Scammers Use Craigslist to steal identities

/in /by

I have a growing family. Camping is on my list of family events. The wife isn’t crazy about tents. So I went on Craigslist looking for a second hand camper. I found a $15,000 camper for $2200.00. A pretty good deal to say the least. This ad actually gave me chills it exited me so much. So I sent an email. This is what happend:

9DSeller: “Thank you for contacting me about my 2005 Jayco Jay Feather LGT 25Z that I have for sale. This camper is in great shape, has no damage, no scratches or dents, no hidden defects. It is in immaculate condition, meticulously maintained and hasn’t been involved in any accidents…I do have the title, clear, under my name. Non-smoker.”

My husband and I divorced last month, after the divorce I was awarded with the camper, I don’t need it as i don’t own a drivers license and that’s why I’m selling it so cheap. I also got a new job and moved to another city, and many other things have priority now, so, this camper has to go. The total price is $2,200.00.”

Honestly, this story sounds reasonable. And my response was:

Me: “Sorry to hear, what town are you in”

Seller: “As I told you in my first email, I’m divorced, I got a new job and moved to Chicago. The camper is now at the shipping company warehouse in Chicago sealed, ready to ship. I have setup this sale with Google Wallet so this deal must go through them. I also asked Google Wallet to allow viewers to go there and inspect the camper but their reply was “We are not a showroom!” In this case, I will offer a 5-day period to inspect the camper from the moment you receive it. You’ll have 5 days to inspect, test the camper before decided to keep it or not. The final price for the camper is $2,200.00 with shipping included, it will not take more than 2-3 days for the camper to arrive at your address.”

I want to mention that the camper was inspected by the shipping mechanics and fulfills the standards from all the 50 states so it wouldn’t be a problem for you to register. You will receive the camper along with all the documents including title, bill of sale, full service records and more. If the camper is not like I described, you’ll ship it back on my expense and they will give you a full refund. Google Wallet will hold the funds until you receive the camper with all the papers work. Only after you confirm them that you wanna keep the camper they will release me the funds. In this way, you will be able to inspect the camper before committing to buy it. If you agree with these terms and you have the money, send me your complete name, delivery address and phone number to register you as my buyer. And also you’ll receive all the transaction details from Google Wallet (terms, buyer protection coverage, payment instructions, invoice for the purchase). Let me know!

Dang, this is an escrow scam. Google Wallet doesn’t hold money in escrow. No camping for you! I saw it after 2 communications. Which frankly, isn’t bad. I don’t see how I could have seen it quicker. But this is a perfect example of how these scams happen. Stay on your toes people.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

How Data Breaches happen and how to respond

/in /by

Here’s four chief ways how data breaches happen:11D

  • Illegal access to information or systems. Personal Identifying Information (PII) data can be illegally accessed via technology such as computer hacking or infecting computers with viruses, Trojans or worms—leading to stolen data or malfunctioning systems.
  • An inside job. Employees (past or present) can commit data breaches. Also, an innocent employee is tricked by social engineering into revealing confidential information or giving out access to that information.
  • Judgment lapse. An employee may leave data unprotected—not on purpose, but due to an oversight, making it easy prey for villains.
  • Device loss. When a device that contains valuable data is lost or misplaced, a thief could get ahold of it—and then all hell can break loose.


Prepare

Don’t wait for a breach to figure out a plan of action. Have the plan in place in anticipation of an attack. The plan should be built around written emergency contacts, clear guidelines to which law enforcement outfits should be contacted for resolution, and a notification timeframe.

Put in place vendor contracts that have a call center unless the company’s staff can handle a big data breach. The contracts should also include a mail-house for letters of notification, and previously agreed rates pertaining to consumer fraud protection should the business need to notify clients or customers.

Fighting back

When a breach occurs, consult with legal counsel, always. In addition, there are certain actions you must take. First, find out how the breach occurred, then contain it. Get a solution started to prevent it from striking again. Alert relevant employees.

Also notify external entities in a timely fashion such as law enforcement, a forensics investigator, consumers, FTC and any affected vendors and suppliers.

