Student Financial Aid Fraud is a big Problem

/in , /by

Educational institutions are giving out student loans and grants, and the recipients aren’t even attending school. Instead they’re spending the money any which way, while the schools have no idea they’re being ripped off.

9DWith a database, the Education Department flags applicants who’ve applied for federal Pell grants—applicants with an “unusual enrollment history,” such as having received financial aid for at least three schools in only 12 months.

The Department forwards these suspect names to educational institutions; the schools then request that applicants provide documents including prior transcripts. What the school then gets from the applicant determines if a loan or grant is denied.

This flagging procedure has caught 126,000 applicants who sought aid for the 2013-2014 school year.

It’s so easy to scam schools because most federal aid does not require a credit check, and how the money is spent is not tightly restricted.

A school receives the money from the government and spends some on tuition. The remainder is sent as a check to the recipients to spend on books and even living expenses while (supposedly) the recipient attends classes.

Community colleges are especially vulnerable due to their open enrollment and low tuition. The lower the tuition, the more money that’s left over to be sent to the con artist.

The proliferation of this scam can be attributed to the Internet because online applications can result in receiving aid—without the applicant ever being within a mile of the campus.

Application Red Flags

The American Association of Community Colleges (AACC) names the following alerts that financial aid offices can check applications for.

  • Large financial aid refunds or disbursements
  • Attendance at several other colleges
  • A large student loan balance but no degree

Unfortunately, these red flags won’t flutter much if the applicant is a first-time scammer.

Data Red Flags (according to the AACC)

  • Several registrations coming from similar locations out of state
  • Several uses of the same PO box, physical address or IP address
  • Multiple uses of the same computer and/or bank account
  • The emergency contact is the same person for multiple registrants.
  • Certain courses getting a fast increase in number of enrollees
  • Frequent communication from similar individuals or locations

Every applicant should be identity-proofed, which is easier said than done. Verification is one element of identity proofing.

To combat this fraud, Finaid.org notes:

  1. Families must sign a waiver allowing the financial aid office to obtain tax returns straight from the IRS. Some people have submitted fraudulent tax return copies during verification. Getting them directly from the IRS prevents falsification. Another route is to require families to provide copies of their 1099 and W-2 forms, especially when income figures seem suspect.
  2. Request copies of the applicant’s four most recent bank statements; inspect them for unusual transfers and unreported income.
  3. Conduct 100 percent verification.
  4. For parents claiming to be enrolled in college, require a proof of registration plus copy of the paid tuition bill. Confirm registration with the school. And if a parent with a PhD or master’s degree is returning to school for an associate’s degree, be highly suspect.
  5. In cases of divorce or separation, ask for the divorce decree or proof of legal separation, plus street address for each parent.
  6. Compare to each other two consecutive income tax returns to detect any movement of assets to hide them.

There’s more that can be done for identity proofing: biometric software. Biometric Signature ID (BSI) has designed a “Missing Link” patented software-only biometric.

This is the most potent form of ID verification on today’s market, and additional hardware is not required. It measures:

  • Unique way someone moves the mouse, finger or stylus upon logging in
  • Length, direction angle, speed, stroke height, of the

The password is created with BioSig-ID™. Measurement of the above can positively identify the user, regardless of what device they log into. This technology makes it impossible for a fraudster to impersonate the user.

With these unique patterns, BSI software can distinguish the user from everyone else. If the person who registered for the account is NOT the same person who is attempting access, they are stopped – avoiding any potential cheating or financial aid fraud.

Robert Siciliano, personal security and identity theft expert and BioSig-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

10 More Things Burglars Don’t Want you to Know

/in /by

In a previous post, Schlage and I revealed the 10 things burglars don’t want you to know, and guess what, there are10 more!
5H

