Watch Those Corporate Card Statements to Prevent Credit Card Scams

Charges on corporate credit cards can often go unnoticed even when employees are submitting expense reports. Especially if the charges are small.

The Federal Trade Commission filed a lawsuit describing a criminal enterprise responsible for “micro charges,” fraudulent charges ranging from 20 cents to $10, to as many as one million credit cards since approximately 2006. Because the amounts were low, most of the fraud went unnoticed by cardholders. Money mules were used to divert the funds to Eastern European countries. (“Money mules” are typically individuals who are recruited to assist in a criminal enterprise via help wanted advertisements on job placement websites. In this case, the mules believed they were applying to be financial services managers.) These mules opened numerous LLCs and bank accounts. They also set up websites with toll free numbers, creating an apparently legitimate web presence. Thanks to this facade, the websites were granted merchant status, allowing them to process credit card orders.

The victims of this credit card scam would see the fictional merchant’s name and toll free number on their credit card statements. If they attempted to dispute a charge, the toll free numbers would go to voicemail or be disconnected. Most frustrated consumers may not bother to take the additional step of disputing a 20 cent charge with the credit card company.

Victims of fraudulent credit card charges only wind up paying the unauthorized charges if they don’t detect and report the credit card fraud within 60 days. A 60 day window covers two billing cycles, which should be enough for most account-conscious consumers who keep an eye on their spending. During that time, you are covered by a “zero liability policy,” which was invented by credit card companies to reduce fears of online fraud. Under this policy, the cardholder may be responsible for up to $50.00 in charges, but most banks extend the coverage to charges under $50.00.

If you fail to recognize and dispute unauthorized transactions on your credit card statements, you take responsibility for the fraudulent charges. While 20 cents may not seem worth the bother, these seemingly minor charges are certainly funding criminal activity, and perhaps even terrorism. So to prevent credit card scams take the time to scrutinize those unauthorized credit card charges every single month.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Network Hacking – Why Taunting Computer Hackers Isn’t a Good Idea

Would you dare a burglar to break into your home while your family was sleeping? Would you taunt a murderer or serial killer to try and get you? And would you say to a gang of thieves “just try and break into my business”. Maybe if you are a little daring and maybe if you had a screw loose you’d make these irresponsible requests. But in reality “bring it on” is never a good idea. Especially when it comes to your network security. Because “they” just might win.

The, the official website of the Ultimate Fighting Championship, was hacked by a group calling themselves the “Underground Nazi H4ck3rGr0up.”

Fox5 reported Dana White, UFC President issued the challenge to hackers because he supports the recently debated online piracy legislation known as SOPA and PIPA.

“They will not intimidate me,” White said in a phone interview with FOX5. “I’m not intimidated. I’m not scared of what they’re doing.”

The computer hacker, known only as UgNazi, successfully took over

Within a day of this attack it was reported that Whites Social Security number and additional personal information was hacked and exposed for the world to see. But in fact the information was for another person who went through a pretty harrowing harassment over the course of a few days.

Kicking a hornets’ nest isn’t advisable. And neither is taunting a collective of criminal hacktivists who have lots of time and lots of resources to make your small business network a target.

Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

FCC and Carriers to Create Stolen Phone Consortium

Stolen phones are a big problem here in the US. Many are stolen in robberies. Robberies are, by definition, violent crimes, and there are many instances of robberies of mobile phones that resulted in serious injury or even death.

TechNewsWorld reports “Ten years ago, mobile phone thefts accounted for about 8% of New York City’s overall robbery cases, but since then the number has climbed to 40%, according to Ray Kelly, commissioner of the New York City Police Department.”

Similar statistics like 38% of all robberies in Washington, D.C. and other big cities have prompted the Federal Communications Commission, wireless carriers, law enforcement across the country and a few outspoken politicians to work together and create the PROTECT Initiative.

A month ago a journalist asked me if the wireless carriers will ever agree to create a joint effort consortium to identify, catalog and dead end stolen mobile devices. I said never, no way, won’t happen, they make too much money off the contracts to turn down a stolen phone. But now that lawmakers have stepped in, the wireless industry will want to have a say before any laws are passed that tie their hands.

PROTECT is a good thing. It helps create awareness – people still don’t get that they need mobile security. In the coming months we will see more buzz from the wireless community about what systems are in place to protect you and what responsibilities you have as a consumer to protect yourself.

Meanwhile software like McAfee Mobile Security not only protects against viruses and malware but can help prevent a criminal from accessing your personal and private data if your phone is lost or stolen. You can remotely locate your phones, even if the GPS is turned off, lock the device, back up the data and if necessary, wipe everything from your phone. If your mobile phone was ripped from you right now, how vulnerable would you be?

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Employee ID Verification for Small Business

When hiring new employees the first concern is often “how good of an employee will they be” but in fact the first concern should be “are they actually who they say they are” because regardless of the nature of your business, an employee who isn’t actually who they say they are can wreak havoc on your business when there are no consequences to their real identity.