Additional Points

  • A strong prevention strategy for data breaching depends upon top management, to ensure that the company’s budget covers fiscal and personnel resources.
  • From the get-go, the company’s most high-up individuals should be included in devising any plans to protect against and mitigate data breaches.
  • Getting upper management involved is critical for establishing a solid groundwork for security.
  • Keeping up to date and re-evaluations should be carried out on an ongoing basis to always stay on top of the latest trends in data breach and security technologies.
  • Also ongoing should be training and practice of the company’s response plan to data breaching.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

The Connected Home is Finally Here

/in /by

A connected home is one in which appliances and accessories are connected to the Internet. An example would be a refrigerator that texts the homeowner when the eggs are about to run out (the egg tray has the sensor).

4HIt’s projected that a connected home can be built from the inside out, but connection is taking off via small devices or appliances that use a smartphone as a remote control: for instance, a light bulb that’s controllable with a mobile. With this setup, you can flip lights on and off when away from your home, or customize lighting with the smartphone such as setting up brightness to come on at a certain time.

Imagine a smoke alarm that sends messages to you when you’re away from home if it senses smoke. Well, someone else already did; it’s been invented. This funky technology can even be connected to a thermostat and automatically shut off the furnace if there’s a CO leak.

And there’s an app that can control many music systems via your smartphone. Are you now thinking about the Jetsons?

One to two percent of people have connected devices that control energy, appliances, climate and lighting, even home monitoring. Interestingly, according to a survey, nearly half of respondents are not quite ready to live like the Jetsons.

Nevertheless, the most popular connected home device is an alarm system. Plus, there are connections for garage doors, monitoring of pets and other occupants such as the elderly, and door locks (e.g., an electronic key for a repair person that expires by end of day).

In fact, there’s even a single application that can offer multiple connections, eliminating the need to have an application for every connected device. How cool is that?

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Windows XP not dead yet—but users Beware

/in /by

Would you reasonably expect success when attempting to drive cross country in a 1975 Pinto with balled tires, no brakes, dried cracked belts and with already 250k on the motor? You might if you didn’t stop and think about things.

winxpThe same is true of an individual or a business who’s still using a Windows XP operating system on devices that have even 1 megabyte of sensitive data. You cannot reasonably expect security with one of the most hacked operating systems in existence.

But I digress. Fret not, there’s temporary hope yet for Windows XP procrastinators: Microsoft is extending support into 2015. It was previously believed that April 8, 2014 was the end of the world for support towards MS Security Essentials, System Center Endpoint Protection, Forefront Endpoint Protection and Forefront Client Security.

This meant that on that date, new malware signatures plus engine updates to XP users would cease, even though updates for the same software that was running on Windows Vista would continue to be provided.

However, a recent blog post by Microsoft’s Malware Protection Center notes that XP users will continue receiving support—but it won’t last long: July 14, 2015 will be here before business owners know it.

With hackers swarming in like killer bees, knowing that XP’s support’s days are limited, XP users must stay in heavyweight mode for any attacks. Thieves can even use new security updates for Windows Vista (and later) as a guide to hacking into systems running on XP.

Anti-malware solutions aren’t very effective on operating systems that lack support, and hackers know this. But more alarming is that fewer users, including business owners, are ready to accept this or even have a clue about it.

After all, it’s estimated that almost 30 percent of all the personal computers across the world are using Windows XP. Business owners and other decision makers of organizations need to overestimate just how risky it is to cling onto an old favorite rather than promptly switch to a new system that has stronger support.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Spyware sold on the Open Market

/in /by

You’ve heard of spyware, right? Spyware comes in the form of a virus and as a commercially available and legal software. It’s illegal for a stranger (or even someone you know, unless they own the device, and you just use it) to install spyware on your computer or smartphone and spy on you.

2WHowever, many parents—perhaps you yourself—use this very same technology to keep tabs on their kids’ computer and smartphone activities. And it’s perfectly legal to do so. It’s referred to as domestic surveillance. And frankly, if you have a 12 year old daughter with a mobile phone, it’s not a bad idea to know what she’s up to and who she’s chatting with. If you have a 14 year old boy you definitely want to know what he’s up to because I was 14 once and dang, I was up to no good!

There are many clever apps that can monitor your kids’ online activities. Depending on their features these apps can do anything you order them to upon installation, including track where your children are in physical space, monitor their text messages, videos and photos sent and received, calls made and received and sometimes even the websites they visit. For parents, this may provide a significant degree of insight and peace of mind.

