November 2014 - Page 2 of 4

‘Tis the Season for the 12 Scams of the Holidays

November 22, 2014/in scams /by Robert Siciliano

Fa la la la la, la la la la. Yes that’s me singing, but thank goodness you can’t really hear me (I save that for the shower). If you can believe it, it’s that time of the year again (even though it seems like we just finished Halloween). Time for holiday parties, family traditions, ugly sweaters, and… scams? Yes, that’s right. Now that the holiday season has begun, many of us are sharing, shopping and booking travel online— even more than we normally do.

And scammers know that with all that money and personal information floating around, they have a big opportunity. Using techniques like phishing, social engineering, fake charities and infected USB drives, cybercriminals can invade your privacy and drain your bank account.

Don’t let these hackers and thieves dampen your holiday cheer. To help you stay safe this season, McAfee has compiled a list of the 12 Scams of the Holidays. Check it out and educate yourself on what scams you need to look out for this holiday season.

Here’s some tips to help you stay safe during the holidays:

Be careful when clicking. Don’t click on links in email or social media messages from people you don’t know, and use a URL expander to know what site you are going to before clicking on a shortened URL.
Be suspicious. If a deal seems too good to be true, it probably is.
Practice safe surfing. Use a Web safety advisor, such as McAfee® SiteAdvisor®, that protects you from going to risky sites.
Avoid public Wi-Fi. Public Wi-Fi might be convenient, but it’s also accessible to anyone who wants to see what you are doing online.
Shop safely online. Make sure you stick to reputable e-commerce sites that have been verified as safe by a third-party Trustmark, like McAfee SECURE™. Also look for “https” at the beginning of a site’s URL, which indicates that the site is using encryption to protect your information.
Use security software on all your devices. Make sure you have comprehensive security protection, like McAfee LiveSafe™ service, for all your devices, including your mobile phone and tablet that also safeguards your data and includes identity protection.

Season of Sharing Sweepstakes

To make sure that we all have a safe and merry holiday, McAfee and Dell have teamed up to bring you the Season of Sharing Sweepstakes—and give you a chance to win prizes. By sharing safe shopping and online safety tips around the 12 scams with your friends and family, you’ll not only be helping others to stay safe online this holiday season, but you’ll also earn a chance to win a $1,000 gift card to Dell.com** along with McAfee LiveSafe service to make sure all your devices are protected!

‘Tis the season to be jolly, so make sure you stay safe online.

*Sweepstakes open to US residents only. NO PURCHASE NECESSARY. Sweepstakes is from November 4 – December 12, 2014. See www.12scams.com for full terms and conditions.
**Terms and conditions apply. See www.dell.com/giftcard.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Feds Perp Social Media Identity Theft

November 21, 2014/in Identity Theft /by Robert Siciliano

A federal agent impersonated a woman without her knowledge; he created a Facebook page in a woman named Sondra, and the Justice Department is defending him. In addition, he posted racy photos of her, from her cell phone, to the site. The site was being used to connect with suspected criminals.

Sondra learned of this when a friend wondered about the photos on the FB page; Sondra didn’t even have an FB account. The agent is with the U.S. Drug Enforcement Administration.

Seems like he was simply doing what he had to do, because prior, Sondra had been arrested for suspicion of drug ring involvement. While she was awaiting trial (and ultimately was given probation), the agent created the Facebook account.

“The incident at issue in this case is under review by Justice Department officials,” states Brian Fallon, the Justice Department’s top spokesperson. Facebook’s terms of service do not exempt undercover agents from term violations, one of which is posing as another person.

Facebook removed the page once news broke. This case doesn’t compare to when detectives go undercover in person, posing as a fictitious character or a real person who authorizes the impersonation. Sondra is real, and she didn’t know about this.

The defense claims that Sondra indeed consented because she granted access to the data in her phone. A privacy expert points out, however, that this is parallel to granting detectives permission to search your house for drugs, but then they steal photos in your bedroom and post them online. Furthermore, the agent posted photos of Sondra’s minor son and niece.

But is Sondra any angel herself? She pled guilty to conspiracy to distribute cocaine in February 2011, but was slapped on the wrist because apparently, she wasn’t a key player in the ring. Really this shouldn’t matter.

It is necessary for law enforcement to use any means necessary and legal to capture bad guys. However there must be a better way to create a social profile, such as using a stock photo or even a computer generated one. The technology is readily available to make this happen.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 tips to Secure Passwords

November 20, 2014/in passwords /by Robert Siciliano

Ever wonder just how hackers bust into systems and cause destruction? One reason is because people are still using weak passwords. While your pet’s name and wedding anniversary dates are easy to remember and sentimental to use, this approach makes a hacker’s job all too easy. Here are 10 things you should know about passwords.

