Like Mom Said, “Don’t Open the Door for Strangers”

/in /by

Someone successfully posing as a health inspector, police officer or even a Secret Service agent happens every single day. Posing as a water inspector, I once gained access to people’s homes by saying I needed to “check the colorization of their water,” as I demonstrated on The Montel Williams Show here. A fake badge and a uniform of any kind can do wonders.

The Baltimore Sun reports that Baltimore Gas and Electric Co. is warning customers about scams in which people pose as BGE employees in person or over the telephone to steal money, valuables or credit card information. The article states that according to BGE, “Impostors also might appear at a home or business wearing official-looking clothing and showing fake credentials. BGE workers usually only require entry into a home for a gas or electric emergency, to check equipment, read meters or start or stop service. All BGE employees and contractors carry company identification badges showing their name, photograph and identification number.”

People can easily pose as city officials, delivery or service people, or as someone whose car broke down and needs assistance. The moment you open that door, you are risking your family’s safety.

My family’s number-one rule is that we do not open doors to strangers. That’s it, end of story. My younger ones want to show how big they are by getting the door, but they now know better that they aren’t at all allowed to open it without a parent’s permission.

The rules apply to grown-ups, too.

  • Always have your screen door and your entry door locked at all times.
  • Install a surveillance system at each entrance that gives you a facial and full-body view of visitors.
  • If you order products to be delivered to your home, specify “No signature required.” This way, you can set up a place for the deliveries that allows delivery people to drop the package off.
  • Any time a city worker knocks on your door, call city hall to verify that the person should be there.
  • It’s not enough to check a badge, license or credentials. IDs can easily be faked.
  • Have your home alarm system on all day—even while you are home.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How Do I Restore My Identity Once It Has Been Stolen?

/in /by

The Federal Trade Commission offers invaluable tools for restoring your identity if it has already been compromised. The tools can be found at the FTC Recovery Guide page. On this website, you will find a complaint form, affidavit of your identity, and sample letters. You will also find a log to chart your actions while restoring your identity. It is important to utilize this log to keep a record of contacts you have made with the authorities, credit card com­panies, banks, and credit bureaus. If something gets lost in the process, the log ensures detailed notes to help prove your efforts, and ultimately, rescue your identity from a criminal.

If you have an all-encompassing identity theft protection service, your provider can take care of much of the restoration.

The first call you make should be to the police, to report the crime. According to the FTC, “A police report that provides specific details of the identity theft is considered an Identity Theft Report, which entitles you to certain legal rights when it is provided to the three major credit reporting agencies or to companies where the thief misused your information. An Identity Theft Report can be used to permanently block fraudulent information that results from identity theft, such as accounts or addresses, from appearing on your credit report. It will also make sure these debts do not reappear on your credit reports. Identity Theft Reports can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. An Identity Theft Report is also needed to place an extended fraud alert on your credit report.”

When filing an identity theft report, you will first want to fill out an ID Theft Complaint with the FTC, which you should bring with you to the police station.

They key to restoring a stolen identity is to exercise patience. Recognize this is not the end of the world, it’s an inconvenience and can be fixed with time and persistence.

How to Protect WiFi When Flying

/in /by

When getting on a flight that’s three to five hours (or more), many business professionals wrestle in their heads whether to spend the $12.95 on airplane WiFi, take a nap or watch the movie—or, if their company is paying for it, they might do all three. But here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, do you really think it’s a good idea to connect?

What savvy business travelers aren’t savvy about is security—or, specifically, the lack thereof in airplane WiFi. When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing yourdata. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

Another issue flyers face when booting up is that their WiFi card generally defaults to seeking out a known WiFi connection and then automatically connects, like when you are home and you automatically connect upon booting upbecause at one point in your settings you checked that option. But on a plane (or anywhere, really), an evil hacker can set up what’s called an “evil twin,” which is a rogue wireless network specifically set up by a bad guy to trick you into manually connecting or to trick your device into automatically connecting. Once you’re hooked, all of your information travels through his device and he captures every packet of wireless data.

Protect yourself.

#1 When WiFi is not in use, head over to your wireless network manager and right-click to disable your wireless network connection. Some laptops have a switch and others have a keyboard key.

