Setting off a False Alarm Can Cost You

If you have a home alarm system, you may be guilty of setting it off accidentally. Sometimes we open a door or window that sets it off, while other times we mess up the secret code. The result of this mishap is usually a very loud siren and the attention of your neighbors. If you don’t call to cancel in time, then it results in law enforcement showing up.

We’re all familiar with the boy who cried wolf. The protagonist of the fable is a bored shepherd boy who entertained himself by calling out “Wolf!” Nearby villagers who came to his rescue found that the alarms were false and that they had wasted their time. When the boy was actually confronted by a wolf, the villagers didn’t believe his cries for help, and the wolf ate the flock (and, in some versions, the boy).

Accidentally setting off an alarm can cost you in much the same manner.

The Santa Fe New Mexican reports that “The Santa Fe Police Department has netted nearly $500,000 from false-alarm fines and registration fees since the program began in 2010, a report says. At the same time, a business called CryWolf earned more than $271,000 from city residents and businesses for administering the program, a 32 percent fee it takes off the top of collections.”

I’m just as guilty as anyone of setting off a false alarm. But I’ve never had law enforcement show up to my home as a result.

To protect yourself against false alarms, follow these four simple tips:

  1. Have your service provider set up your alarm system to call your mobile phone first, then your home phone second. If you don’t answer the phone, then they will call the police.
  2. Program your mobile phone with your alarm service provider’s number and call them the second you falsely set off your alarm. Memorize your PIN so you aren’t fumbling for it.
  3. Don’t carry your PIN in your wallet. If your wallet is lost or stolen, your address and alarm PIN are in the hands of a stranger.
  4. Whenever setting up access for anyone to enter your home while you’re away, your risk for false alarms goes up dramatically. Provide specific hands-on instruction on how to disable and reset the alarm. Telling someone over the phone how to do it is often insufficient.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

Is That Mobile Application Invading My Privacy?

Facebook now offers “Home.” Facebook says “With Home, everything on your phone gets friendlier. From the moment you turn it on, you see a steady stream of friends’ posts and photos. Upfront notifications and quick access to your essentials mean you’ll never miss a moment. And you can keep chatting with friends, even when you’re using other apps. Cover feed puts the spotlight on whatever friends are sharing now—photos, status updates, links and more.”

CNN reports “Built-in GPS technology means smartphones know where a person is at any given time. Phones with Facebook Home could access this information at any time to determine what businesses or neighborhoods you visit the most or even where you live. That data could then be used to serve up a more personalized ad, such as a coupon for a store you’re near or coffee shop you visit every Sunday. A Facebook representative told CNN that Home will not actively track users’ GPS location.”

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions:

An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.28

One developer of online ads and mobile apps acknowledged, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.”

And since then, our level of engagement with mobile apps has only increased, while no meaningful steps have been taken to prevent applications’ access to your data. The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy. The information also can be abused for identity theft and other malicious purposes.

Facebook Home may have the best intentions and could very well be a great addition for any heavy Facebook user. And keep in mind, every application you install wants more access to who/what/where/when about you so they can send you targeted ads.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Yes, There are “Mother’s Day” Scams

With Mother’s Day just around the corner, cybercriminals are working up ways to take advantage of this time when you’re online looking to buy flowers, candies, perfumes, jewelry or whatever gifts for mom might be hot this year. Phishersfollow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays and the change in seasons. They also capitalize on significant events and natural disasters.

They are trying to get you to click links that will either infect your PC with malware, or visit a website that offers you too good to be true deals on gifts for mom. If you download malware from a bad link, everything you type into your computer could be recorded by the cybercriminal, you could be unknowingly sending them your personal information, or the malware could render your machine useless. Entering your personal and credit card information on a fake site could results in charges on your card, never receiving the item you “purchased, “ and even the possibility of new cards opened in your name.

To help make this Mother’s Day enjoyable for you and your mom, make sure to follow these steps when shopping online:

Be wary of offers that are too good to be true—the usually are.

Always be suspicious when you receive an email or text message from a company asking for personal information—legitimate companies do not ask for personal information in emails or texts

Don’t click on a link in emails, texts, or chats from someone you don’t know

To ensure you’re visiting the correct site, type the store site URL into your browser’s  address bar or use a safe search plug-in, like McAfee® SiteAdvisor® , that comes with McAfee® All Access, and shows you in your browser search results if a site is safe or not.