Former Department of Homeland Security Chief Chertoff stated; “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

We are functioning in an environment in which IDs have yet to be verified or authenticated. There are hundreds of forms of identification in circulation with little security, the Social Security number is a national ID available everywhere, there are thousands of variations of the birth certificate, there are kids on college campuses everywhere selling fake IDs and credit is wide open.

All these fake IDs contribute to the exasperating problem of imposter fraud.

Get the ID Checking Guide to assist you with employee ID verification. “Whether for initial screening or final ID check, verifying ID is important. By reducing inappropriate employment applications, time is saved and later errors or litigation averted. Our references are quick and easy-to-use, with clear indication of the security features that help to verify ID.”

Eventually fake ID detection methods like Smart-cards, biometrics in all its forms, multi-factor authentication and other identity verification methods will help form trusted identities and being an imposter won’t be so easy.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Protect Yourself From Fraud While Filing Taxes

Identity theft complaints rose to more than 11 million last year, and tax-related scams have increased by over 700% since 2008. Two million fraudulent tax returns were filed in 2011 alone, at a cost of two billion dollars. Common scams include:

Double filing: If you receive a notification from the IRS informing you that multiple tax returns have been filed in your name, you should respond immediately to begin working through the restoration process.

Employment scams: Receiving wages from an unknown employer is often the first tipoff that you have been victimized by an employment scam. Avoid this issue by protecting your Social Security number. You can also make your Social Security number less attractive to thieves with a credit freeze.

Phishing scams: If you receive an unsolicited email or text message that appears to have been sent by the IRS, hit delete without clicking any links within the message.

Scam tax preparers: These con artists set up shop for just long enough to collect victims’ personal information in order direct refunds to themselves. Stick to doing business with accountants you know, like, and trust.

You should also take the following additional precautions to protect yourself from these and other tax-related scams:

Protect your data: Thoroughly secure any and all sensitive documents from the moment they arrive in your mailbox. File cabinets must have locks, and important documents should be stored in a fire resistant safe.

Shred non-essential paperwork: Use a crosscut shredder before disposing of any documents continuing sensitive data.

Go paperless: Opt out of paper statements in favor of having electronic statements sent to your email.

File early: Filing your sooner rather than later is a simple way to thwart any potential attempts to file on your behalf and fraudulently collect your refund.

Go to the post office: If you submit your taxes through the mail, do so by mailing them directly from your local post office, rather than leaving them in a mailbox.

Protect your PC: Before filing online, be sure that your computer’s operating system is up-to-date with the latest critical security patches. You should also use comprehensive security software that includes antivirus, anti-spyware, anti-phishing, and anti-spam protection as well as a two-way firewall.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Utah Medicaid Breach Serves as Another Wakeup Call

An employee of the Utah State Department of technology must have hit the snooze button when he launched a test server that resulted in the breach of 780,000 Medicaid records including over 250,000 Social Security numbers.

The Governor of Utah was quoted in the Salt Lake Tribune saying “Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised.”

Words like “tragic” are generally associated with death, not data breaches, nonetheless, it’s not good to have your Social Security number in the hands of a criminal. The data breached will most certainly cause thousands of people to suffer from identity theft. New lines of credit opened by the thief will go unpaid and ruin good credit ratings.

While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question may have had the encryption measures required, but that a single weak password may have provided access to these sensitive records. This is another reminder that the failure to implement organizational security policies is, in itself, a weak link in IT security.

Security is the responsibility of the ones who are in charge, those who hold the keys. In my home, it’s me. In your house, it’s you. And you can put all the locks on a house that you need, but if you leave a window open or a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind.

For consumers a comprehensive antivirus, antispyware, antiphishing and firewall is just the beginning. Make sure your computer us up-to-date with all its critical security patches and your browser is secured too.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Business Data Breaches Key in Rise of ID Theft

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier report released by Javelin Strategy & Research Data Breaches increasing and more damaging – “One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011.”

Over the past five years, criminal hackers from all over the world have been targeting huge databases of Social Security and credit card numbers. The endgame for criminal hackers is identity theft. Once they obtain stolen data, their objective is to turn it into cash as quickly as possible. This either entails selling the data to identity thieves on black market forums, or using the information to create new accounts or to take over existing credit card accounts.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of data theft incidents in which personal data is compromised, lost, or stolen: “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

The fundamentals of ID theft protection include:

Software: Antivirus, antiphishing, antispyware. Total protection “all access” suites of protection and full disk encryption

Hardware: Routers, firewall security appliances

Physical security: Commercial grade solid core doors, business security systems, security cameras.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Android Viruses are the Real Deal

Smartphones now make up half of all activated mobile phones. And as we know, smartphones are small computers, capable of performing most of the same functions as a PC, primarily through the use of mobile applications.