#2 If you plan to connect to in-flight service, you need to protect your information with a VPN. Hotspot Shield VPN is a free proxy that protects your device’s data by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS. With Hotspot Shield, your device basically will be surfing through a protected tunnel throughout the in-flight service.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

A Predator Is Always a Predator

/in /by

With the 750,000 registered sex offenders in the U.S., the thousands more unaccounted for, and even the thousands more who’ve never been caught, know that predators live amongst us.

The question always arises as to whether or not a sex offender can be rehabilitated. I’m sure that a handful of Level 1s and 2s can be, but once a predator, always a predator. It’s their nature. It’s their normal.

There are a bunch of free sites you can go to that will let you know the current living situations and general whereabouts of registered sex offenders in your town. Take advantage of every opportunity you can to learn where the bad guys are.

Know how to fight. Know how to defend yourself from a predator. Understand all the vulnerable points of the human body and what parts of your body can be used as weapons. Go for the eyes, nose, throat, groin, and instep of the foot. Know how to fight from the ground, if attacked from behind, or when a distraction is used in front.

Determine if you want to carry a weapon, but know that your brain is your best defensive weapon. Carry a weapon if you’re properly trained, and not a day before. Years ago, my childhood hero was a Chicago cop named J.J. Bittenbinder. He would say, “If all else fails, let them kiss you, then bite down on their lips until your teeth meet.”

Nice.

Complacency can result in bad things happening. Install a home security system, be vigilant, be alert, be aware, and know your options.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Do I Need to be Concerned About Cybercrime?

/in /by

The short answer is yes! You should be concerned. And even if you’re not concerned for yourself, with the Internet all of us are interconnected so cybercrime does not just affect one person or one group, but all of us.

Imagine your body being targeted by 100 million viruses. That is exactly what cybercriminals are doing to your networked digital devices. Laptops, desktops, Macs, iPads, iPhones, BlackBerrys, Androids and Symbian mobile phones are all at risk. Research from McAfee Labs reveals a variety of threats that exist “in the wild” that you need to be aware of.

Malware: For 2012, new malware sample discoveries increased 50% with more than 120 million samples. The nature of the threats aimed at PC users continues to become more dangerous and sophisticated as the cybercriminals invent new ways to disguise their activity. PC-targeted malware saw an increased growth in drive-by downloads (read my blog on this), which allows a cybercriminal to surreptitiously download malware from a website without your knowledge. Cybercriminals have clearly figured out that user authentication credentials constitute some of the most valuable intellectual property that can be found on most computers.

Spam and phishing: Believe it or not, spam volume has decreased…to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click.

Bad URLs: The number of new suspicious URLs increased by 70% in Q4 2012, averaging 4.6 million new, suspect URLs per month. This is almost double the previous 2.7 million per month figure from the last two quarters. 95% of these URLs were found to be host malware, exploits or code designed specifically to compromise your computers.

Mobile: The number of mobile malware samples discovered by McAfee Labs in 2012 was 44x the number found in 2011. This means that 95% of all mobile malware samples ever seen appeared in the last year. Also cybercriminals are now dedicating essentially all of their efforts to attacking Android, with 97% of malware samples found in the last year aimed at this one operating system.

Besides the proliferation in the amount of mobile devices, there are a number or reasons why cybercriminals are targeting mobile including:

Valuable information that can be found on your mobile devices, including passwords and contacts and the fact that 36% of users lacking basic protection such as a PIN to lock the device

New “opportunities” to make money, such as malware that sends premium text messages that you get charged for but not notice on your device

The fact that some users “hack” their phones to customize the interface or add functionality, thus allowing hackers to exploit the device’s vulnerabilities

The ability to install malware that blocks software updates from your carrier – some of which are designed to protect against security holes

The threat landscape continues to evolve on many fronts in ways that threaten both consumers, small-to-medium-sized businesses and large enterprises. This is why it is critical for you to use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date.

Source: McAfee Q4 2012 Threats Report

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

To VPN or Not to VPN, That is the Question!

/in /by

This question revolves around whether or not you want or need to head out into the wild, wild web wilderness exposed. By “exposed” I mean letting anyone within 300-500 feet of your device peek at the wireless data packets floating through the airand seeing all your raw data, or revealing who and where you are, what you like and don’t like, or revealing your IP address if you decide to comment on a blog or news article.