Never use the same password more than once, because if that account is hacked, and that password is for three other accounts, you’ll get quadruple-hacked.
Think of a memorable phrase, then abbreviate it, such as, “My all time favorite movie is Jaws which I’ve seen 19 times.” The password would then be: MatfmiJwis19t.
Don’t stick to just letters and numbers. A “character” can be any number of signs. For an even stronger password, add some random characters: MatfmiJ&wis19t!
The “dictionary attack” is when a hacker applies software that runs through real words and common number sequences in search of a hit. So if your password is 8642golfer, don’t be surprised if you get hacked.
A super strong password may be 12 characters, but not all 12 character passwords are strong. So though 1234poiuyzxc is long, it contains a number sequence and keyboard sequences. Though longer means more possible permutations, it’s still smart to avoid sequences and dictionary words.
Another tip is to create a password that reflects the account. So for instance, your Amazon account could be MatfmiJ&wis19t!AMZ.
Opt for sites that offer two-step verification. A hacker will need to have possession of your phone or e-mail account in order to use your password, because two-step requires entry of a code that’s sent to your phone or e-mail.
If you struggle to remember your passwords, you can store them in a cloud where there’s two-factor authentication. But don’t stop there; preserve your passwords in hardcopy form.
A password manager will make things much easier. With one master password, you can enter all of your accounts. Google “password manager”.
Don’t check the “remember me” option. Having to type in your password every single time means added protection.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Study Shows 67% of Employees Expose Sensitive Data Outside the Workplace

November 19, 2014/in Data Breaches /by Robert Siciliano

IDC, an IT analyst firm, estimates that the mobile worker population could reach 1.3 billion by 2015, meaning, they access workplace data outside the workplace. This is risky because it exposes data to hackers.

In fact, the safety of what’s displayed on the computer screen in public is of huge concern. The 3M Visual Data Breach Risk Assessment Study provides some troubling findings.

First off, 67 percent of workers expose company data beyond the workplace, including very sensitive information. Typically, the employee has no idea how risky this is. It’s as easy as the crook capturing data, that’s displayed on a screen, with a smartphone camera as he passes by or secretly looks on continuously from nearby.

And there’s little corporate policy in place to guard against this. The study says that 70 percent of professional employees admitted their company lacked any explicit policy on conducting business in public. And 79 percent reported that their employer didn’t even have a policy on privacy filter use.

Either communication about policies with employees is feeble, or attention to visual policy from the decision makers is lacking.

An increasing number of people are taking their online work to public places, but if they knew that company data was properly protected from roving snoops, they’d be more productive. Companies need to take more seriously the issue of visual privacy and this includes equipping employees with tools of protection. Below are more findings.

Type of Data Handled in Public

Internal financials: 41.77%
Private HR data: 33.17%
Trade secrets: 32.17%
Credit card numbers: 26.18%
SSNs: 23.94%
Medical data: 15.34%

Only three percent of the respondents said that there were restrictions imposed on some corporate roles working in public. Eleven percent didn’t even know what their employer’s policy was.

One way to make headway is a privacy filter because it blocks the lateral views of computer screens. Eighty percent of the people in the study said they’d use a device with a filter.

Another factor is that of enlightening workers about the whole issue. An enlightened employee is more likely to conduct public online business with their back to a wall.

Additional Results

In general, work is not allowed in public: 16%
No explicit policy on public working: 70%
To the worker, privacy is very important: 70%; somewhat important: 30%; not very important: 4%; not important at all: 1%.
Only 35 percent of workers opted to use a kiosk machine with a privacy filter when presented with two machines: one with and one without the privacy filter.

The study concludes that businesses are sadly lacking in security tactics relating to data that’s stored, transmitted, used and displayed. This is a weak link in the chain of sensitive information. Any effective IT security strategy needs to address this issue and take it right down the line to the last employee.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Cloud Data Breaches mo’ Money

November 18, 2014/in Data Breaches, Data Security /by Robert Siciliano

IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.”

Yes, data breaches occur in the cloud. In fact, it can be triple the cost of a data breach involving a brick and mortar medium.

The report put together data from the responses of over 600 IT and IT security people in the U.S. The report has three observations:

Many of the respondents don’t think that their companies are adequately inspecting cloud services for security.
The cost of a data breach can be pricey.
When a business attempts to bring its own cloud, this is the costliest for high value intellectual property.

More Results

72% of the participants thought that their cloud service providers would fail to notify them of a breach if it involved theft of sensitive company data.
71% believed this would be the same outcome for customer data breaches.

Many company decision makers don’t think they have a whole lot of understanding into how much data or what kind is stored in a cloud.

90% thought that a breach could result when backups and storage of classified data were increased by 50 percent over a period of 12 months.
65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result.

All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches.

Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of confidential or high-value IP data, the impact would soar from $3 million to $5.4 million.

In addition to the self-reporting loophole, the report had a low response rate: Only 4.2 percent of the targeted 16,330 people responded, and in the end, only 3.8 percent were actually used. Nevertheless, you can’t ignore that even self-estimated attitudes paint a dismal picture of how cloud security is regarded.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

20, Yes 20 Home Safety Security Tips

November 16, 2014/in home security /by Robert Siciliano

There are really so very many ways to protect and make your home safe as well as secure—ways you’d never even think of, so here they are, as well as the classic ways that many people still neglect to implement.

Big numbers. Make sure your house’s address numbers are very visible to EMS and firefighters.
Fire attractants. Don’t let dried up brush/leaves accumulate on your property.
Locks. Locks are worthless if you don’t use them, so keep all doors locked (with top quality systems) even when you’re at home in the afternoon.
Bad habit. Rinse cigarette butts with water before discarding. Better yet, quit. Seriously, stop it.
An occupied-appearance. Grass overgrown? Several newspapers scattered in the drive? Porch light on incessantly? Duhh, the occupants are out of town. Make your home look like someone is always there. Have someone mow the grass while you’re away, park their car in your driveway, collect your newspapers, etc. Lighting fixtures that are timed to go on and off will also help.
Storage. Keep firewood and other flammable items away from your house.
Treat unexpected visitors like a telemarketer. If the phone rings and you think it’s a telemarketer, you wouldn’t answer it. Yet many people brazenly whip open their door when the bell rings or someone knocks without first checking to see who’s there. Always check first!
Can’t fool burglars. Don’t bother hiding the spear key under the door mat or under that plastic rock. Find less classic hiding places.
Treat garage door like bathroom in use: Keep the door closed at all times.
Smoke alarms. Many people don’t have these, but they really do make a difference. Make sure they work, too, by testing them regularly.
Escape routes. Pre-determine how you’d escape from a fire and practice the escape.
Use a safe. If you hardly wear your grandmother’s valuable broach, keep it in a locked safe, along with other valuables you don’t use.
Door reinforcement. Your doors jams, especially if they are wood, are flimsy and can be kicked in very easily. Beef up the jams with Door Devil door reinforcement technology. This makes kicking in doors very difficult.
No notes. Never tack a note on your door saying “I’m out for just a minute.” And keep your social status updates private. Don’t tell te world you are out.
The ring. When you’re out, even for short errands, turn your phone’s ringer to mute so that a prowler doesn’t hear ringing and ringing that means nobody’s home.
Fire hazards. Never leave the house, even to chat with a neighbor, while a candle inside or fireplace is burning.
Turn them off. Don’t leave on hot things (curling iron, stovetop, etc.) unless you’re right there using them.
Charlie bar. Wedge a wooden cylinder-pole or metal one or dice-sized gadget designed for this purpose in the track of any sliding glass door or window to block it from being slid open.
Don’t get trapped. Make sure any deadbolts don’t lock from the inside which could potentially trap you should there be a fire or intruder pursuing you.
Keep blinds and curtains down at all times. ‘Nuff said.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

10 ways to protect your Devices and Data

November 15, 2014/in Data Security /by Robert Siciliano

Gee, it used to be just your desk computer that needed protection from cyber thugs. Now, your connected thermostat, egg tray monitor, teen’s smartphone, garage door opener, even baby monitor, are all game for cyber creeps.

Can’t be said enough: Install antivirus software. This software really does make a huge difference. Malware scanners are not enough, by the way. You need both: antivirus, anti-malware, though malware usually targets laptops and PCs. But don’t bet on it staying this way; Macs, mobiles and tablets are vulnerable. Don’t wait to get security applications for your smartphone and tablet. Android is particularly vulnerable.

Enrich your Wi-Fi. Turn on your WPA or WPA2 encryption. Change your router’s default password to something really unique. Update the router’s firmware. Register any new routers online. Contact the router manufacturer’s site for helpful information on making things more secure. Whenever using free public WiFi recognize your data can be sniffed out. Use Hotspot Shield whenever logging in at airports, hotels, internet cafés and more.

Don’t use outdated software. Are you still on Windows XP? Time to switch to 7 or 8. Security holes in outdated applications will not get plugged if there’s no longer support.

Power passwords. You wear a power suit; you take a power lunch, a power nap and a power walk, but do you have a power password? A power password is extremely difficult to crack. It’s at least 12 characters long, contains no dictionary words or keyboard sequences, and has a variety of symbols. You can also use a password manager to create and encrypt passwords.

OS updates: often. Many people fail to keep their operating systems updated. Big mistake. An update means that a security hole, through which a hacker could get in, has been patched. Lots of holes mean lots of entry points for hackers. If Windows alerts you to an available update, then run it. Learn about your system’s update dynamics and get going on this.

Patch up your software. Have you been getting update alerts for Adobe Reader? Take this seriously, because this software is highly vulnerable to hacking if it has unpatched holes. Any reminder to update software must be taken seriously. Don’t wait for an attack.

Wipe old hardware. Got any defunct laptops, tablets, flash drives, hard drives, etc.? Before reselling them, strip them of your data. If you want to discard them, literally hammer them to pieces.

Two-factor authentication. A long, strong password is not 100 percent uncrackable. If a hacker cracks it, but then finds he must apply a second factor to get into your account…and that second factor requires your smartphone to receive a one-time code, he’ll move on.

Don’t get duped. Never click links in e-mails. Don’t click on something that seems too good to be true (a link to naked photos of your favorite movie star). Avoid suspicious looking websites.

Stop blabbing on social media. Information you post on Facebook, for instance, could contain clues to your passwords or security questions for your bank account. Sure, post a picture of your new puppy, but leave the name a mystery if it’s the answer to a security question.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

College bound kids: protect your identity

November 14, 2014/in Hotspot Shield, wifi /by Robert Siciliano

The good old days were when today’s college kids’ parents lugged their typewriters into their dorm room, and they communicated to people via the phone on their room’s wall. Their biggest worry was someone stealing their popcorn maker. Nowadays, college kids need to beware of remote invasions by thieves.

Major educational institutions have reported numerous data breaches; they come from criminals but also result from professors being careless with laptops and students on open WiFi.

Why are colleges hotspots for hackers? There’s all sorts of users on insecure networks, not to mention a wealth of data. So it’s no longer just warning your kids not to walk the campus alone at night or to stay away from drugs and alcohol.

Students can have a tendency to reuse the same password—anything to make college life less hectic. All accounts should have a different password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters.

Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot, only to instead download a virus.

Students should look for signs of a scam like bad grammar and spelling in the “official notice” and other suspicious things. Though it’s of utmost importance to have antivirus and antimalware, these won’t stop a thief from using the student’s credit card number after the student is tricked into giving it on a phony website.

College kids also have a tendency to go nuts on social media, posting continuous updates of their day-to-day actions. If the student’s Facebook page is chockfull of personal information, a crook who has the student’s e-mail address could use this information to figure out the student’s answer to security questions and then gain entry to their accounts. This is why two-factor authentication is so important. The thief can’t possibly bust into an account if they need a special one time PIN code with the password usually delivered via a text on their mobile.

Unprotected Wi-Fi. Not all campuses provide secure Wi-Fi, and the presence of antivirus, antiphishing, antispyware and firewalls don’t guarantee all levels of protection. To play it safe, students should never visit bank account sites, insurance carrier sites and other such sites while using public Wi-Fi. Better yet install Hotspot Shield to lock down and encrypt any unsecured WiFi.

Connection salad. Campuses are full of all sorts of connected devices, from phones and tablets to nutrition trackers and other gadgets. Everyone has a device, creating a hodgepodge of connections that puts students and everyone else on campus at risk for a data breach. These Internet of Things devices need their latest software updates and firmware updates. Keep them safe from physical theft too. Shut them off when not in use.

Password protect devices: We lose stuff and stuff gets stolen. While it is certainly more convenient to not password protect a mobile, laptop or tablet, it is also an identity waiting to be stolen. Everything needs a password and don’t share that password with anyone but parents. Because when you are sleeping some night, a drunk college dormate will come log in and start posing as you on social posting disparaging stuff that will last forever.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Top 10 Preventative Security Measures for your Home

November 13, 2014/in home security /by Robert Siciliano

How safe do you really think your home is?

