Caller ID Spoofing Effective in Identity Theft

/in /by

Caller ID spoofing is when a telephone’s caller ID displays a number that does not belong to the person calling. The telephone network is tricked into displaying this spoofed number as a result of flaws in caller ID technology. Caller ID spoofing can look like the call is coming from any phone number. People inherently trust caller ID simply because they are unaware that caller ID spoofing exists.

WKYC in Ohio reports, “Police want residents to be aware that scammers are using caller ID spoofing in an attempt to trick them into thinking they are talking to a police officer.” Recently an elderly resident contacted police to report a possible scam. According to the report, “She said she was contacted by someone claiming to be an FBI agent who wanted personal information in order to award a $600,000 sweepstakes. He told her she could call her local police department to confirm it was not a scam. As an officer was speaking with the resident, she received another call that came up on caller ID with the name and phone number of a North Canton police detective.”

Pretty scary and very effective. Most people, including me, rely on caller ID for most or all calls. When the name or number of a familiar person appears, I’m likely to say “Hello John” and expect John’s voice. But by trusting this technology, we open ourselves up to scams like the one above.

To avoid this scam, simply recognize it exists, and be on guard in situations where you don’t recognize the voice or the caller is offering a reward, winnings or anything that seems out of place, too good to be true or in some way shape or form surprises you.

Hang up the phone on scammers—especially when they keep calling back. Eventually they will stop when they realize you’re not an idiot. Identity theft protection can’t protect you here, but being savvy will.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Robert’s FREE ebook, text SECURE Your@emailaddress to 411247. Disclosures.

Will Obamacare Lead to Identity Theft?

/in /by

The fear mongers and Obamacare haters make a scary point and want you to know that as soon as the Patient Protection and Affordable Care Act goes live, your identity will be at risk and, more than likely, stolen. Forbes reports in regard to what’s called the Obamacare-mandated “data hub” in which personal records are exchanged among seven different agencies—the Internal Revenue Service, the Social Security Administration, the Department of Homeland Security, the Veterans Health Administration, the Department of Defense, the Office of Personnel Management and the Peace Corps.”

Obamacare is required to protect our data under the National Institute of Standards and Technology guidelines. However, naysayers believe the administration will open the system without proper security certification because Obama will offer a waiver.

It is scary enough that seven different agencies will have the data on file—and scarier still that the possibility of a waiver being granted is very possible due to the enormity of the project.

Right now, pre-Obamacare, your personal identifying information is being shared or stored amongst dozens or potentially hundreds of organizations that you have interacted with since birth. So what’s the big deal with another seven? Unfortunately, it’s another touch-point where your information can be viewed, hacked and stolen.

My suggestion: Don’t worry about it. Seriously, don’t worry about it. However, you must DO something about it and I have two suggestions:

  1. Get a credit freeze. Search “credit freeze” and the name of all three credit bureaus separately. Freeze your credit. But that’s not enough.
  2. Get identity theft protection. I have a credit freeze and identity theft protection. With these multiple layers of protection, my data is next to useless to a thief.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Robert’s FREE ebook, text SECURE Your@emailaddress to 411247. Disclosures.

10 Ways to Protect Your Twitter Account From Getting Hacked

/in /by

Recent news of Twitter accounts being hacked has slowed a bit, partly due to Twitter implementing two-factor authentication. When you sign in to Twitter.com, there’s an option in “Settings” under “Account security” for a second check to require a verification code to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address. To get started, follow these steps:

  • Visit your account settings page.
  • Select “Require a verification code when I sign in.”
  • Click on the link to “add a phone” and follow the prompts.
  • After you enroll in login verification, you’ll be asked to enter a six-digit code that Twitter will send to your phone via SMS each time you sign in to www.twitter.com.

In cases where more than one person accesses the same Twitter account, Twitter’s two-factor authentication is less effective. Create an open dialog with fellow account holders and share second-factor authenticating identifiers via text.

Some more tips:

  1. Limit the number of people that have access to your account.
  2. Use a strong password.
  3. Use Twitters login verification.
  4. Watch out for suspicious links, and always make sure you’re actually on Twitter.com before you enter your login information.
  5. Never give your username and password out to untrusted third parties, especially those promising to get you followers or make you money.
  6. Make sure your computer and operating system is up to date with the most recent patches, upgrades and anti-virus software.
  7. Beware of phishing. Phishing is when someone tries to trick you into giving up your Twitter or email username and password, usually so they can send out spam to all your followers from your account. Often, they’ll try to trick you with a link that goes to a fake login page.
  8. Beware of typosquatting or cybersquatting. Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter.
  9. Beware of short urls. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service, such as URL Expanders for Internet Explorer and URL Expanders for Firefox.