Most people feel they have nothing to hide or don’t think anyone’s really paying attention. But, in fact, we are all being stalked to a certain degree. Advertisers are watching so they can send you targeted ads; governments are watching to see if you are plotting to take them down or conducting illegal activities; your internet service provider is definitely monitoring your usage and wondering if you are downloading pirated movies, music and software; your employer may be similarly vigilant and criminals are trying to steal your identity or the identities of all your clients.

So, to VPN or not to VPN? I VPN specifically when I’m on my portable wireless devices. If I’m on my PC laptop, iPhone or iPad and I’m traveling on business, I know I’m going to be connecting to various free public WiFi clients at the airport and in my hotel. Before I connect to any WiFi, I launch Hotspot Shield VPN. It’s a free VPN, but I prefer the paid version; the expanded paid option is a little quicker and offers a cleaner interface. Either way, it’s agreat option that will protect your entire web surfing session, securing your connections on all your devices.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.

New Alarm Systems are Cost Effective and High Tech

/in /by

Alarm systems used to be clunky and expensive to install, and all they did was set off a siren when a door or window was smashed in. Today, alarms are wireless and can even adjust your thermostat!

The Boston Globe reports, “The era of clunky black-and-white video monitors and recording devices crammed here and there, of blinking lights and keypads galore, has given way to slick, low-cost technology that homeowners control with just a few clicks—from wireless surveillance cameras that are monitored remotely, to door alarms that can be activated hundreds of miles away.”

Systems today have wireless cameras, remote-controlled thermostats, remote-controlled/timed light controls, flood sensors, full web access to the cameras, touchpad controls, and even iPhone/Android apps to control/monitor cameras/thermostat from anywhere. They often have a web dashboard that lets you control every single aspect of each control to inform you of activity or to set up a reaction to an incident.

New home alarm systems are very simple and easy to program. Once you dive into them, they give you a tremendous amount of awareness of the goings-on in and around your home—and they do it automatically.

Further, the article states, “For those who don’t want bells and whistles, there are still basic burglary alarm systems available, and indeed they remain quite popular. These usually include sensors and alarms attached to ground-floor doors and windows, wall-mounted keypads and remote-control devices that can be activated with key fobs.”

Don’t wait for a burglary to get a home alarm system. Be proactive and get one before something bad happens.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

5 Signs You Are About to be Scammed

/in /by

Smart people are scammed every day because they think it can’t happen to them or they just aren’t aware of the scams. And the scammers have gotten very good at disguising their scams, so it’s often hard to recognize them.

Scamming generally involves a form of social engineering. Social engineering is the act of manipulating people into performing actions or divulging confidential information. It relies on human interactions, such as trying to gain confidence of someone through trickery or deception for the purpose of information gathering, fraud, or device access. This can take many forms, both online and offline.

Smart criminal hackers use social engineering as a very effective tool and as a part of their strategy when gathering information to piece together the parts of their scams. In my opinion, it’s just a fancier, more technical form of lying.

Social engineering has always been a “person-to-person” confidence crime. Once the scammer gains your trust, they use this information against you in the hopes of gaining access to your finances.

Be confident in your ability to outsmart the bad guys. Here’s five things you should know:

Don’t click links in emails, text messages, chat. Any link, whether shortened or not, can point to somewhere it shouldn’t. If you need to click on the link, make sure you have security software installed that will block you from automatically being directed to a malicious site.

Be wary of multiple recipients and who the email is from. If the email is going to you and a dozen other people, or it’s from your bank but the from email address is: yourbank@gmail.com, then you should be suspicious.

Note generic/spammy/nonexistent subject lines. Look in your spam folders. There are some pretty ridiculous subject lines, right? If something like that shows up in your inbox, delete it.

Down with scammer grammar. If it is SPELD rong or IN ALL CAPs or ,has ,those ,stupid ,commas in the wrong ,place, it’s a scam.

Urgency or ridiculous requests. There is no hurry; you didn’t win anything and your uncle from Latvia didn’t leave you any money. Just delete ‘em.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Safety Tips for Online Dating

/in /by

By Angie Picardo

According to identity theft expert Robert Siciliano, “Millions of people use online dating sites to broaden their networks and meet potential mates, but not everyone on these sites are sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust, and eventually, your money.” When seeking friends or dates via the internet, people often tend to be overly optimistic or trusting, but it is important to remember that some people may take advantage of the your trust. Here are some tips for staying safe while making friends online.

