New app stores house or car keys online. Is it safe?

Ever lock yourself out of your car or home? I’ve done each at least once this year; that’s about my average. After the last time I got stuck on the cold side of my front door, I decided to go with keyless locks for my home, specifically the Schlage Touchscreen deadbolt, and it has solved my problem. But then there’s still my vehicle to consider; while autos are now available with keyless door locks too, I haven’t graduated to that just yet.

Anyway, I was made aware in the comments of a post of an innovative startup called KeyMe, which is a smartphone app you use to take a photo/scan of the keys you want to have a virtual backup of. Once the backup is made, it’s stored online, and users can download instructions to provide to a locksmith who will be able to make a duplicate. KeyMe also offers kiosks, which are rolling out in certain cities as a test pilot. At the kiosk, you’d simply alert the kiosk via the app of the instructions to make you a new key. But one commenter was concerned of the safety and security of posting your keys online and then getting hacked.

So, is KeyMe safe?

Certainly, if your digital copies of home or auto keys ended up in the wrong hands, that would be an issue. Today, any site storing personal information has an obligation (and it’s in its best interest) to ensure a user’s security by encrypting the user’s data and adding multiple layers of protection in the form of hardware and software, as well as physical security at the server level.

So, at its face value, I’d say the data is safe. However, I’d recommend not posting any associated names or addresses with an account like this. Use an obscure username, and consider using an email not associated with your real name. And make sure your devices are password protected so if your device is lost or stolen, a criminal doesn’t have access to your house keys. Keep your devices’ antivirus up to date, and get a home security system because if all else fails, even keyed access will set off your alarm.

 And sign me up! I need this!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

North carolinians scammed for millions dating online

Linda was ripped off for $8,000 all because she believed Greg was whom he said he was. Linda, from North Carolina, was nabbed by an online crook who promised her love.

This year, 17 (possibly more) such victims have reported a dating scam that has cost them a combined $700,000, says the North Carolina Attorney General’s office. The typical victim is a woman in her early 60s. One victim sent her online Casanova nearly $1.3 million.

1F

How can people be so gullible?

Desperate for love, victims believe anything their love object tells them. Greg convinced Linda he was an Army lieutenant. After several weeks of texting, he told her he needed medical help for a gunshot injury. She sent him money. Greg asked for more money and Linda sent more. Eventually, Greg obtained her bank account information.

She continued sending him money for this and that, including a plane ticket home where he’d meet her for the first time. Of course, he never came “home.” And Linda is wiped out financially.

Lonely, older women are not the only victims.

Even lawyers, doctors and CEOs are getting scammed, sending out large amounts of money to these fake love interests.

Most of the scam artists come from Nigeria, says the state Attorney General’s office, and it’s a numbers game for them. Run enough numbers and eventually they’ll hit the bull’s eye. They steal photos of good-looking people off the Web to represent the fictitious love interest. The photo of “Greg” has even made a few other rounds.

Often, when the victim figures out what’s really going on, they are contacted by a private investigator or detective offering to find the scammer—for a fee—you guessed it; this, too, is part of the scam.

Solution

#1. Never under any circumstances send money to someone you meet online

#2. The moment they ask for money, it’s a scam

#3. Never share usernames, passwords or account information

#4. If you know someone who could fall for this, get involved now

Many dating sites have some security measures in place behind-the-scenes, to help educate and protect their members. Look on their site and often times you will find help videos of how to avoid being scammed and how to report suspicious behavior so that the dating site can take action. 

The more sophisticated sites also offer a defense-in-depth approach to keeping their site and members safe, by layering authentication, trust, and fraud detection tools to help with the early detection of bad actors.

Device reputation is one technology used by many dating sites that allows them to share fraud and abuse reports across businesses and geographies. Dating sites access Portland-based iovation Inc.’s device reputation service, ReputationManager 360, so that they can stop scammers before they get in the front door. iovation’s fraud prevention service contains over 7.6 million reports of dating scams, solicitations, phishing, account takeover attempts, identity theft, spam and other forms abuse. The service has stopped over 22 million online fraudulent or abusive attempts within online communities alone.

Stopping scams and abusive behavior upfront greatly helps online dating sites not only protect their brand reputation, but most importantly protect their active members.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

Standard door frames make burglary easy

Stop what you are doing. Walk over to your front or back door. Open it. Look down at the doorjamb where the holes are—you know, where your doorknob and deadbolt locks (hopefully they are Schlage) go into the frame. Those 3/4-inch-ish holes are surrounded by what’s called a strike plate. The strike plate has two screws in it, and if you were to remove them they’d probably be smaller than 3/4-inch ones.

DoorFramesNow look back at the jamb. See the wood surrounding it? Look at the molding on the open side of the door. It’s also about 3/4 inch or so thick, right?

OK, now you see that a 3/4-inch hunk of thin pine and molding is all that separates a burglar from entering your home. Bad guys know that probably 95 percent of all front or back doors have this flimsy jamb with a strike plate separating them from entering your home.

And see this picture? This is my buddy’s shop last week. This is a steel solid-core door that has that flimsy jamb with a strike plate, BUT the jamb has 2.5-inch screws and an additional 1/4-inch steel plate behind it.

The damage is from burglars. This door was rammed with a 40 lb. oxygen cylinder over and over again…until the crooks gave up.

Most residential doors won’t take this kind of a beating. However, when installing a lock or retrofitting a lock to be more secure, it is advisable, at a minimum, to install 2.5-inch screws as replacements for the 3/4-inch screws that go into the strike plate (such as the screws that come packaged with the Schlage touchscreen deadbolt), and consider door reinforcement plates that beef up your door’s jamb or are mounted on the floor. Both are solid options, and I’d recommend both as multiple layers of security in addition to strong locks. In a future post, I’ll dissect door reinforcement technologies.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Mobile, wearable and now…implantable technology?

It began with the laptop.

7DThe laptop was the first portable internet-connected device that freed up millions to create a mobile workforce. Next was the smartphone, which didn’t really take off until Apple opened it up to developers and allowed the creation of applications that made the smartphone what it is today. Apple did it again with the tablet, and now Android tablets and smartphones have an even bigger stake in the game than ever before.

Today we have wearable technology in the limited release of Google Glass, which is a wearable computer with an optical, head-mounted display in a smartphone-like, hands-free format that can interact with the internet via natural language voice commands.

Now we have smartwatches. Samsung has a smartwatch, and Google, Apple and Microsoft are buying up companies that have patented smartwatch technology or are hiring engineers to create it. Smartwatch technologies are supposed to work in tandem with mobile phones and computers to become the third leg of the “smart” ecosystem.

And with wearable fitness gadgets that sense heartbeat, pulse, the number of steps you take, and the quality and duration of your sleep, it’s just a matter of time before technology gets in your head…literally.

CNET reports, “Google has a plan. Eventually it wants to get into your brain. ‘When you think about something and don’t really know much about it, you will automatically get information,’ Google CEO Larry Page said in Steven Levy’s book, In the Plex: How Google Thinks, Works and Shapes Our Lives. ‘Eventually you’ll have an implant, where if you think about a fact, it will just tell you the answer.’”

WOW. We have had pacemakers for a while now, and there are chip implants similar to those in pets but now used to authenticate humans. But “Google brain”?

What do you think? Will you wear Glass? Do you have to have a smartwatch? Would you like to be able to think of something and have an implantable computer in your head to provide some additional resources to complete your thoughts? Technology is now “on” our bodies, and it’s looking more and more like technology is creeping “into” our bodies! Let’s hope our heads don’t get hacked!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

5 ways your identity is stolen

Chances are good that in the coming year, you will be asked to provide your or a family member’s Social Security number (SSN) at least a few times. And because of all you’ve heard about identity theft and all the advice like “never give out your Social,” you will hesitate, ask why the person needs it and be told, “I don’t know why we need it, but I can’t move forward with your application/registration unless you provide it.” So what do you do? Your kid is sick, he needs meds, and the doctor’s admin can’t help you unless you cough up a SSN. If you want service, then you have to give it up. Otherwise, you have to figure out other options, which often means putting your tail between your legs and giving up your SSN.

2CHere are all kinds of fun ways your identity can get stolen.

  1. Giving out your SSN: Schools want it, the doctor’s or dentist’s office asks for it, your insurance company needs it, and maybe even your kids soccer coach wants it. What happens when the clerk you gave your SSN to develops herself a little crack cocaine habit? She sees an opportunity to feed her habit and then uses your kid’s SSN to open a new credit card account. Nice.
  2. Hacker data breach: Criminal hackers looking for your SSN are looking at your doctor, your school and even your bank. Once they find a vulnerability in those networks, they might sell your SSN on the black market for thieves to open new mobile phone accounts in your name.
  3. Insider identity theft: Employees with access to company databases have been known to download thousands and even millions of records onto a single thumb drive. Once accessed, the opening of new accounts begins.
  4. Tax fraud: Taxpayers usually receive everything they need from their employers by the beginning of February. Sometimes those records contain your SSN, and they may be intercepted in the mail; other times, they might be accessed via your trash or even in your home. Once in the hands of a thief, the bad guy files your taxes before you do and gets your refund. File early to beat the thieves.
  5. Account takeover: Your bank account and various other existing accounts require your SSN as a primary identifier to establish credit. The last four digits of your SSN are also used as an authenticator when you call to make changes or get a new card issued. Bad guys get your SSN and socially engineer customer service to drain your accounts.

In most cases, identity theft protection and a credit freeze will insulate you from the first three instances, in which new accounts are opened in your name. To avoid tax fraud, file early. In the event of an account takeover, simply pay close attention to your accounts and refute unauthorized transactions ASAP.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

School WiFi Often Open and Insecure

2W

Many elementary, middle and high schools are offering WiFi, and of course colleges and universities provide it as well. Some provide the networks with a required login access, and for others it’s open, unencrypted and free for anyone to jump on.

Traditionally, when we think “login,” we believe that also means encrypted and secure. However, logging in with a user name and password doesn’t necessarily mean it’s a secure network. Traffic on many networks requiring a login is unencrypted, which means anyone who connects to the network with the right “sniffing” tools can see others’ information.

When connecting to a network that requires a login credential, the easiest way to tell if that network has encryption is to pull up the list of wireless networks from your control panel and simply hover over each with your mouse (or right click) to show its properties. Any network labeled WPA or WP2 has encryption. If it’s labeled WEP, it also has encryption, but at a substandard level that is hackable.

Want to be safe? Use a private VPN! Logging into public WiFi without any encryption puts all your information at risk. Install a wireless VPN such as Hotspot Shield. Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection on both your home internet network and on public internet networks (both wired and wireless). Hotspot Shield’s internet security solution protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

I Really Want My Phone to Be My Wallet. Don’t You?

Wallets suck. Seriously. Mine hurts my butt when I sit down. I have to remember to take it with me, and then I’m always afraid of losing it. There’s nothing fun about it. And…well…it’s dirty. It really is—money is dirty, and the cards you hand to people with dirty hands that handle dirty cards all day are dirty. Can we please just use our mobiles as wallets?

There are a few technologies that are supposed to eliminate the wallet, but no matter how hard I try, I still need to carry one. More on that in a bit.

What’s in the works:

  • Isis is a mobile payment network comprised of the major mobile networks. It’s supposed to launch nationwide and there have been a bunch of pilot tests, but no official launch just yet.
  • Square is an app that accepts credit cards and allows you to pay with them in stores that accept Square-facilitated transactions.
  • Apple has the Passbook app, which stores your cards and works with an iPhone. It should have taken off, but it does squat.
  • Google Wallet is an app that has relationships with credit card companies and banks and uses near-field communications. It allows you to make payments, but only if you have an NFC-enabled phone—which is usually an Android—and the point of sale needs to be able to read it.
  • Starbucks is really the only company that has used its mobile app to accept payments, and it’s wildly successful. There’s no reason to even walk into a Starbucks with a wallet again.

So other than moving into Starbucks, I’ve found a temporary compromise.

  • Thinned out my wallet: This means I got a thinner wallet, too. I picked up a three-buck one from one of those sidewalk tables in New York City. For the rest of the world, you can find them all over eBay.
  • Keyring: This is an app available for iPhones and Androids that allows me to easily snap a photo of the front and back of my 50+ loyalty cards and use most of them at a retail counter. (Except Costco, which is stupid. Do you hear me, Costco?)
  • Hotspot Shield VPN: This is a virtual private network application installed on my mobile to protect my wireless traffic. So instead of having to remember my wallet and then putting my wallet into my pocket—which hurts—and worrying about losing it, I just use my mobile to make purchases online and have most everything shipped. Except, of course, at Costco.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Are You as Secure as a Fourth Grader? (Hint: No)

Security is the big picture. Security is in the finest details. Security is software and hardware. Security is awareness, intelligence and vigilance. Security is obvious, is obscure and is theater. Security is a journey and not a destination. It’s a path you take, but not a place you ever really arrive at. Security is an illusion; it’s elusive, attainable and impossible.

Ever have dialogue with a nine-year-old? Kids that age are pretty smart. Most can navigate through life with enough awareness to get themselves in and out of trouble and have the understanding of how things work like a 30-year-old might. They also possess a certain innocence and lack the fear of failure or of retribution due to the fact they’ve yet to be burned as much as a typical 30-year-old has.

It’s that carefree outlook and lack of concern with authority that allows mastermind criminals to walk all over those of us who follow the rules—and those who enforce them.

Which brings us to a nine-year-old Minneapolis boy who was able to get through security screening and onto a Vegas-bound plane at the Minneapolis-St. Paul International Airport without a ticket. The only reason he was even caught was because he was…well…a boy. His Delta flight was not full, and the flight crew became suspicious mid-flight because the boy was not on the list of unattended minors. The crew contacted Las Vegas police, who met them upon landing and transferred the boy to child protection services.

That’s not all. Our stowaway rode on the train to the airport (probably snuck on there too), stole a bag from a luggage carousel, and went to an airport restaurant, where he chewed and screwed (dined and dashed) the restaurant out of their money.

I’m not done telling his story. Two weeks prior to the airport incident, he snuck into a water park, stole a truck, smashed it, and was caught driving on a highway and pulled over. And that’s just what was reported when he was caught.

So if you think your government, the TSA, Homeland Security or the police can protect your personal security—or your bank, your credit card company or all the organizations that have your information on file can protect your identity—then you’re no smarter than a fourth grader.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

4 Ways to Share Paid Hotspots

There are a number of scenarios you might be in where friends, family and colleagues need to jump on a (read: your) wireless connection, but they’d rather not pay a connection fee. So if you have the goods right in front of you and they can connect for free, they may buy you a cookie. Here’s how to be a good pal and earn their gratitude and occasional baked goods:

  1. MiFi ($50-$170 for the device and $50 monthly): There are a number of devices, data cards or USB plugins available through the major phone carriers that offer fast mobile internet speeds for up to 10 WiFi-enabled devices, including laptops, tablets, e-readers or music players. Many are powered by your laptop, while others stay charged up to 12 hours before recharging.
  2. Mobile phone tethering (free to $60 monthly): Tethering is when you use your phone as a hotspot. While iPhones, BlackBerrys, Windows Phones and Androids all offer tethering, not all phones support it. Still, most carriers offer tethering on most of their smartphones; some phones offer tethering through an application, while others go through the phone’s settings. Search out the term “tethering” and the name of your phone to determine your options.
  3. Pocket router ($30): At about the size of your thumb, the Asus WL-330NUL is the world’s smallest pocket router. Whenever you’re traveling or simply at a cafe, getting online becomes so easy as all your devices can use this USB-stick-sized router. Whether only WiFi or wired LAN is available, the pocket router creates your own private network and allows speedy cross-device communication, making it extra useful in staying connected anywhere.
  4. Virtual hotspot with your laptop (free to $30): There are two programs that work very well: Thinix WiFi Hotspot and Connectify. Connectify Hotspot lets you share your computer’s internet connection with other devices over WiFi. As long as your computer is online, your other nearby devices—and those of your friends and colleagues—will be, too.

Each of these connectivity options should contain a degree of encryption on its own. However, a virtual private network, such as Hotspot Shield VPN, is a free option that can encrypt all your wireless communications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Rihanna’s Home Targeted by Burglars

Chances are, if you own a $12 million home like Rihanna, someone with bad intentions is going to want a piece of it (or something in it). But you don’t need to be rich to be the target of a burglary. Millions of less extravagant homes are burglarized every year.

BET reports, “The singer’s Cali mansion, valued at $12 million, is equipped with a security system, including cameras along the private road leading up to it (and a sign that reads, ‘Smile, you’re on camera.’). The intruders were caught on tape, and although they were successful in trespassing, the would-be burglary was cut short when the break-in sounded off the alarm. The noise caused them to flee.”

“Equipped with a security system…the noise caused them to flee.” That statement warms the cockles of my heart.

Famous people are no strangers to home break-ins. Celebrities are targeted because of their notoriety and vast wealth. They also travel quite a bit, so their homes are often unoccupied. There’s even a movie about it, inspired by real events that took place in the Los Angeles area over five recent years. The Bling Ring is about a bunch of L.A. kids who rob celebrities’ homes. It started as a group of fame-obsessed teens who used social media to track celebrities’ everyday activities, such as when they were home and not home. They also determined what they wanted to steal from the celebs’ homes based on photos of their stuff the celebs posted on their social pages. When the Bling Ring (that’s the name they gave themselves) knew the celebs were out, that’s when they burglarized their homes.

I’ll guarantee you that the security systems the majority of celebrities have aren’t much more advanced than ones for everyday people; the technology is pretty much the same, and maybe because the owners have a bit more money the systems have a few more bells and whistles. So…be like a celebrity and get a home security system.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.