  1. If a burglar can hear your TV or sound system, chances are pretty good he’ll think someone’s home. Don’t rely only upon your state-of-the-art alarm system.
  2. An alternative to leaving a TV on while you’re on vacation is to use a device that generates a simulation of the flickering lights of a TV at timed intervals.
  3. Burglars don’t mind taking the entire safe with them if they’re too impatient to figure out how to crack it. Bolt it down.
  4. A barking dog really does deter break-ins. So do nosy neighbors.
  5. A one-time loud noise (like a window being broken) almost always doesn’t compel a neighbor to investigate. If it happens continuously or even just a second time, he usually will. However, a burglar is inside your house after just one window smash.
  6. Yes, a person casing your neighborhood for break-ins looks like the guy who would never do such a thing: clean-cut, maybe dressed in a workman’s uniform with a fake logo, carrying inspection equipment to make himself look legit.
  7. Never reveal your vacation or business tip plans on your Facebook page. Don’t assume nobody could figure out your address just because it’s not on your page.
  8. No errand is too short to leave the alarm system turned off. A burglar can invade your home and steal your valuables in a lot less time than it takes you to run the shortest errand. Products that you don’t have to arm, like the Schlage Touchscreen Deadbolt with a built-in alarm feature, can also help out when only stepping out for a short amount of time.
  9. Ignoring a knock or doorbell is a smart idea, but leaving the door unlocked—even when you’re home—isn’t. Many burglars will try the door if nobody responds. If it opens, they’ll enter.
  10. No matter how hot the day is, never leave a window open even a tiny bit when you’re away. Burglars can’t resist this.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

New year, new Passwords, here’s how

/in /by

You must change your passwords like you must change your bed sheets. This is not up to negotiation, thanks to the influx of viruses, malware, phishing sites and key loggers.

5DChanging a password means having a new password for all of your accounts rather than using the same password. Imagine what would happen if someone got ahold of your one password—they could get into all of your accounts.

The biggest problem with passwords as far as how easy they can be cracked, is when they have fewer than eight characters, and are an actual word that can be found in a dictionary, or are a known proper name. Or, the password is all the same type of character, such as all numbers. There’s no randomness, no complexity. These features make a hacker’s job easy.

How to change Passwords

  • Each site/account should have a different password, no matter how many.
  • Passwords should have at least eight characters and be a mix of upper and lower case letters, numbers and symbols that can’t be found in a dictionary.
  • Use a password program such as secure password software.
  • Make sure that any password software you use can be applied on all devices.
  • A password manager will store tons of crazy and long passwords and uses a master password.
  • Consider a second layer of protection such as Yubikey. Plug your flashdrive in; touch the button and it generates a one-time password for the day. Or enter a static password that’s stored on the second slot.
  • Have a printout of the Yubikey password in case the Yubikey gets lost or stolen.
  • An alternative to a password software program, though not as secure, is to keep passwords in an encrypted Excel, Word or PDF file. Give the file a name that would be of no interest to a hacker.
  • The “key” method. Begin with a key of 5-6 characters (a capital letter, number and symbols). For example, “apple” can be @pp1E.
  • Next add the year (2014) minus 5 at the end: @pp1E9.
  • Every new year, change the password; next year it would be @pp1E10. To make this process even more secure, change the password more frequently, even every month. To make this less daunting, use a key again, like the first two letters of every new month can be inserted somewhere, so for March, it would be @pp1E9MA.
  • To create additional passwords based on this plan, add two letters to the end that pertain to the site or account. For instance, @pp1E9fb is the Facebook password.
  • Passwords become vulnerable when the internet is accessed over Wi-Fis (home, office, coffee shop, hotel, airport). Unsecured, unprotected and unencrypted connections can enable thieves to steal your personal information including usernames and passwords.
  • Thus, for wireless connections (which are often not secure), use a VPN—virtual private network software that ensures that anything you do online (downloads, shopping, filling out forms) is secured through https. Hotspot Shield VPN is an example and has a free version, available for Android, iPhone, PC and Mac.
  • Set your internet browsers to clear all cookies and all passwords when you exit. This way, passwords are never retained longer than for the day that you’ve used them.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

3 Essential Post-Burglary Tasks

/in /by

What should you do if you come home to find it’s been ransacked? Don’t panic; be organized and strategic.

2BThere are three main actions you should take, in the following order:

  • Report and check
  • Clean up
  • Plan ahead

Report the crime and check the home

Your goal here is safety first and then catching the bad guys. The following tips will point you in these directions.

  • If you’re sure your house was robbed before you make entry, do not enter until the police come.
  • Call the police, then check to make sure all occupants are unharmed, starting with the most vulnerable, if the crime took place while you all were present.
  • If you come home to what appears to be a burglary/invasion, immediately call the police once you know you’ve been robbed.
  • Leave the home and seek a safe place like a neighbors or your running car.
  • Don’t linger outside; the burglar/s could still be inside.
  • Don’t assume that the intruders will get away with it because there’s no sign of them. Your stolen property may still be recovered.
  • Do not touch anything until the police arrive.
  • If you’re sure the burglar/s are gone and nobody is hurt, do an inventory of stolen belongings. Create two lists: one for the police and one for your insurance company.
  • Don’t wait longer than 24 hours to file a police report; prompt reporting is necessary for an insurance claim.

Clean up

Burglary and home invasions can have long lasting emotional and traumatic affects on a person. Your goal here is a fresh start so the impact of the robbery doesn’t take over your being. If your home or apartment develops a “black cloud”, then moving may be your only consolation.

  • After the police are finished, clean up. Promptly remove furnishings or appliances that are no longer functional, as these will otherwise serve as reminders of the violation.
  • Alter the rooms where the robbery occurred so that they’re not as much of a conditioned stimulus for fear or anger: repaint the walls, rearrange the furniture, get new curtains.

Plan ahead

Being proactive is the most effective way to avoid being chosen as a victim or to reduce the impact of a burglary.

  • Before being robbed, take photos of valuables; list their model and serial numbers.
  • Ask yourself what you can do to deter another invasion.
  • Assess your house and pretend you’re a burglar. Where are the weak points? Are there areas you’d be able to easily enter?
  • If you don’t have a home alarm system, get one. If you already do, find out why it didn’t stop the invasion. Consider upgrading it.
  • Change all locks.
  • Get shatter-proof window screens.
  • Enroll the entire family (save for preschoolers) in a self-defense program. Don’t assume a gun is your only or best defense.
  • Discuss with law enforcement, locksmiths, your insurance company and security professionals ways to improve your plan.
  • Live happily ever after.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

It’s Data Privacy Day, and It’s a Mess

/in /by

Target continues to be tangled up in chains due to its December 2013 data breach that current estimates say affected 110 million customers.

2P Target is known as proficient and prolific in the use of mobile devices and other means for collecting consumer data. This proficiency has backfired, resulting in the retail giant struggling to regain consumer trust and brand name reputation, not to mention figuring out how this mess happened in the first place and how to prevent a repeat performance.

  • Was there a lapse in Target’s IT security?
  • Did “Big Data” go too far and get way too ahead of security?

And let’s not put all the focus on Target, either. What happened with Target is a sign of the times and perhaps a sign of things to come in this world of cyber transactions. The questions above should also be asked of Facebook, Google, Yahoo and others who waited until the fiasco involving Edward Snowden’s NSA scandal to better encrypt their user data.

Big Data is like a drug; so addictive you can’t get off it, and of course, a huge potential for danger. Companies like Facebook, Google and Twitter love to sell consumers’ data to advertisers—this is how these giants stay giants; otherwise, they’d shrink into nothing. And there’s no end in sight with Big Data. Big Data is on course to become the Big Bang Data—to forever expand consumers’ personal information into cyber space.

But all of these entities—retailers, social media, the government—need to take responsibility for what they’re doing with our data.

Just when you thought that your privacy couldn’t be violated any more, Big Data has now spread its tentacles into the realm of selling lists of sexual assault victims, people with AIDS and HIV, and seniors with dementia to marketers. The World Privacy Forum, in the midst of researching how data brokers gather up and sell consumers’ private information, discovered these lists, and unfortunately, there are more disturbing list categories that were uncovered. Marketers are actually purchasing this kind of data to target shoppers from every which way.

When are lawmakers going to catch up to Big Data and grab it by the horns?

In the meantime, consumers need to take control of their information online; it just takes one hacker to wreak havoc. Here are 6 tips every consumer should take to stay protected online.

#1 Install/update your devices antivirus, antispyware, antiphishing and firewall.

#2 Update your devices operating system ensuring the critical security patches are current.

#3 Password protect your devices and use strong passwords with upper/lower case, numbers and characters. Never use the same password twice.

#4 Protect your wireless communications from prying eyes with a virtual private network that encrypts your data. Hotspot Shield masks your IP address and prevents data leakage.

#5 Limit your exposure on social networks. Consider what you post and how it can be used against you by criminals, predators and your government.

#6 Before giving out your name, address, phone, email, or account numbers consider how it will be used and read the services terms of service and privacy policies.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Stolen Identities are cheap on the Darknet

/in /by

What a steal: You can purchase a U.S. stolen identity for $25, and an overseas one for $40. Cybercrime is booming. Cybercriminals are competing even against each other. Data theft is becoming increasingly easier, with more and more people gaining entry into this realm. It’s no longer for the elite.

11DHiring someone to perform a cybercrime doesn’t take technical knowledge; only the ability to pay. Even a computer isn’t necessary, and the crime can be outsourced.

The underground of cyberspace is known as the Darknet. Illegal activities of the Darknet are mighty cheap these days.

  • Under $300: credentials for a bank account that has a balance of $70,000-$150,000.
  • $400-$600 a month: Hire a crook to fire a denial-of-service attack on your online competitor to knock it offline. This service can also go for $2 to $5 per hour. Prices are actually quite varied, but the range goes well into the cheap end.
  • $40 bought a personal identity (U.S. stolen ID as of 2011), and $60 bought a stolen overseas ID (as of 2011). Currently, these IDs cost 33 to 37 percent less.

Other Crime Fees

  • $100 to $300: hack a website
  • $25 to $100: A hacker will steal all the data they can on a person or business by using social engineering or Trojan infiltration.
  • $20: a thousand bots; and $250 will get you 15,000.
  • $4 to $8: one stolen U.S. credit card account including CVV number ($18 for European accounts)

What does all this mean to you? It means your identity is at risk.

  • Update your PC with the most current antivirus, antispyware, antiphishing and a firewall.
  • Update your devices critical security patches.
  • Require password access for all your devices and use strong passwords for your accounts.
  • Invest in identity protection because even if you secure your data, a major retailer or bank can be breached putting your data at risk.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Been Breached? A Response Plan

/in /by

Should victims of a data breach be notified? This situation can be confusing due to various state laws. Certain issues must be considered, including differences among state laws. Differences include what exactly defines personally identifiable information; which agency (e.g., law enforcement, credit reporting) should be alerted; when victims should be notified; and what the notification letter should say.

4DLegal counsel can tell you what level of notification you’re entitled to. Not every data breach case requires that consumers or businesses be alerted. But not alerting has its own set of negative consequences.

When an incident does require notification, the information that follows must be considered: (these are general guidelines – review any and all steps with your attorney)

  • Treat all victims equally; all get notified, even if this means out of state. Not doing so can yield legal consequences or the media might pounce.
  • Though there aren’t really any notification laws regarding overseas victims, they too should be notified.

Notification

The sooner victims are alerted, the better. Under what circumstances, though, should victims be notified? The nature of the breach should be considered, along with type of information stolen and whether or not it may be misused, and the possible fallout of this misuse.

Damage from misuse can be significant, such as with stolen SSNs and names.

When in doubt, consult with legal counsel. Don’t be surprised if you’re informed that breached consumers must be notified; most states require this. And within 30 days. Some states mandate that the Attorney General’s office also be notified.

FTC Recommendations for Notification

  • Inform law enforcement when notification takes place so they don’t cross lines with it.
  • Also find out from them precisely what information the consumer notification should contain.
  • Select someone from your organization to manage release of information.
  • This contact individual should be given updated information concerning the breach, plus your official response, as well as guidelines for how victims should respond.
  • To aid victims’ communication options, consider providing a toll-free number, posting a website or mailing letters.
  • Explain clearly to victims just what you know of the breach. How did it happen? What information was stolen or compromised? How might the thieves misuse it? What actions have the organization taken for mitigation? What reactions are appropriate?
  • Make sure victims know how to reach the contact person.
  • Make sure the law enforcement official who’s working your case has contact information for victims to use.The officer should also know that you’re sharing this contact information.
  • Victims should ask for a copy of the police report, then make copies to give to credit card companies that have honored unauthorized charges.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Carbon Monoxide Home Safety

/in /by

CO Alarms do save Lives

7HWhat you can’t see or smell can kill you. Many CO deaths could have been prevented with an alarm.

How is CO dangerous?

CO gas robs your blood of oxygen, slowly (at lower levels) or quickly (at high levels), choking off your air supply.

  • A low-level leak can leave you feeling weak, dizzy, nauseated, with a headache and other aches: a flu-like feeling.
  • A higher-level leak will put you to sleep fast and you won’t wake up.
  • CO gas mainly originates from heating equipment, but can also leak from gas stoves, hot water heaters, fireplaces, gas dryers, barbecue grills, lawn mowers, snow blowers, generators inside the garage (the door doesn’t even have to be shut for a leak to be dangerous), and of course, cars.