  • Keep your personal information personal. Details about where you live and work, your phone number or email address, or details that would lead someone to you with minimal effort should not be put in an online profile or shared with someone you’ve barely started communicating with. When selecting a profile name, don’t use your first and last name. Instead, choose a nickname or other title for yourself so that potential dates don’t have the key information for looking you up and learning too much about you in advance. If you’ve started talking to someone you feel you would like to exchange personal information, consider offering a secondary email account (email addresses are free and nothing stops you from having more than one) that isn’t directly linked to you or your work.
  • Trust yourself. Use common sense and your instincts to stay away from risky situations. If you feel nervous about someone or something, don’t go; you probably feel that way for a reason. If the person is really interested in you, she or he won’t hate you for rescheduling for a later time. Another part of trusting yourself is knowing what speed feels right for you. Don’t feel obligated to go somewhere private or unfamiliar just because the other person wants to. Again, you know yourself best and you have enough life experience to know when something could end badly: listen to yourself.
  • Meet new people in public. It seems obvious, but you shouldn’t bring total strangers back to your house (nor should you go to theirs). When scheduling a first meeting, plan to go somewhere public where a lot of people will be milling around. A park, restaurant, or museum can be great areas for public first dates not only because they are public, but because they are places where you can actually talk to your date and get to know him or her in person. When you have a first date with someone, make sure that you are in control of your own transportation situation by driving yourself, taking a trusted form of transit, or arranging a ride with a good friend. Don’t rely on your date to take you somewhere. Getting in a car with someone you barely know is not a great idea!
  • Tell somewhere where you are going. In case the worst does happen (it probably won’t, but it never hurts to be prepared), make sure someone knows where you are going and when you expect to be back. Let a good friend know that you are going on a date with someone new and agree to check in with them by a certain time so that they know you are okay. You might also set up a pick up spot in case you need your friend to pick you up if you need to bail on your date for any reason.

Online dating isn’t all about being cynical and mistrusting, of course, but taking precautions when meeting someone new will make it all the better when you meet someone who you want to get to know better. Anyone who is worth getting to know will be empathetic to your safety concerns and willing to work with you within your comfort zone.

Angie Picardo is a writer for NerdWallet, a personal finance website dedicated to helping you protect and save your money whether in online dating or finding the best options for LAX parking

What Should I Know about Mobile Cybercrime?

/in /by

The Internet has dissolved the geographical boundaries and technological limitations that have constrained organized cybercrime in the past. We now live with cybercrime syndicates based in the US, Russia, Asia and all over the globe. When hackers in the US are sleeping, the ones in China are flexing their fingers on their keyboards, and the ones in Eastern Europe are waking up. Cybercrime never stops.

The brave—and ballooning—new world of smartphones and tablets offers tremendous scope and volume for these organizations. Mobile devices run on different operating systems and use different apps from PCs and Macs, which presents opportunities to create new device-specific attacks.

Even more interesting, mobile devices require an entire ecosystem of businesses to make them work. Data you transmit or receive has to make it through a conga line of companies that can include your device manufacturer, wireless carrier, app developer, app store, website host and email provider. Motivated by money and information, criminals exploit flaws in the underlying software and information handoffs of each of these players.

Here are two examples of how malicious software (malware)—downloaded through a fake app, a phishing or text message, or from a website—can net the criminals your information.

Text messaging fraud – Cybercriminals have figured out how to incorporate text messaging (SMS) into banking frauds. When you log on to perform a transaction (like checking your balance), banks often send a validation code to your mobile device via SMS. Banks figure if you are logging onto their website through your mobile device, a separate authentication through text messaging will help ensure that it’s really you logging in and provide an extra layer of security. However, mobile malware can collect that validation code and send it, along with your account number, password and “secret” security question to a cybercriminal. The perpetrators repeat this process reliably, victim after victim, bank after bank.

Premium SMS scams. Other malware can run so-called “premium SMS” scams, where you get billed for sending text messages you didn’t consciously send, or receiving messages you didn’t ask for. The malware on your device is doing the communicating—and conceals any confirmation message so you won’t notice until your bill comes. Organized crime networks have the sophistication and relationships to put together these sorts of multifaceted moneymaking schemes.

These guys are good at their jobs—they are truly organized and professional. Everything they do is about monetizing your information—your personal life. That’s why it’s critical for you to educate yourself on why you need mobile security and what scams are out there.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)