Some claim that mobile malware threats are still too scarce to worry about. But while PCs definitely remain the bigger targets, smartphones are quickly capturing criminal hackers’ attention, with instances of mobile malware increasing by 600% from 2010 to 2011.’s Al Sacco, “a security-conscious mobile beat reporter,” reported on his experience dealing with his first smartphone infection. His McAfee Mobile Security app identified the Android virus on his Motorola Atrix 4G. “Security expert, I am not, and I’m the first to admit it,” Sacco defers. “But I do know a thing or two about smartphones and the mobile landscape, and I can say without a doubt that the Android threat is very real… It’s better to be paranoid about real threats than to shake them off as nonexistent. And that’s a fact.”

“Paranoid” is a strong word, implying mental illness. And I know that isn’t really what Sacco meant. But maintaining an acute awareness of potential threats to your smartphone and taking action to prevent them isn’t mentally ill, it’s just smart.

What’s really crazy is using an Android device without mobile security, because it’s only a matter of time before that device is infected.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

I’m Running the Boston Marathon Monday April 16th

Hello Friends, Colleagues, Clients, Media, Readers and all those who we’ve ever come in contact with:

The following is one sentence of business updates AND THEN more importantly, Robert’s running the Boston Marathon next week, Monday April 16th for Children’s Hospital Boston. Sick kids need your help.

Quick Biz: Robert was in Time Magazine in March, VERY FUNNY. Also, his YouTube page has over one million views! And check out his NEW book  And he’s done an incredible amount of media this year here:!/RobertSiciliano

The IMPORTANT stuff:

Robert is taking on the challenge and running the 26.2 miles Monday April 16th as part of the Children’s Hospital Boston, Miles for Miracles Team. He has written a note below and provided a few links to track him on-line and more importantly make a donation for the kids at Children’s Hospital Boston. Please read on:

Please Donate HERE:

Hey Everyone,
This hasn’t been easy. Only my wife knows and others who have done this, it’s quite a task. It’s expensive and extremely time consuming. Early in my training I’ve had “IT Band Syndrome” issues. And anytime they attach “syndrome” to anything you’re pretty much disadvantaged. This means the medical community doesn’t have an answer.  This is a ligament/tendon that starts at your hip and ends at your knee that hurts to heck after about 2 miles at the knee. After about 20 physical therapy treatments and another 15 chiropractic adjustments topped with a half dozen “Active Release Technique” treatments, I did 15 miles Saturday, which is the most I’ve done and it’s about 120 miles and 6 weeks behind where my team from Children’s Hospital Boston is at in their overall training.

So while this has all been a challenge to say the least, Marathon Monday may end up a hot sunny day resulting in dehydration or over-hydration for many which should make for a dramatic race with lots of people passing out.

And a little perspective: I’m 43. I can do this. I’m healthy and so are my kids. The children at Childrens Hospital Boston are not healthy. They need us and their doctors to help them get well. So to those of you who raised some great cash at our Feast of the 7 Fishes, THANK YOU. To all those who have donated, THANK YOU! Your generosity at times has brought me to tears.

(First a special note to my close friends and those who I’ve know since I was a kid…I know where you live. And I can get your Social Security number too. DONATE

To everyone else: donating is tax deductible, it’s good karma, it will make you feel good, the kids at Childrens Hospital Boston will significantly benefit from it and you are contributing to saving the life of a child. Please pull a couple bucks out of your pocket, donate more than you think you have…surprise yourself, go BIG: HERE

Tracking: If you want to track Roberts progress you can sign up here to receive 3 automatic text messages towards the beginning, half and at the finish line of the race here:  The websites homepage will change on marathon day allowing you to type in Roberts bib #22111 to get an immediate location.

Meeting area at finish in YELLOW.

Boston Marathon Course Map:

PS: I should finish by 4pm. If you sign up for alerts and don’t get a text saying I finished: PRAY!!

Much Love and many many thanks to everyone and a special thanks to all those who have supported us!
Robert & Family

PS, My large German Shepherd will be in the house while I’m gone, the alarm will be on, booby traps are set and a cop lives right next to me.  Just sayin’

Facebook connect:

Use Cases for NFC in non-payment scenarios. Where else will we see this technology flourish?

Near Field Communications (NFC), is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

NFC handsets are set to increase to about 80 million next year. Gartner estimates that that 50% of smartphones will have NFC capability by 2015.

But not all NFC revolves around mCommerce. The usage of NFC  for identity documents and keycards are widely deployed.

And then theres FeliCa, is a contactless technology that is widely deployed in Asia for public transportation, access management, event ticketing, customer loyalty programs and micropayments. As of March 2011, there were over 516 million units of FeliCa IC Chips worldwide, incorporated in 346 million cards and 170 million mobile phones.  Gemalto and Sony Corporation have established an agreement to provide FeliCa / Near Field Communication (NFC) solutions globally.

“With FeliCa’s proven commercial adoption particularly in the Asian markets, we strongly believe that our agreement with Sony will enable Gemalto to build the foundation for significant expansion for both companies at a global scale,” added Tan Teck-Lee, Chief Innovation & Technology Officer and Asia President of Gemalto. “Gemalto’s UpTeq NFC SIM is set to trigger the mass deployment of mobile NFC services now, while providing operators the flexibility to expand their offer in the longer term.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures