What is Social Engineering?

/in /by

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation.

social_engineeringIn our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financial gain. Social engineering can take many forms from an email, phone call, social networking site, text messages, etc., but they all have the same intent—to get you to part with valuable information.

Any one of us can be a target. And social engineering continues to be a tool that cybercriminals use because it works. They play on our emotions and our innate sense to want to trust others and be helpful. The also rely on the fact that many of us are not aware of the value of the information we possess and are careless about protecting it.

For instance, after major natural disasters or major news topics, like a hurricane or earthquake, cybercriminals sent out scores of bogus emails, calling for sympathy and donations for the victims, just so they could line their pockets.

In addition to sympathy, the bad guys also barter in fear, curiosity and greed. From emails offering fake lottery winnings (greed), to dangerous download sites advertising a preview of the latest Lady Gaga song (curiosity), to devious popup messages that warn you that your computer is at risk (fear), today’s cybercriminals are masters at manipulating our emotions.

And because their tricks often look legitimate, it can be hard for you to identify them. You could wind up accidentally infecting your machine, or sharing personal and financial information, potentially leading to monetary loss and even identity theft.

How can you protect yourself?

  • Never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages, and any time the phone rings and they are requesting personal information consider it a scam.
  • Be suspicious of any offer that seems too good to be true, such as the lure of receiving thousands of dollars just for doing a wire transfer for someone else.
  • If you are unsure whether a request is legitimate, check for telltale signs that it could be a fake, such as typos and incorrect grammar. If you are still unsure, contact the company or organization directly. Financial institutions, and most sites, don’t send emails or text messages asking for your user name and password information.
  • When using social networking sites, don’t accept friend requests from people you don’t know, and limit the amount of personal information you post to your profile.
  • Consider using a safe browsing tool such as McAfee® SiteAdvisor® software, which tells you whether a website is safe right in your search results, helping you navigate away from phony sites.
  • Make sure your all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets.

So remember to ask yourself if this is really legit, the next time you get a message that plays on your emotions. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

13 ways Protect your Credit Cards from Fraud

/in /by

Here are a number of ways you can protect your credit cards from fraud.

2C1. Keep a sharp eye on your credit card accounts. Read through the purchases for every monthly statement to see if any unfamiliar or odd items show up. Don’t just skip past small purchases; a charge for $9.95 could still be fraudulent. A crook knows you’re less likely to pay attention to small numbers. Consider checking your statements online weekly or even better, download your banks mobile app and check them daily.

2. Immediately contact your bank. By law, credit card companies have to give you 60 days to refute unauthorized charges. And with “zero liability policies”  fraudulent charges are often squashed as long as a year later. However the sooner you contact the bank upon suspecting fraudulent activity, the more likely the credit card issuer will reverse the fraudulent charges. The compromised account should be closed and a new card and account issued and opened, respectively.

3. Credit card monitoring services. These are free or fee based and often included in identity theft protection services and will keep an eye on your credit score as well as inquiries for new credit, and balance charges.

4. Implement activity alerts. Your accounts should have these; the alerts can come via e-mail or text for various card related activity, such as based on amount or frequency. You can text messages for every card present (in person) and card not present (online) transaction.

5. Go virtual. If your bank offers it, use a virtual credit card number online. These are card numbers that change every time you use them.

6. Skimming awareness. Credit card skimming is when a thief sabotages the card reader (such as an ATM’s), allowing him to get your card’s data. Look for signs of tampering like loose parts on the keypad or a camera looking down on the console. Conceal the keypad with your other hand when you enter your PIN. A skimmer can also use a handheld device and skim your card right in his hand. Be very careful whom you give your card to for a purchase.

7. Don’t save. That is, your credit card information with an online merchant. Instead, manually enter it every time you shop. The hassle of this means more security.

8. Financial tracking apps. These are free and can alert the cardholder to odd activity, such as an unusually large purchase. I like Mint by Intuit. BillGuard is great too.

9. Be alert. In addition to unauthorized charges showing on your card’s statement, be on the lookout for strange bank account withdrawals, collection notices for debts you’ve never heard of, being rejected for credit applications, among other red flags.

10. Shop securely on Wi-Fi. Use an encrypting software such as Hotspot Shield VPN. VPN is virtual private network and will prevent snoops and crooks from spying on your online activities.