Use comprehensive security software on all your devices that includes anti-spam and malware protection.

Make sure you protect yourself so you don’t get your credit card maxed out and then go crying to your mom on Mother’s Day.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Are you Hackable or Uncrackable? “Password Day” is Today!

Yes, such a day exists and it’s today, May 7th 2013. Intel and McAfee are working to make sure consumers increase their security awareness and front line of digital protection by asking everyone to change their passwords today.

Reuse of passwords across multiple sites is a big problem. In the digital world, many of us are much more vulnerable than we need to be. For example, it’s very likely that your Amazon password is the same as your Gmail password and also the same one you use for online banking and your Facebook account.

In fact, 74% of Internet users use the same password across multiple websites1, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss.

And what’s worse is that many people use simple, easy to guess passwords. A recent study found that the most common passwords people use are “password,” “123456,” and “12345678.”2 No wonder cybercriminals are finding it so easy to get into our accounts.

The solution is as simple as changing your habits. Take a moment to protect yourself in a basic area of security, and you can save hours of trouble. In fact you can test how hackable your password is with this tool from Intel.

If you need help moving from just one password, here’s a trick: Use one for your bank accounts, another for email and social networking accounts, so if your email account gets hacked, your bank account isn’t compromised. For more tips on how to create a simple, secure password, read this article.


Here are some other tips to protect your password:

Avoid logging onto sites that require passwords on public computers, such as those at an Internet café or library—these computers may contain malware that could “record” what you are typing.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop—your passwords and other data can be intercepted by hackers over this unsecured connection.

Don’t use the “remember me” function on your browser or within apps—if you walk away or lose your device, someone could easily login to your accounts.

Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date to avoid malware that could “see” what you are typing on your device or unknowingly send data to hackers.

Password Day is more than a day, it’s a way of life. Don’t leave the backdoor to your life open. Pledge to change yours today.

For more information, join @Intel@McAfeeConsumer@StopThnkConnect and @Cyber (the Department of Homeland Security) for a tweet chat today at 3pm ET on protecting your passwords. To participate simply use the hashtag #ChatSTC.


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Graduates: 10 Stupid Things You Don’t on Facebook

You’ve done it. You’ve graduated at last. Your whole life is in front of you. Now is the time to make plans, embrace the world, take responsibility, make a statement, do some good and make this place better than how you found it.

And this should go without saying, but please don’t be stupid.

I’m not preaching here; the fact is I am fully qualified to discuss this topic because every day when I wake up, I tell myself, “Today I’m not going to say something stupid.” But, being human, I often do or say stupid stuff. However, rarely do I make it public online.

Listen. I know it’s hard. I know you can’t help yourself. I know you think you know everything and I know you are telling me to shut up. But in the words of the lovely and talented Fire Marshal Bill: “LET ME TELL YA SOMETHING!”

What you say, do, post, like and even whom you friend on social networks will affect every moment of your life going forward. Social is the new norm, and even adults are guilty of the stupidity of putting something online that gets them busted.

With graduation coming and millions of you getting ready to enter the workforce, you need to be aware of what is and isn’t appropriate in the professional world. While many employers expect that their employees will maintain social media profiles and even support work initiatives via those channels, as a new grad, you need to be aware that your missteps in social media could taint your employer’s image and damage your professional reputation. When people do not use good judgment when posting and share the wrong content with the wrong people, they can jeopardize their careers.

According to McAfee’s Love, Relationships and Technology study, 13.7% of millenials (18-24 year olds) know someone who was fired because of personal images or messages that had been publicly posted and 13% of adults have had their personal content leaked to others without their permission


It’s time to face the facts.

  2. Don’t do that! Learn from other people’s mistakes. When you see someone get in trouble, fired or arrested, DON’T DO THAT.
  3. Don’t friend people you don’t know. You have 3ooo friends? Seriously?
  4. Don’t take or allow others to photograph/video you with alcohol in your hands, drinking, smoking, doing anything illegal, scantily clad (or less) or making those stupid selfie fishy faces. You are an adult now.
  5. Don’t like, share or retweet racist, homophobic or off-color media or comments that make you look like a jerk.
  6. Don’t swear. EVER. It’s OK to say flippin’, freakin’, heck, maybe even effing, and shite. But once you start dropping F bombs, you look like an angry, uncouth juvenile delinquent. And seriously, I swear like cage match fighter—but not online. And I don’t care what your privacy settings are.
  7. Don’t log on while amorous or inebriated. Nothing good can come of that. Revenge porn anyone?
  8. Don’t ever talk about anyone in authority—your boss, coworkers, teachers, students, the president or anyone, for that matter—in a negative tone. Seriously. Unless the person is a serial killer or oppressive dictator, play nice.
  9. Don’t be so public. Lock down your settings. Most social networks have privacy settings that need to be administered at the highest level. Default settings generally leave your networks wide open to attack.
  10. As Howard Stern’s dad used to say to him: “I told you not to be stupid, you moron.”