There are two versions: One lets the user know it’s running by showing an icon, and one that, while running, does not let the user know it (the second version is great for parents—but also precisely what a criminal wants).

Outside of parental monitoring, this kind of technology is considered “spyware,” though the vendors who promote these applications market them as smart ways of remotely watching over your kids.

You can clearly see how this kind of app can be abused: installed on, for instance, an ex-lover’s device. You can see those worms slithering out of that opened can. However, parameters regarding what’s legit and what’s illegal with these kinds of apps have not been universally spelled out—they are somewhat blurred.

But case-by-case incidents are making marks, such as the former U.S. sheriff who was given a probationary sentence because he installed one of these apps on his wife’s work computer to spy on her.

Protection from Spyware

Apps such as described above can be installed remotely, not just directly. You can protect your device as follows:

  • Androids have many more options for spyware whereas iPhones, unless jailbroken do not.
  • It’s crucial for your device to have some kind of spyware protection. Most antivirus programs will recognize spyware.
  • Never click on a link in an e-mail or text, as it can direct you to a malicious download.
  • Never separate from your device when you’re in public; never let anyone use it. If they claim they need to make a call due to an emergency, you can make the call.
  • Your mobile should require a password for access. A password-protected phone makes spyware installation difficult.
  • If your phone has seemingly developed a mind of its own, or it’s “behaving” oddly lately, this probably means it’s been possessed by spyware. If you believe your phone’s been bugged with spyware, then reinstall its operating system. Simply confer with the device’s user manual. Or, call the carrier’s customer service for instructions.
  • If you are considering installing spyware on someone’s device, consider the legality of your actions first, determine if the installation is one that involves an open and honest conversation or will be done covertly and then consider this: just because you can, doesn’t mean you should. Think about what you are doing and the repercussions it may have.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Stop! Do You Really Want to Send That Photo?

/in /by

Yes we all use (or at least 96% of us do) our smartphones to take photos. But almost half of us (49%) have sent or received intimate content (photos, texts, etc.). So it’s time to stop and think about what we’re sharing and with whom.

I’ve said this before…the rise of smartphone usage has provided us with tons of convenience, but also brought about different risks we need to consider. Sharing intimate or racy information via mobile devices can set you up for potentially adverse situations.

A study by McAfee shows a number of adults sharing private details about their lives, including those of an intimate nature such as nude photos and sexts—all of this on unsecured digital devices—now, that’s just asking for a social scandal.

27% of us still don’t secure our mobile devices with a basic personal identification number (PIN) or passcode. And 38% of us have shared our PIN or passcode with our significant other. This puts you at risk for cyber stalking, identity theft and leakage of their intimate data.

love-relationship

Come on now people, stop being so reckless. No matter what your age group or gender, a lot of you are engaging in behaviors that will sting you in the end. The time to wake up and get smart is BEFORE something adverse happens that will expose you in ways you never wanted.

Here are some things you’ll want to remember as we head into Valentine’s Day before sending that loving message.

  • Be careful what you share. Don’t share your passwords with anyone, including significant others and family members. If you absolutely need to share it, create a unique code just for that account, and change it immediately if you suspect foul play.
  • Put a PIN on it. Always use a PIN or passcode on your smartphone and other mobile devices. If your phone is lost or stolen, anyone who picks up your device could get access to all your information and publish it online.
  • The delete button is your friend. If you do send personal or intimate messages, take the time to delete the content from your mobile device and personal accounts as soon as possible. It doesn’t take that much time and it could save you years of damage control for your reputation.
  • Once you share, it’s no longer yours. Remember before you hit send, post, tweet, etc. that once you share private information it’s now out of your control and you’re reliant on others to protect your privacy–for better or for worse.

To join the conversation use #SextRegret or follow McAfee on Twitter @McAfeeConsumer or Facebook.

Also, don’t forget to play the Crack the PIN to win game that was launched by Intel and McAfee to encourage people to take simple steps toward privacy everywhere by locking, tracking, and encrypting their devices. Go to www.mcafee.com/PINit to try and crack the pin to learn about why it’s critical to protect your mobile devices with a PIN and try and win a Samsung Galaxy tablet or McAfee LiveSafe™ service if you guess the PIN!