11. Use reputable sites. Make purchases only from reputable sites you’ve already shopped at or otherwise trustworthy sites like eBay (check sellers ratings) and Amazon.

12. Updates. Set your computer’s or device’s critical security patches to automatically update; these patches help correct newly-discovered vulnerabilities. And speaking of updates, make sure you update your antivirus and your browser to the latest version, to correct vulnerabilities.

13. HTTPS.  The HTTPS at the beginning of the browser before the URL, means that the site is secure. Never input your credit card number on a site that does not have the HTTPS in the URL field. The HTTPS means there’s encryption on that particular page.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Courts side with Consumers in Data Breach

/in /by

In general, courts don’t tend to side with consumers in data breach incidents. However, a federal court in Florida is the apple among the oranges. It approved a $3 million settlement for victims whose data was on a stolen laptop in December 2009, that contained personal health information.

2D

The laptops belonged to AvMed, a health insurer, and the unencrypted data involved records of tens of thousands of the company’s customers.

Though the consumer-plaintiffs suffered no identity theft or other direct losses, they blamed AvMed of breach of contract and fiduciary duty, negligence and unjust enrichment.

These claims were dismissed by the U.S. District Court for the Southern District of Florida, but the plaintiffs appealed. The U.S. Court of Appeals for the Eleventh Circuit remanded the case.

AvMed’s attempt for another dismissal went down the tubes, prompting the company to enter into settlement talks with the plaintiffs.

The agreement says that each victim will get up to $10 for every year they made an insurance payment to AvMed, with a cap at $30. This is money, say the victims, that AvMed could have spent on better data security. The agreement also requires AvMed to pay damages to anyone who gets stung with identity theft.

AvMed will also employ encryption and new password protocols, plus GPS technology for its laptops.

Apparently, this settlement is the first in which the awarded victims didn’t have to show tangible evidence of loss.

Traditionally, courts nationwide don’t take on such claims, and that a claim lacks merit if it’s based on the possibility of future damages rather than actual concrete losses that have already occurred.

The ruling serves as a precedent for future data breach cases, to support customers’ stance that a segment of their health insurance premiums should fund data security placements.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Huge IE Attack: Will Microsoft fix It in Time while XP Users are Left to the Dogs?

/in /by

If you have IE 6 through 11, watch out. There’s a glitch that enables hackers to exploit flaws in these systems. Microsoft is racing to fix this vulnerability bug. Unfortunately, news is not so good for those using Windows XP, because Microsoft has ceased support, period. This means no security updates. It’s estimated that almost 30 percent of all the personal computers across the world are using Windows XP. Business owners and other decision makers of organizations need to overestimate just how risky it is to cling onto an old favorite rather than promptly switch to a new system that has stronger support.

IESecurity researchers came upon the bug, calling it a “zero day threat”: The initial attacks occurred before Microsoft knew of the problem. Researchers also say the flaw has been exploited by a savvy hacker group with a campaign called “Operation Clandestine Fox.”

Nobody seems to know what makes this hacking group tick. Maybe they just want to get their hands on some sensitive military and financial institution data. Microsoft says that the attacker means serious business and can potentially gain massive control of the flawed system.

Protect yourself:

  • Do not use IE. Use another browser like Chrome or Firefox.
  • If you have Adobe Flash update it now or disable it immediately. The attacks depend on Adobe Flash.
  • Microsoft urges XP users to upgrade to Windows 7 or 8. If your PC can’t support these, buy a new one. Or, consider getting the Windows Upgrade Assistant from Microsoft, which can be downloaded.

With hackers swarming in like killer bees, knowing that XP’s support is over, XP users must stay in heavyweight mode for any attacks. Thieves can even use new security updates for Windows Vista (and later) as a guide to hacking into systems running on XP.

Anti-malware solutions aren’t very effective on operating systems that lack support, and hackers know this. But more alarming is that fewer users, including business owners, are ready to accept this or even have a clue about it. Regardless, update your antivirus now.

Though it seems that for good measure, Microsoft should provide one last support run for XP users who are affected by the bug, the software behemoth won’t budge.
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Phishing Alert: 10 Tips To Protect Your Business From Attacks

/in /by

It’s becoming too easy for criminals to get their hands on your banking information, due to your employees’ ignorance of phishing scams.