You have been warned.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Like Mom Said, “Don’t Open the Door for Strangers”

Someone successfully posing as a health inspector, police officer or even a Secret Service agent happens every single day. Posing as a water inspector, I once gained access to people’s homes by saying I needed to “check the colorization of their water,” as I demonstrated on The Montel Williams Show here. A fake badge and a uniform of any kind can do wonders.

The Baltimore Sun reports that Baltimore Gas and Electric Co. is warning customers about scams in which people pose as BGE employees in person or over the telephone to steal money, valuables or credit card information. The article states that according to BGE, “Impostors also might appear at a home or business wearing official-looking clothing and showing fake credentials. BGE workers usually only require entry into a home for a gas or electric emergency, to check equipment, read meters or start or stop service. All BGE employees and contractors carry company identification badges showing their name, photograph and identification number.”

People can easily pose as city officials, delivery or service people, or as someone whose car broke down and needs assistance. The moment you open that door, you are risking your family’s safety.

My family’s number-one rule is that we do not open doors to strangers. That’s it, end of story. My younger ones want to show how big they are by getting the door, but they now know better that they aren’t at all allowed to open it without a parent’s permission.

The rules apply to grown-ups, too.

  • Always have your screen door and your entry door locked at all times.
  • Install a surveillance system at each entrance that gives you a facial and full-body view of visitors.
  • If you order products to be delivered to your home, specify “No signature required.” This way, you can set up a place for the deliveries that allows delivery people to drop the package off.
  • Any time a city worker knocks on your door, call city hall to verify that the person should be there.
  • It’s not enough to check a badge, license or credentials. IDs can easily be faked.
  • Have your home alarm system on all day—even while you are home.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

How Do I Restore My Identity Once It Has Been Stolen?

The Federal Trade Commission offers invaluable tools for restoring your identity if it has already been compromised. The tools can be found at the FTC Recovery Guide page. On this website, you will find a complaint form, affidavit of your identity, and sample letters. You will also find a log to chart your actions while restoring your identity. It is important to utilize this log to keep a record of contacts you have made with the authorities, credit card com­panies, banks, and credit bureaus. If something gets lost in the process, the log ensures detailed notes to help prove your efforts, and ultimately, rescue your identity from a criminal.

If you have an all-encompassing identity theft protection service, your provider can take care of much of the restoration.

The first call you make should be to the police, to report the crime. According to the FTC, “A police report that provides specific details of the identity theft is considered an Identity Theft Report, which entitles you to certain legal rights when it is provided to the three major credit reporting agencies or to companies where the thief misused your information. An Identity Theft Report can be used to permanently block fraudulent information that results from identity theft, such as accounts or addresses, from appearing on your credit report. It will also make sure these debts do not reappear on your credit reports. Identity Theft Reports can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. An Identity Theft Report is also needed to place an extended fraud alert on your credit report.”

When filing an identity theft report, you will first want to fill out an ID Theft Complaint with the FTC, which you should bring with you to the police station.

They key to restoring a stolen identity is to exercise patience. Recognize this is not the end of the world, it’s an inconvenience and can be fixed with time and persistence.

How to Protect WiFi When Flying

When getting on a flight that’s three to five hours (or more), many business professionals wrestle in their heads whether to spend the $12.95 on airplane WiFi, take a nap or watch the movie—or, if their company is paying for it, they might do all three. But here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, do you really think it’s a good idea to connect?

What savvy business travelers aren’t savvy about is security—or, specifically, the lack thereof in airplane WiFi. When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing yourdata. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

Another issue flyers face when booting up is that their WiFi card generally defaults to seeking out a known WiFi connection and then automatically connects, like when you are home and you automatically connect upon booting upbecause at one point in your settings you checked that option. But on a plane (or anywhere, really), an evil hacker can set up what’s called an “evil twin,” which is a rogue wireless network specifically set up by a bad guy to trick you into manually connecting or to trick your device into automatically connecting. Once you’re hooked, all of your information travels through his device and he captures every packet of wireless data.

Protect yourself.

#1 When WiFi is not in use, head over to your wireless network manager and right-click to disable your wireless network connection. Some laptops have a switch and others have a keyboard key.

#2 If you plan to connect to in-flight service, you need to protect your information with a VPN. Hotspot Shield VPN is a free proxy that protects your device’s data by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS. With Hotspot Shield, your device basically will be surfing through a protected tunnel throughout the in-flight service.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

A Predator Is Always a Predator

With the 750,000 registered sex offenders in the U.S., the thousands more unaccounted for, and even the thousands more who’ve never been caught, know that predators live amongst us.

The question always arises as to whether or not a sex offender can be rehabilitated. I’m sure that a handful of Level 1s and 2s can be, but once a predator, always a predator. It’s their nature. It’s their normal.

There are a bunch of free sites you can go to that will let you know the current living situations and general whereabouts of registered sex offenders in your town. Take advantage of every opportunity you can to learn where the bad guys are.

Know how to fight. Know how to defend yourself from a predator. Understand all the vulnerable points of the human body and what parts of your body can be used as weapons. Go for the eyes, nose, throat, groin, and instep of the foot. Know how to fight from the ground, if attacked from behind, or when a distraction is used in front.

Determine if you want to carry a weapon, but know that your brain is your best defensive weapon. Carry a weapon if you’re properly trained, and not a day before. Years ago, my childhood hero was a Chicago cop named J.J. Bittenbinder. He would say, “If all else fails, let them kiss you, then bite down on their lips until your teeth meet.”


Complacency can result in bad things happening. Install a home security system, be vigilant, be alert, be aware, and know your options.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

Do I Need to be Concerned About Cybercrime?

The short answer is yes! You should be concerned. And even if you’re not concerned for yourself, with the Internet all of us are interconnected so cybercrime does not just affect one person or one group, but all of us.

Imagine your body being targeted by 100 million viruses. That is exactly what cybercriminals are doing to your networked digital devices. Laptops, desktops, Macs, iPads, iPhones, BlackBerrys, Androids and Symbian mobile phones are all at risk. Research from McAfee Labs reveals a variety of threats that exist “in the wild” that you need to be aware of.

Malware: For 2012, new malware sample discoveries increased 50% with more than 120 million samples. The nature of the threats aimed at PC users continues to become more dangerous and sophisticated as the cybercriminals invent new ways to disguise their activity. PC-targeted malware saw an increased growth in drive-by downloads (read my blog on this), which allows a cybercriminal to surreptitiously download malware from a website without your knowledge. Cybercriminals have clearly figured out that user authentication credentials constitute some of the most valuable intellectual property that can be found on most computers.

Spam and phishing: Believe it or not, spam volume has decreased…to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click.

Bad URLs: The number of new suspicious URLs increased by 70% in Q4 2012, averaging 4.6 million new, suspect URLs per month. This is almost double the previous 2.7 million per month figure from the last two quarters. 95% of these URLs were found to be host malware, exploits or code designed specifically to compromise your computers.

Mobile: The number of mobile malware samples discovered by McAfee Labs in 2012 was 44x the number found in 2011. This means that 95% of all mobile malware samples ever seen appeared in the last year. Also cybercriminals are now dedicating essentially all of their efforts to attacking Android, with 97% of malware samples found in the last year aimed at this one operating system.

Besides the proliferation in the amount of mobile devices, there are a number or reasons why cybercriminals are targeting mobile including:

Valuable information that can be found on your mobile devices, including passwords and contacts and the fact that 36% of users lacking basic protection such as a PIN to lock the device

New “opportunities” to make money, such as malware that sends premium text messages that you get charged for but not notice on your device

The fact that some users “hack” their phones to customize the interface or add functionality, thus allowing hackers to exploit the device’s vulnerabilities

The ability to install malware that blocks software updates from your carrier – some of which are designed to protect against security holes

The threat landscape continues to evolve on many fronts in ways that threaten both consumers, small-to-medium-sized businesses and large enterprises. This is why it is critical for you to use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date.

Source: McAfee Q4 2012 Threats Report

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)