facing adversity, claiming they are widowed, down on their luck, or, like many, simply lonely. This is a strategy that has worked in the past.

Follow these tips to prevent getting scammed:

#1 Unless this person becomes an actual significant other, never give out personal information like passwords, credit card numbers or Social Security numbers.

#2 Know that bad guys lie, a lot. And they will keep up the ruse until they have what they need or until you are in a vulnerable place. Pay attention to their intentions.

#3 Get their name, address, previous address, home phone, cell phone, place of birth, birth date, where they work, license plate and if you can squeeze it out of them, and I kid you not, get their Social Security number and do a background check.

#4 Go online and Google search every bit of information about them you have acquired. You want to know as much about this person as possible. Search name, phone, email and screen name. The goal is to look for truth and lies. If you see inconsistencies, or red flags that can’t be easily explained, run really fast.

#5 Never open attachments from anyone you don’t know well. And if you can avoid it, don’t click on links they send. Scammers will think nothing of sending you a virus to infect your PC and steal your identity.

Robert Siciliano personal and home security specialist toHome Security Source discussingInternet Predators on Fox Boston

Protect Privacy Shopping After Holiday Bargains

To my dismay, every time I buy something from a new online retailer, I have to register to create yet another user account, which means yet another password, and yet another company that may lose or sell my data or send me spam.

Fortunately, there are steps we can take in order to stay secure and protect our privacy:

1. Privatize your contact information by using a junk email address specifically for online purchases, and then forward purchase confirmations to your primary email. Use a Google Voice number when you don’t wish to give out your home or cell phone numbers.

2. Only provide personal information when absolutely essential, and provide the minimum of information needed to complete a transaction. When you do disclose this data, whether to make a purchase or for any other reason, first ensure that you know exactly who is requesting the information, and why they need it.

3. Create strong passwords using combinations of upper and lowercase letters, numbers, and symbols. Use long, strong, unique passwords for each individual account, and use a password manager to store those passwords in the cloud and allow access across various devices. Separate passwords for every account help to thwart cybercriminals. Never use the same password twice.

4. Own your online presence by setting any available privacy and security options according to your comfort level regarding information sharing. It’s okay to limit the information you share, and who you share it with. Keep an eye out for little boxes that need to be unchecked to avoid additional marketing communications.

5. Make an effort to keep yourself informed and current by checking trusted websites for the latest threats and newest ways to stay safe online. Encourage friends, family, and colleagues to be web-wise by sharing this information.

6. Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

Basic Security Tips When Providing Free Wi-Fi at Your Business

Wi-Fi: freedom to connect wherever and whenever. And there is no better Wi-Fi than free Wi-Fi, unless we are talking “secure Wi-Fi” which usually isn’t free. Wi-Fi is great for bringing in customers and it’s a great promotional tool that creates customer loyalty. Merchants such as hotels, coffee shops, burger joints and just about anyplace with a store front, chairs and tables is offering free Wi-Fi.

But what about all the Wi-Fi security threats?

More and more internet savvy people realize that there is less and less anonymity on the web. This means that a criminal who operates from home or work can be detected via his IP address much easier. One way to avoid detection is to show up you’re your place of business and blend in with the connected crowd.

Criminals use free Wi-Fi for:

Pirating: Downloading stolen music, movies and software via Peer to Peer programs is big and costing the entertainment industry billions. The RIAA and MPAA don’t like this and will often crack down on whoever is connected to the IP address associated with the illegal downloading.

Child Porn: The long arm of the law is often spending time in chat rooms posing as the young and vulnerable and chatting it up with pedophiles who exchange in child pornography.  Wouldn’t be cool if the FBI to came knocking.

Hacking: Hackers will hack others on the free Wi-Fi network in order to steal usernames, passwords and account information.

Secure Wi-Fi

Creating a secure Wi-Fi that requires a user name and password to join. This may not prevent all kinds of e-crimes but it’s a start to improve your Wi-Fi network security. Charging even a dollar may get a credit card number on file and would mostly eliminate anonymity.

Web filtering: Your IT security vendor has tools similar to what a corporation may have in place that filters out known websites and prevents the sharing of Peer to Peer files.

Confirm you are on a business account: Many small businesses may set up under a personal account because it might be a bit cheaper. But that personal account doesn’t enjoy some of the protection and indemnities that a business account would.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

One in Three Massachusetts Residents’ Records Breached

Massachusetts has one of the most stringent data protection laws on the books. Businesses are required to disclose data breaches, and companies are now reporting when even a single individual’s information has been compromised.

Despite strict laws and security requirements, companies are continually being hacked in record numbers. And if major businesses still being hacked despite allocating significant resources to securing their data, you’re more than likely at least as vulnerable.

The Boston Globereports, “Personal information from nearly one out of three Massachusetts residents, from names and addresses to medical histories, has been compromised through data theft or loss since the beginning of 2010, according to statistics released yesterday by the office of Attorney General Martha Coakley.”


  • Since January 2010, 1,166 data breach notices have been filed
  • 480 of those breaches occurred between January and August of 2011
  • 2.1 million residents were affected
  • 25% involved deliberate hacking of computer systems containing sensitive data

This is just Massachusetts. Every other state is experiencing the same thing. According to Juniper Research, in the past year, 90% of organizations have suffered from some form of data breach. Since the start of 2011, there have been 365 data loss incidents involving 126,727,474 records around the world.

Keeping PCs and Macs updated with antivirus and anti-spyware software is fundamental, as is updating all critical security patches. You should also have a two-way firewall monitoring incoming and outgoing traffic, and strong passwords that combine upper and lowercase letters, numbers, and preferably other characters.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.