The Futures Company and MSI conducted surveys in the US, UK, Australia, Canada, Germany, France, Spain, Italy, The Netherlands, Japan, Mexico, China, India, Singapore and Brazil among 9,337 men and women, ages 18 to 54. The survey was conducted in December 2013 – January 2014.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Tightening up Security is Everyone’s Responsibility

/in /by

Most information technology (IT) experts are very much unnerved by cyber criminals, says the biggest study involving surveys of IT professionals in mid-sized businesses.3D

  • 87% send data to cloud accounts or personal e-mail.
  • 58% have sent data to the wrong individual.
  • Over 50% have confessed to taking company data with them upon leaving a post.
  • 60% rated their company a “C” or worse for preparation to fight a cyber threat.

Here is an executive summary and a full report of the survey’s results.

second study as well revealed high anxiety among mid-size business IT professionals.

  • Over 50% of those surveyed expressed serious concern over employees bringing malware into an organization: 56% for personal webmail and 58% for web browsing.
  • 74% noted that their organization’s networks had been infiltrated by malware that was brought in by web surfing; and 64 percent via e-mail—all in the past 12 months.

The above study is supported by this study.

  • 60% of respondents believed that the greatest risk was employee carelessness.
  • 44% cited low priority given to security issues in the form of junior IT managers being given responsibility for security decisions.

The first (biggest) study above showed that about 50% of C-level management actually admitted that it was their responsibility to take the helm of improving security.

And about half of lower level employees believed that IT security staff should take the responsibility—and that they themselves, along with higher management, should be exempt.

The survey size in these studies was rather small. How a question is worded can also influence the appearance of findings. Nevertheless, a common thread seems to have surfaced: universal concern, and universal passing the buck. It’s kind of like littering the workplace but then thinking, “Oh, no problem, the custodian will mop it up.”

  • People are failing to appreciate the risk of leaving personal data on work systems.
  • They aren’t getting the memo that bringing sensitive data home to personal devices is risky.
  • Web browsing, social sharing and e-mail activities aren’t being done judiciously enough—giving rise to phishing-based invasions.

IT professionals are only as good as their weakest link: the rest of the employees who refuse to play a role in company security will bring down the ship.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Is your Phone being tracked?

/in /by

The owner of your favorite restaurant may be tracking your every move—via your smartphone. Not because he’s a snoop, but because he believes knowing when and where you go for entertainment will benefit his business.

5WAnd how did he pull this caper off? There’s are companys out there, that place sensors in businesses within a confined location to track shoppers as they ambulate about town.

The sensors track signals emitted from Wi-Fi-enabled mobiles. The mobile-user’s movements in daily life create a profile of that user. Gee, how invasive is that?

The business owners with these sensors justify the invasion by using the profile knowledge to promote their business. But are you cool with that?

Another sensor technology analyzes actual foot traffic patterns onsite. Large retailers you visit sometimes have these sensors, following your every move in the store. They might know if you are pregnant, have the flu or have a hot date that night. They will send you offers based on your needs. Some say this is kinda creepy.

It’s a booming business: tracking peoples’ daily movement patterns via their smartphone. But you can relax somewhat, because this technology does not reveal any names, just movement patterns. Still, it’s something you should be aware of.

But don’t relax too much, because some of these same services will run free Wi-Fi services on site or at local coffee shops and restaurants that people can log into with Facebook—doing so will reveal their name, age and social media profile.

Phone tracking is a godsend to business owners, however, because they can create promotions based on profiles: E.g., upon learning that most clientele are over age 50, a health club might decide to play mostly ‘70s music.

Nevertheless, as phone tracking booms, privacy concerns also boom. Do you want someone to track all your doctor visits, then sell this data to marketers based on what disease the tracking profile thinks you have? This seems to be where it’s all headed.

Companies in the U.S. still are not required to get your permission to collect and share your data for the most part. But you just never know what may come next.