10. Use aVPN (Virtual Private Network). Protect your private information and sensitive data from snoopers and hackers while surfing the web at WiFi hotspots, hotels, airports and corporate offices with Hotspot Shield VPN’s WiFi security feature.

 

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Getting Cybersmart and Staying Dutifully Employed

/in /by

Knowing what I know today, if a 15-year-old asked me what she should be when she grows up, I’d say cybersecurity professional. The unfortunate fact is that bad guys are everywhere—and if you are in the security industry, bad guys are good for business.

There are many ways and resources for people, especially young adults, to become cybersmart. It’s more than a trend; it’s an up-and-coming career area. USA Today reports, “For younger people, there are a growing number of cybereducational opportunities, starting even before the college level, which can make them particularly effective at thwarting cyberattacks and may spark their desire to pursue cybersecurity careers.”

Resources to become a cybersecurity professional.

CyberPatriot: This is the premier national high school cyberdefense competition. It was created by the Air Force Association to inspire high school students toward careers in cybersecurity or other science, technology, engineering and mathematics (STEM) disciplines critical to our nation’s future.

Maryland Cybersecurity Center (MC2): By targeting students as early as middle and high school, MC2 is stimulating early interest in the field of cybersecurity, providing students with the knowledge and preparation they need to be successful in their future post-secondary studies and eventual careers.

Center for Cybersecurity Education at the University of Dallas: This educational program has been designated by the National Security Agency (NSA) and Department of Homeland Security (DHS) as a National Center of Academic Excellence in Information Assurance.

Champlain College: This Vermont college provides a foundation for understanding how computers and networks communicate securely. It also builds on that foundation with courses designed to help students understand the nature and impact of cyberthreats, as well as how to prevent them.

Bellevue University Center for Cybersecurity: This Nebraska college’s center brings together the best cybersecurity education programs with highly qualified faculty who possess the kind of real-world experiences.

So do you have what it takes to be a chief security officer (CSO)? I believe CSOs are the future of technology, because without them, bad guys will take over technology and we will devolve into chaos.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

How Likely Am I to Be a Victim of Mobile Crime or Data Theft?

/in /by

Imagine your body being targeted by 100 million viruses. That is exactly what’s happening to your networked digital devices. Laptops, desktops, netbooks, Macs, iPads, iPhones, BlackBerrys, Androids and Symbian mobile phones are all at risk. Research from McAfee Labs reveals a variety of threats:

  • Mobile: Android has become the most popular platform for mobile malware. Hundreds of Android threats soared from the middle of 2011 into thousands of threats in early 2012 into 2013. The bulk of these threats spread through third-party app stores and were financially motivated.
  • Malware: In the first quarter of 2012, PC malware developers delivered their most productive quarter ever, supporting a forecast of 100 million pieces of malware before the end of 2013. Malicious developers are building more rootkits (software designed to evade detection) and password-stealing Trojans (software that collects the information required to break into a device or an account). Like many consumers, they also like the Mac.
  • Spam and phishing: Believe it or not, spam volume has decreased to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click. In 2012, nearly all targeted attacks started with a spear phish cast.
  • Botnets: Botnets are groups of infected computers—often consumer PCs—that criminals manipulate to send spam, process fraudulent transactions, or conceal other nefarious activities. In 2012, infected bots reached five million.
  • Bad URLs: McAfee is recording 10,000 new risky or malicious websites each day. Website URLs, domains, subdomains and particular IP addresses can be deemed “bad” because they are used to host malware, phishing websites or potentially unwanted programs.

While these numbers do not yet approach the volumes of incidents occurring on PCs, they make it clear that mobile devices are genuine and increasing targets. For you as a user, forewarned is forearmed.

To avoid becoming a victim:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
  3. Use a private VPN. Hotspot Shield VPN, which is free to download, creates a virtual private network (VPN) between your iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures

Children Heading Back to School Face Identity Theft Risk

/in /by

This isn’t rocket science. We have millions of children registering for schools in person, online, over the phone, via email and through the mail. All of these transactions involve personal identifying information including names, addresses and Social Security numbers.

All of these exchanges of data can be breached in some way by those on the inside of these organizations, hackers from the outside or simply from someone stealing mail or going through the organization’s trash.

The problem here is that once a bad guy gets hold of the child’s Social Security number, he or she can then open new lines of credit under that child’s identity simply by lying and saying the child is 18 years or older. With that information in the wrong hands, that child will face serious issues as a young adult when he/she is starting a new life and career out of high school.

Dallas News reports, “Criminals create a synthetic ID by combining a child’s Social Security number with a different date of birth to fabricate an identity that can be used to commit fraud. ‘Synthetic identities are very difficult to detect,’ reported a Javelin study. Guarding your child’s Social Security number is critical to protecting his or her identity.”

Guarding a child’s Social Security number is like guarding a credit card number. It’s bad advice and doesn’t work. You can’t protect numbers once they are handed over to anyone. Once in the wild, they are vulnerable.

Best advice:

  1. Apply for a fraud alert through the three credit bureaus every quarter to six months to confirm no credit report has been issued. However, this may or may not produce a report based on synthetic identity theft—and it’s also time consuming.
  2. Invest in a family identity theft plan that also protects your children. The service will watch their Social Security numbers in the wild, and a good service will repair any damage done if the theft isn’t caught up front.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Robert’s FREE ebook, text SECURE Your@emailaddress to 411247. Disclosures.

4 Tactics Cybercriminals Are Using to Steal From Us

/in /by

Today McAfee Labs™ released the McAfee Threats Report: Second Quarter 2013, which reported that the cybercriminal community is using four main tactics to steal our identities, and our money. As consumers, it’s critical that we are aware of the ways the hackers are trying to attack us and here’s the four main ways:

1. Malicious apps on Android-based mobile devices
2. Infecting websites to distribute malware
3. Holding your devices hostage with ransomware
4. Sending spam promoting fake pharmaceutical drug offers

1. Malicious apps for Android
This quarter nearly 18,000 new Android malware samples were added to the McAfee Labs database. Most of this growth is from malicious apps that are designed to steal your information, spy on your phone activities, or take your money. Halfway through 2013, McAfee Labs has already collected almost as many mobile malware samples as it did in all of 2012.

The motivation for deploying mobile threats is rooted in the inherent value of the information found on mobile devices, including passwords, contacts and access to financial information. You need to be proactive and protect your mobile devices with comprehensive security software and be especially mindful of where you download apps from, and what permissions it is asking to access on your mobile device, before you install them.

AndroidMalware_Q2ThreatsGraphic

2. Infecting websites to distribute malware
McAfee Labs very carefully tracks suspicious websites on an hourly basis. This quarter, they observed a 16% increase in suspicious URLs, bringing the total to nearly 75 million. Adding to the growth from last quarter, cybercriminals are continuing the move to drive-by downloads as their primary means to distribute malware.

96% of these suspicious URLs host malware, exploits, or codes that have been designed specifically to compromise computers. This growth shows that these sites are an easy and successful way for cybercriminals to distribute malware. You should take care to make sure you’re using a safe search tool to visit sites so you know they are safe before you click.

3. Holding your devices hostage with ransomware
Ransomware holds your computer or mobile device and the data on it hostage until you pay to free it. Ransomware is a serious threat and it’s getting worse—McAfee Labs found more than 320,000 new, unique samples this past quarter, more than double from the first quarter of this year.

Anonymous payment methods make this an efficient way for cybercriminals to make money without a lot of implications of being caught. You should always take precautions to back up your valuable data and should not pay the ransom to get your computer “back,” as often times even when the fee is paid, the cybercriminal does not “free” your computer or mobile device.

4. Sending spam promoting fake pharmaceutical drug offers
After almost three years of declining volume, global spam increased this quarter. In April, spam volume surpassed 2 trillion messages, the highest figure since December 2010. A slight decline in May and June still left the count higher than any time since May 2011. More than 5.5 trillion spam messages were delivered this quarter, representing approximately 70% of global email volume.

Pharmaceutical drug offers are one of the top spam subject lines for and compromise anywhere from 17 to 50% of the subject lines depending on the country. To protect yourself from spam, you should make sure your security software includes an anti-spam feature as well as making sure that you don’t open or click on any links in the spam messages.

Just like protecting yourself from crime in the physical world, you need to protect yourself in the digital world. One way to do this is to protect all your devices including PCs, Macs, smartphones and tablets with one solution, McAfee LiveSafe™ service. Of course you should still take care to educate yourself on the latest threats and techniques that cybercriminals use and be suspicious of anything that doesn’t seem right.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

5 ways to Protect Privacy on Mobile Devices

/in /by

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances—without consumers knowing their rights and actively protecting their own privacy and personal data—that data could be used unethically.

Privacy is your right. But in our digital, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down. It’s that part of life that is shared between you and your loved ones and which is not communicated, recorded, broadcast or reproduced on the internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

In addition to reading “terms and conditions” and the privacy policies of apps and websites, now is a good time to check your privacy settings on social networking sites and other sites you already use. Don’t share by default; share by choice. Ensure you have a strong password and be aware of where and with whom you are sharing your personal data.