13DMalware attacks have soared recently, targeting banks for the purpose of stealing online banking information. Over 200,000 new infections occurred between July and September 2013—the highest jump in the past 11 years, according to a TrendsLab Security report. Cyber-criminals are ubiquitous on this planet, and phishing is a favorite among their arsenal of attacks, a way to gain access to computers, as well as infecting a computer.

ZeuS (aka Zbot) is a common malware planted on websites. If a website is infested with ZeuS, or other malware, and you visit that site, your computer will become infested with ZeuS. Once settled in, ZeuS steals online banking credentials, and then transmits these details to a remote server, where the cyber-criminals can access it. But for ZeuS to spread, that means someone is opening a phishing email and clicking on the link that leads to the virus-inhabited website.

Who’s clicking on these links? Unfortunately, some of your employees probably are. According to a recent eWeek article, 18 percent of phishing messages are opened in the workplace—and yes, this includes clicking the accompanying malicious link.

That’s not all—sometimes the numbers can go even higher. According to the report, one particular phishing campaign yielded a 72 percent clicking response on the link.

Furthermore, the report states, 71 percent of users’ computers have a higher susceptibility of infection due to having outdated versions of popular software such as Microsoft Silverlight and Adobe Acrobat.

How To Stop Your Employees

Monthly training of employees to avoid suspicious emails helps knock down the percentage of clicks to 2 percent, much better than quarterly training does (to 19 percent). The report adds that cleaning recipients’ invaded computers costs the company, even though 57 percent of companies rated phishing attacks as “minimal.” However, even “minimal” impact still means a lot of cleanup for a high volume of attacks, involving IT staff response and employee downtime during system restoration.

Those who take the bait are costing you money, and the potential risk to your business is enormous. The Anti-Phishing Working Group recommends the follow tips. Share them with your employees ASAP.

  • A big red flag should go with emails that request personal financial information. If the name of the company bank is mentioned, arrange a phone call to that bank regarding the suspicious email.
  • Be leery of exciting or worrisome statements designed to rattle emotions rather than sink in logically; think before you click!
  • Be highly suspicious of a message asking for a password, username, credit card information, date of birth or other very private details of yourself or your company.
  • If you don’t recognize the sender’s name or address, or have no idea what the message could pertain to, simply ignore it altogether. It’s never urgent to click a link; you won’t get fired if you don’t.
  • Never enter confidential financial (or personal) data in a form inside the email.
  • A special toolbar, installed in the Web browser, can help protect you from fraudulent sites. The toolbar compares online addresses with those of known phishing sites and will provide a prompt alert before you have a chance to click or give out private information.
  • The latest versions of Chrome, Firefox and Internet Explorer have optional anti-phishing protection.
  • Bank, debit and credit account statements should be regularly checked for suspicious transactions.
  • If any transactions look suspicious or unfamiliar, alert appropriate personnel to contact the relevant financial institution.
  • The computer browser should always be kept up-to-date. Security patches should be installed.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Home Monitoring Products go Mainstream

/in /by

With the explosion of security-based home surveillance products/apps, there’s a growing trend in getting surveillance systems that monitor users themselves.

1HPiper

This product’s wide-angle camera allows you to view live video of your home, from anywhere, right on your smartphone. It can:

  • Detect motion
  • Control lights, temperature and appliances
  • Record short videos
  • View inside the home

Canary

Similar to Piper, it provides:

  • Live video and audio
  • Motion detection
  • Night vision
  • Air-quality monitoring

Doorbot

This app allows you to see who’s at your house’s door, regardless of where you are.

  • Better than a peephole.
  • Consider it “visitor ID.”
  • You can answer the door remotely.

There’s no need to do anything while these home monitoring systems nonchalantly collect data. Imagine all the advantages of such technology: catching a burglar is the best benefit, but what about catching a spouse cheating; catching your kids doing drugs; seeing that your kids came home from school safely; learning who in the household keeps drinking up all the soda. Though such surveillance can start out as very annoying, people can become quite used to it, say experts.

Some experts claim that this technology may bring the entire clan closer together. Others insist that it’s spying: checking up on someone without their permission. I have similar systems and use them to watch the home while on business along with check in on the family having dinner. It makes being apart not as difficult.