Some helpful Information

  • Do you know what your cellphone carrier knows—about you? Because your phone sends signals to cell towers, your carrier knows your location. Phone companies sell this information to retailers and other entities.
  • The recent Apple iOS7 update launched a little known feature that tracks your every move. You might want to turn it off. Go to Settings/Privacy/Location Services then scroll all the way down to the bottom to “System Services” and scroll all the way down to “Freqent Locations” and check it out. It knows your History! Turn that puppy off!
  • One option is to turn the Wi-Fi off on your phone. It doesn’t have to be on when you’re driving from the gym to the donut shop to the computer store.
  • A better option is to download and install Hotspot Shield VPN that encrypts your wireless internet and surfing activities.
  • An iPhone has more settings in “Settings/Privacy/Location Services” that control which apps can monitor your location. Determine which ones you want on. Think “minimize my footprint”
  • Android users should turn off location tracking.
  • Like to take photos with your mobile? Guess what: iPhone saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. This isn’t such a good idea. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is a Reverse Peephole Viewer?

/in /by

A reverse peephole viewer is exactly what the words sound like: It reverses the effects of a peephole, meaning it allows you to see inside, from the outside. The viewer’s lenses reverse the effect of the peephole’s convex lenses, and easily fits in your pocket.

1HLaw enforcement commonly uses the reverse peephole viewer to access possible threats inside a home.

For obvious reasons, a person wanting to invade a home would love to have a reverse peephole viewer. The peephole is a two-edged sword: providing a sense of security to the residential dweller, but allowing some thug on the other side to see in. The viewer can be easily obtained by anybody.

Peephole Safety Tips

When’s the last time you examined your peephole?

  • Look through your peepholes to see if the image is clear.
  • If the view is unclear or cloudy, or in some other way compromised, consider replacing the peephole.
  • Examine the outside of it as well. Is it loose? Can you unscrew it? If so, remove this portion and or tighten it.
  • Use Loctite to treat the threads of the outer part and then put it back.
  • Inspect the peephole’s edges for gouging; this can mean tampering.

Replacing a Peephole

  • The inside portion has two notches. Put a large screwdriver into these notches; unscrew this portion while you hold the outside portion still.
  • Unscrew all the way; remove each part from your door.
  • Get the diameter of the hole, then buy a peephole of equal diameter.
  • The ideal peephole has a 180 degree view.
  • To install the new one, keep in mind it screws together like the old one.
  • Before installation, use Loctite to treat the threads to help prevent loosening and tampering.

Hotel Room Peepholes

  • Inspect the peephole from both sides before unpacking. Is it loose or gouged? Installed backwards? Is the view clear? If there are any problems, request another room.
  • Don’t assume that hotel staff checks every peephole after every guest checks out. It’s up to the guest to make sure the peephole is efficient.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Ways small businesses are preventing Breaches

/in /by

How did that huge recent data breach of a major retailer occur in the first place? Well, valuables can’t be stolen if there aren’t any valuables to begin with. Large merchants will store customers’ credit/debit card data to facilitate faster transactions. But small retailers keep minimal or zero data—this will not attract thieves.

2DIf customers want increased security of their card data, they’re going to have to give up the speedy transactions and automatic debits, because currently, they can’t have it both ways.

A smaller outfit may keep only the last four numbers of a credit card on file; no SSN or anything else. This isn’t much for thieves to work with. Yet at the same time, every time a customer makes a purchase, they must give all the required information.

Some small retailers are completely technology-free, though this seems like an impossible undertaking in this modern e-age. For example, a small business that bills monthly for services may not honor automatic withdrawal of a member’s monthly fees. Members may pout, unaware that this inconvenience has a protective feature.

Banks also have a role in protecting customers and businesses. A good start would be to require a PIN from cardholders for every transaction.

Another maneuver would be for the U.S. to ditch the magnetic strip on cards and replace with a digital chip. This would prevent thieves from stealing data off the strip. Thanks to the magnetic strip, America is the hacking capital of the world.

Additional Tips

  • Hardware: firewall security appliances and routers.
  • Software: Think anti: virus, spyware, phishing. Also think full disk encryption and total protection suites.
  • E-mail security: It must be hammered into employees NEVER to click on any link in an e-mail from an unfamiliar sender.
  • Physical security: The building should be equipped with video surveillance (outside and indoors), alarm systems and solid core doors of commercial grade.
  • The test: Find someone, known as a “penetration tester” who knows all about hacking, but whom you can trust, to “hack” your network to see what needs to be done to protect it from a real villain.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.