CO Alarm Management

  • Before buying, make sure the alarm has the approval label of an independent testing company (e.g., Underwriter’s Laboratory).
  • Alarms should be placed on all levels of your house, including basements and attics.
  • Install the alarm within 10 feet of doors to bedrooms.
  • In plug-in models, the battery life may get shortened from a prolonged power outage; you may need to replace it often. When the power is restored, replace it. A power outage will not affect a battery-only alarm.
  • Depending on make and model, get a new alarm every five to seven years.

Don’t put off purchasing CO alarms if your home lacks them. They’re easy to install, small and inconspicuous, yet can save your family’s life. And in many states, it’s the law.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

10 Things Burglars Don’t Want you to Know

/in /by

Burglars would rather keep their dirty little secrets to themselves. But today, Schlage, makers of the grade one Touchscreen Deadbolt, and I are revealing what they don’t want you to know.
3B

  1. Burglars have jobs too. Your burglar was already in your house. He was there recently to repair the furnace, deliver the new flat screen TV or pick up old furniture you wanted to donate.
  2. Attractive ornaments or pricey “kids’ things” outside your home can indicate to a potential intruder that your house is full of valuables.
  3. Don’t let a service person use your bathroom. This may seem rude, but burglars have been known to visit the john so they could unlock or disable its window for future entrance into your house.
  4. Make sure your house alarm’s control panel is not visible through glass to someone loitering outside.
  5. Always have your newspaper and mail delivery put on hold when you’re away. And if you notice a flyer on your doorknob, immediately remove it so that the burglar who put it there doesn’t think you’re on vacation.
  6. Would you ever exit your house wearing only socks because you forgot to put your shoes on? Absolutely never! So make it a point to also never forget to lock your door after leaving.
  7. If someone is at your door, and you’re not expecting anyone, it’s not a crime to ignore them. That person on the other side may be a burglar casing your house (“Do you know where Clover Street is?”) and your demeanor to see if you’re easy prey.
  8. Hot spots for a burglar’s entrance include the window above the kitchen sink and the upper level windows. Have these spots set with alarms, and install motion detectors upstairs.
  9. Even a half-witted burglar knows to check medicine bottles for those diamond earrings, and scour through the sock and underwear drawer for more valuables. But he just might not bother going into the children’s bedrooms.
  10. Even though the sun’s beginning to set, you insist on keeping your blinds up or curtains open to milk what little daylight is left to lighten up the room. Meanwhile, a savvy burglar is strolling about the neighborhood, catching glimpses through windows that he can see through because it’s dusk (let alone night time). This way he can pick easy looking targets or ones with visible valuables.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Schlage Touchscreen Deadbolts are Smart!

/in /by

Deadbolt technology just gets smarter and smarter. There are now electronic deadbolts that can be manipulated with an integrated keypad, a smartphone or opened with a key. After all, relying on the traditional key can be a nuisance, for obvious reasons.

1LThe Camelot Style deadbolt from Schlage offers the latest technology.

  • The device can be registered with multiple z-wave enabled hubs including, Nexia Home Intelligence and Staples Connect and uses batteries.
  • Keyless entry codes are pre-programmed but can be changed.
  • Up to 30 codes can be stored and can be programmed to grant access on designated days and times, if you use the lock in tandem with an automation system .
  • An alarm can be set to sound if the lock is manipulated by an unwanted person.
  • Never being locked out again due to the device’s three methods of authentication (code, app and key).
  • The auto-lock feature that engages after 30 seconds, based on a timer.

Some Details

Do your homework before installing the device so the installation process goes smoothly. The average handy individual can install this lock and others may wish to use a lock smith. The pre-existing deadbolt slot should match up

By pressing the Schlage logo, you secure the deadbolt from outside. To unlock the deadbolt, it’s faster to enter the keypad code than to insert and turn a standard key. Lastly, the auto-lock feature will take up to 30 seconds to kick in once the door is shut.

And every bit of set up is all worth it

Once the device is installed, you’ll be happy you bought this high tech lock. You don’t have to buy a z-wave enabled system to use it, but more features are enabled when you do connect your deadbolt. The device practically settles anxiety about lost keys and will give you peace of mind.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.