Lock the doors. This no-brainer doesn’t just mean when you’re gone all evening. It means during the daytime when you’re home. There’s no reason for doors to be unlocked when you’re inside the house. Does your lock consist of a deadbolt? Don’t rely on just a simple lock and key system. Think layers.
The garage is also a door. Make sure it’s locked at all times. And if you think a skinny intruder won’t slip in through that “little crack” that the garage door is open by in the name of ventilating summer air, think again. Sometimes, the thief is a grade school child. Unplug the garage door when you travel.
Charlie bars. Place rods in the tracks of your sliding doors to prevent them from being opened. Invest in “door reinforcement technology”. Google it.
Alarm system. Do you wait till it’s bedtime to put the alarm on? Sociopaths can have an early bedtime. They’re not going to wait till you’re fast asleep to bust into your house. The alarm system should be on at all times. You just never know who might be lurking outside.
And if you’re worried about accidentally opening a door without first turning off the alarm, then train your mind to avoid making this mistake. Installation of an alarm system is easier than ever these days and they come with all sorts of features like motion detectors.
Lighting in and out. The general idea is to make your home seem occupied even when it isn’t. Lighting on timers is an option. Check out the BeOn. BeOn is a burglar repellent that “learns” your home’s pattern of light usage. So if you then leave the house for a long time, BeON will replicate this pattern. If anyone’s been casing your house and observing your lights-on, lights-off schedule, they will be fooled into thinking you’re home when BeON replays the pattern while you’re out.
Make some noise. Leaving on the TV or radio is one way to do it. A barking dog is another. The BeOn system will make some noise in its next iteration. Check out their Kickstarter campaign and invest in your homes security.
Outdoor deterrent. A proven deterrent is a thorny type of shrub placed near entry points—close enough to them such that a burglar would have to endure being painfully poked in order to hide or attempt a break-in.
Speaking of outdoors…Don’t hide keys outside. Give them to trusted people.
Blinds and curtains. Do you realize how easily a burglar, casing your house, could see inside, even in broad daylight? They’re not just looking for valuables, but what the house’s occupants look like. Do you look like Jean Claude Van Damme? Or do you look like the average Joe Schmo? Are you female? Unless you resemble Laila Ali, you might want to consider keeping your blinds, shades and curtains down even during the day, at least for rooms where it’s not essential to have “natural light.”
Guess what burglars like to do online. They like to peruse Facebook pages to see who’s on vacation. Though half the world is on Facebook, have you been lucky enough in your life to feel certain that a thief will never just stumble upon YOUR Facebook page with all the posts about your upcoming vacation, complete with dates of departure and return?

Robert Siciliano personal and home security specialist to BeOn Home Security discussing burglar proofing your home on Fox Boston. Disclosures.

The Whitehouse Break-in

November 13, 2014/in burglary /by Robert Siciliano

What a nutcase: the man who recently broke into the White House, missing President Obama by just minutes. (Why isn’t the White House fence more unscalable?)

Omar J. Gonzalez, 42 and unarmed, was arrested just inside the house. The Texan was charged with unlawful entry, and it’s not clear what his motive was.

The Sept. 19 incident began when Gonzalez was spotted climbing the fence. A Secret Service agent cleared people out of the area. The intruder sprinted across the lawn after hopping down from the fence and went through the north portico doors. A witness even said, “He got a good run in,” referring to the North Lawn sprint. Parts of the White House were evacuated, and officials were yelling to the man to freeze.

Obama had been scheduled to depart, by helicopter with his daughters, at 7:05 pm, leaving from the South Lawn. Gonzalez got over the fence at 7:20 pm. However, apparently, Obama had left only a few minutes before this incident.

The video surveillance of Gonzalez shows what appears to be a man running in a race. Maybe he’d been training specifically for this event? Who knows.

Though scaling the fence isn’t new, this incident may be a first in that the trespasser succeeded in gaining entry to the White House.

Wonder what Gonzalez has claimed, if at all, is the reason he did what he did. Did “voices” tell him to do it? Was it a dare, a bet with a lot of money riding on it? Did he want 15 minutes of fame, even if it came with a prison cost? And how is it that security at the White House is so lax? What if this guy had had a grenade on him, and Obama was delayed a few more minutes and just happened to be near the entrance where Gonzalez burst into?

You’d think a Whitehouse home security system equipped with armed guards, dogs and fences would keep a crazy out. Or maybe they don’t even have an actual system. If I’m ever elected president, I’d get one.