When this kind of technology becomes the standard and not the exception (and you can count on that shift), it will be the new normal, something that people will know about from an early age, the way life is. It may seem potentially intrusive now because it’s new; it’s not our normal, yet.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to keep your Kids safe Online

/in /by

Every parent should know all the ways they can keep their kids safe in the online world. In McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kids it was found that:7W

  • 86% of kids think social sites are safe and post personal information such as their email addresses (50%) and phone numbers (32%)
  • 48% have looked at content their parents would disapprove of
  • 29% of teens access pirated illegal digital media
  • 12% of teens met a stranger online and then in the physical world
  • 54% of kids say their parents aren’t involved in their digital lives at all
  • 42% say their parents simply don’t care what they are doing online
  • 17% of parents believe the online world is as dangerous as the offline world
  • 74% of parents have thrown in the towel and are exhausted with their kids digital lives.

That last stat isn’t just scary, it’s sad. Because protecting your kids online isn’t an option, it’s a requirement. This isn’t a technology issue, it’s a parenting issue. And parent who say “I give up” are giving up on protecting their children from harm.

Here’s a basic road map of what to be aware of:

Dirty sites. This just doesn’t mean a porn site that a teen decides to check out after accidentally stumbling upon it. There are sites that promote weapons, drugs, school cheating, even how to starve down to dangerously low body weight.

Harmful contacts. Your child can be in contact with anybody in the world, without you even knowing it, and this contact may be a pedophile building up trust in your child—a trust that leads to an in-person meeting.

Information overload. Do your kids know what and what not to blab about in the cyber world? Going away on vacation soon? The whole world may find out (and the whole world includes burglars) after your chatty kid tells all on Facebook.

Sitting sickness. Sitting at the computer for hours on end not only can interfere with sleep and disrupt alertness the following school day, but excessive sitting can result in weight gain and bad posture, plus proneness to snacking on junk food.

Online bullying. Yes, words (even typed) really CAN hit harder than a fist. Cyberbullying leaves marks that are just as invasive as a swollen black eye.

Pirated content. If your kid has no money, but tons of digital files like movies and music, he may be a pirate. Law suits are being filed against parents who don’t take control of their kids online activities.

Hacking. Today kids are either hacking other or being hacked themselves. Knowing what your kids are doing and how to protect your devices is essential.

What can parents do?

Treat your kids as you’d want them to be treated. This includes online. Lay down specific rules regarding computer use and where they can visit online. Instruct your kids to promptly report any threatening or insulting online behavior.

Consider installing parental control software. A parental control program in its fundamental form will allow a parent to decide which category of sites are off-limits and how much time a child can spend online. The software is designed to prevent the child from disabling it. McAfee Family Protection allows parents access from any PC.

Parental controls also come in hardware form, but can’t provide more sophisticated control. Parental control apps exist for mobiles, yielding stronger control than software that’s filtered at the router level. Apps are available for Android, iOS or both.

What’s illegal for your boss at work to do to you is perfectly legal for you to do to your kids: use spyware to track their keystrokes, take screenshots, snag passwords, etc. Spector Pro and PC Pandora are examples. However, for most kids, this level of control isn’t necessary. But they’re invaluable if a troubled child may be interacting with a pedophile, or if your very curious child is just plain rebellious.

Install security software. It’s not enough to have antivirus, antispyware, antiphising and a firewall. You must also protect all wireless communications with Hotspot Shield VPN which locks down their devices Wifi preventing hacks.

Know who they are communicating with. At any given point and time it should be required that parent can check devices and openly discuss any conversations being had. If the parent can’t meet the person or the persons parents, then the child shouldn’t be talk talking to them.

Require device and account passwords. No matter where they go online or whatever devices they own, the parent should have full access at all times.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Future of Identity Theft

/in /by

Identity theft evolves as technology progresses. The Identity Theft Resource Center explains the future of this crime.

11DDefinition of Identity

The definition will swell up to include biometrics and behavior, not just driver’s license number and SSN. So your identity can be defined by how you move a mouse and your keystroke patterns.

Medical Identity

There’s no focal mechanism for the mitigation of medical identity theft, making it easy for thieves to keep getting medical treatment. Many people get their medical identity stolen without knowing it.

Statistics

Crime rate statistics are not telling the whole story. The illusion is that crime rates are on the decline; this is because statistics do not include all fraud activity. The primary indicator in crime statistics reports doesn’t even include identity theft.

Mobile wallets will not take over the world—at least not soon, anyways.

Though mobile wallets seem to be the next big wave in purchase technology, it’s not going to be easy convincing the masses to store every bit of their financial data in their smartphone. In fact, 64 percent of survey participants said they would not convert to a mobile wallet system (Consult Hyperion).

Affordability

All of these cool developments in the world of cyber communication will not necessarily apply to every single person; products cost money. So no matter how much it seems that times are changing or that people are “switching over” to some new technology, there will still be that demographic that’s seemingly left in the dust.

Finally…

It looks as though federal data breach notification laws will at last become a reality. Or so it seems.

Extra Layers

The dual and even multi-step authentication system will become more common, as more industries pick this up, to verify a user’s identity. And even consumers seem to be warming up to this.

Can’t have it both ways:

That is, security and convenience. With all the big data breaches lately, looks like privacy and security will win over convenience for the consumer.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Home Invasion prompts Neighbors to invest in Security

/in /by

The Lincoln-Highlands Association is a resident organization devoted to fighting crime in Oakland, California’s Dimond District.

2BA hundred residents are needed for the program, which would require $30 a month to fund a security guard to patrol the area five days per week.

Other neighborhoods have had success with private patrols, and the push for the Association’s private guard was spurred by an armed intruder who shot and wounded an elderly woman in her house.

However, not all residents are gung-ho on paying for the patrol. One resident says that keeping ahead of crime is the city’s responsibility, and one security guard isn’t omnipotent. On the other hand, how else can crime be deterred, wonder the supporters. The supporters say they’ve gotten a very warm response to the plan and will continue seeking out more supporters.

Home Alarm Systems: Can Do Everything but Handcuff the Intruder

Security systems these days can do just about everything save for apprehending your home’s brazen intruder. Modern-day systems come with all sorts of features that will either deter break-ins or make break-ins more difficult, plus also keep the homeowner aware of everything that’s going on with their property: inside and out.

Features include wireless cameras that have full web access to them, remote controlled and timed lighting, iPhone and Android apps to control and monitor video surveillance from anywhere, remote controlled thermostats, among others. A web dashboard allows the user to control all aspects of each feature, which includes programming in a reaction to a specified incident.

Despite all these features, it’s easy to program such alarm systems, which yield to the user significant awareness of their home’s internal and external environment.

Guard or no guard, don’t keep putting off getting a modern home security system. No intruder wants to wait for you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Intruder snaps Selfie and disappears

/in /by

Remember that scary movie in which the psycho phones the babysitter and says, “Did you check the children?” He was actually in the house and murdered them. Yikes, well that’s just a movie. But sometimes truth is stranger than fiction.

SELFIEAs long as people leave doors unlocked, any whack job can saunter into their house. So if this happens to you while you’re putting your kids to bed, like it recently did to a Denver woman, don’t be surprised.

In her case, though, the man didn’t harm anyone, though he still rents a room for free inside the mother’s mind. Yikes again.

One day the woman found a selfie on her cellphone: a pic of a man she’d never seen before, taken inside her house. Though he stole nothing and though she didn’t even know he’d ventured through her unlocked door till the day after, she remains traumatized.

“And he looks familiar to me; everybody else says they didn’t see him but he looks familiar to me; I know I’ve seen him before,” said neighbor Richard Gardner.

Police say the stranger simply entered through the back door, took the selfie and left. Nobody knows who the man is, but Gardner says, “He doesn’t have glasses when you normally see him walking down the street. Maybe they’re a disguise. I don’t know.”

How to Stay Safe in Your House

  • If you hear someone breaking in, call out to an imaginary companion if you’re alone, “Hey Scott (or some other man’s name), can you see who that is?”
  • Call 9-1-1, then leave, or if you can, reverse this order.
  • Maintain a visible perimeter to your home so neighbors can detect suspicious people near it.
  • Get a home security system, then post their decals on front and back entrances and their signs in your yard.
  • Close all windows when you leave, even on a hot day.
  • Get a neighborhood watch going.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.