In addition, turn off features on your device that expose your device and may share information about you, such as location, GPS and Bluetooth. When you want to use these features, you can always turn them on temporarily.

  1. Install the latest antivirus software on your devices. Antivirus software is a must-have utility to protect your computer from viruses, spyware, Trojans and worms. These malicious programs are designed to invade your privacy and steal your personal data. As such, it’s critical for you to protect your devices with the latest antivirus program(s).
  2. Use a personal virtual private network (VPN). While antivirus programs do a good job of protecting your computer, it doesn’t secure your browsing session or your internet communications. A VPN is a perfect complement to an antivirus program. VPN services such as Hotspot Shield VPN protect your privacy online and secure your web sessions by creating a secure “tunnel” on the internet between the VPN server and your device. Hotspot Shield is available for iPhone/iPad and Android devices
  3. Use strong passwords. Most people tend to use their names, birthdates, driver’s license numbers or phone numbers to create passwords. The most common password, believe it or not, is the word “password.”
  4. Be careful what you share on social networking sites. Social networking sites such as Facebook have very vague and complicated privacy policies. In fact, their business models are based on trading, sharing or selling your private data to advertisers and marketers.
  5. Delete or clear the tracking cookies. Tracking cookies are small pieces of code that websites attach to your computer to store information about your online activities.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Making a Case for Mobile Payment

/in /by

Mobile payment can transform your shopping experience, making it more convenient and easy—and it’s secure, too!

Forbes reports, “Shopping has become very impersonal. Few people have a relationship with a salesperson who knows their style and preferences and can direct them to the right items at the right prices as soon as they walk in the door. But wouldn’t that be nice? Preferable, certainly, to wandering cavernous stores, fending off pushy salespeople who don’t even bother to learn our names, much less our favorite colors and fabrics.”

Mobile payment will mean much more one-to-one marketing—meaning specific deals and promos could be specially targeted to individual consumers based on their buying habits. Sooner rather than later, based on the information on a mobile phone app that consumers carry while shopping, they will be “recognized” as being in the store and recommendations, discounts, coupons—all in the form of specific customized offers—will pop up.

And mobile is secure, too. There are various mobile payment delivery options. Near field communication is a contactless delivery system that involves a chip that is either built into the phone itself, into a card within the phone, or a sticker attached to the phone. There are also new applications that facilitate mobile payments, most of which involve a barcode that the user scans at a store register.

As you increasingly use your phone for mobile payments, be aware that the phone correspondingly increases in value to thieves and hackers. So keep track of your cell phone. You wouldn’t leave your wallet on a bar and walk away, and you shouldn’t do that with your phone, either. And be cautious when visiting websites on your phone’s browser, clicking on links or responding to text messages.

So how do I conduct safe mobile payments?

  • Pay attention to your credit card statements to check that you are paying for what you actually purchased.
  • Only download mobile payment applications from a reputable app store. Check user reviews of the app and make sure to read the app’s privacy policy regarding what data of yours it is accessing and sharing.
  • Don’t conduct any mobile transactions over an unsecured WiFi connection. It’s much more secure to use your mobile data network.
  • Keep your mobile software current. This includes installing the latest updates for your operating system, mobile browser and mobile security software.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Serious Growth for mCommerce in 2012

/in /by

The practice of mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present.

Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services, and it is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security concerns of mCommerce.

Some consumers in the U.S. have had bad experiences with criminal hacking and data breaches and so are concerned about their security. As a result, they are waiting for the various handset manufacturers (in other words, those who make the phones), mobile carriers (those who provide mobile service) and third-party technology providers (those who make the technology that facilitates financial transactions) to agree on standardization that will lead to more secure transactions.

Regardless, EcommerceTimes.com reports in its holiday retail edition that Foresee, a customer experience analytics firm, saw the Mobile Satisfaction Index jump two points over Christmas 2011 to a score of 78 on a 100-point scale.

When it comes to individual companies, Amazon took the number-one spot with a score of 85. Apple and QVC were next with scores of 83, with NewEgg and Victoria’s Secret coming in at 80 in the report. Those at the bottom of the list of 25 mobile retailers include Shop NBC with a score of 73, and Sears, RueLaLa, Overstock and Gilt.com, which each earned a 74 in the ratings.

The study shows that the mobile platform is maturing faster than the traditional web. But this will also mean criminals are moving to mobile as an attack vector.

To stay safe while mobile shopping:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
    1. Use a private VPN. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop, iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network. Hotspot Shield is available for iPhone/iPad and Android devices

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.