Beware of Employees Who Lie About Their Identity

/in /by

It’s way too easy for anyone to pretend to be someone else. When hiring, make sure you use identity proofing measures so you don’t get scammed.

When hiring, the first concern most companies have is determining how effective an employee will be. In fact, the first concern should be determining if the person is actually who he or she claims to be. Regardless of the nature of your business, an employee masquerading behind a false identity can wreak havoc on your company.

Michael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

We are functioning in an environment in which humans have yet to be truly verified or authenticated. There are 7 billion people on the planet using thousands of various forms of identification, but with little security. In the United States, the Social Security number is, regrettably, a national ID that is available in file cabinets and databases everywhere, including for sale online. There are thousands of variations on birth certificates (I have five different versions of my own); there are people selling fake IDs, from kids on college campuses all the way up to organized criminals; and credit is wide open, which means anyone who gets hold of anyone’s identification can get credit under that person’s name.

Protecting Yourself

It’s important to understand what identity proofing is. As you might have guessed, identity proofing simply refers to proving that individuals are who they say they are. Identity proofing often begins with personal questions, such as asking for the name of a first grade teacher, mother’s maiden name, first phone number, or the make and model of a first vehicle—as though (in theory) only the actual person would be able to provide the correct answers. Of course, this technique is not foolproof, and now that personal information is so readily available on the Internet, knowledge-based authentication is effectively on its way to extinction—and for good reason. 

The next step in identity proofing is documentation, such as a birth certificate, a copy of a utility bill, high school yearbook, mortgage statement or, of course, a driver’s license or passport. Some of these identifying documents can be scavenged from the trash, but they are effective proof when combined with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Identity scoring, which is in use with many mortgage brokers today, is another effective identity proofing method. An identity-score system can tag and verify the legitimacy of an individual’s public identity using the Internet and both private and government websites. Identity scores are being used to prevent business fraud and to verify and correct public records. Identity scores incorporate a broad set of consumer data, including Internet data, corporate data, personal identifiers, credit records, public and government records, self-assessed behavior patterns and predicted behavior patterns based on empirical data.

Finally, fake IDs contribute to the exasperating problem of imposter fraud. Get the ID Checking Guide to assist you with employee ID verification. Verifying an ID is important, whether for an initial screening or a final ID check. By reducing fraudulent employment applications, time and money can be saved and problem employees who lead to litigation can be averted. 

Eventually, detection methods for fake IDs, such as smartcards, biometrics in all its forms, and multi-factor authentication, will help ensure that the identities presented can be trusted—and being an imposter won’t be so easy.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Banking and Brokerage Accounts vulnerable to “Account Takeover”

/in /by

It wasn’t pretty: those fairly recent credit card breaches at a few big-name retailers. As newsworthy as these were, they’re actually not the greatest risk for wealthy folks; a bigger foe is a money management firm lacking sufficient checks and balances.

3DAttack schemes:

Another type of attack can hit an organization hard: some cyber punk getting into your clients e-mail account, then using their stolen information to rob money from the clients financial accounts. E-mail related fraud is booming.

Perhaps the biggest scheme is when an employee gets an e-mail in which someone is requesting money—and urgently. Often, the employee is lured into clicking on a link inside the e-mail, and the end result is that the employee ultimately reveals personal data, allowing the system to get hacked.

Another common realm of infiltration is via unsecured public wireless networks, such as at an airport or hotel. Fraudsters will set up hot spots—fake, of course—that yield Internet access but will ensnare employee data.

Employees can also expose their accounts to hacking by using their e-mail address to log into their own financial accounts. This makes the job easier for cybercriminals.

Protect Your Business

Here are some ways to add protection:

Revamp how employees wire money for clients (one way to do this is to require that the recipient’s authenticity be verified with a phone call).

Clients should verify any and all wire transfers from their accounts.

If a client’s computer is not recognized or has an unfamiliar IP address, the client should be called with a code that completes the transaction.

Incorporate multifactor authentication in the login process and when transfers of any substantial amount are made.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

VPN for Online Security: Hotspot Shield

/in /by

Online users need a VPN (virtual private network), a kind of service that gives you online security, and Hotspot Shield’s service has a free version. A VPN hides your device’s IP address and interferes with any company trying to track your browsing patterns.

7WMany online companies take peoples’ data without their authorization, and then share it with other entities—again without the user’s permission. A virtual private network will put a stop to this invasion.

Thanks to the fiasco with Edward Snowden and the political messes happening in Venezuela and other parts of the world, many people are turning to VPN services like Hotspot Shield. When you surf the ‘Net on a public network (including using social media), your personal information is up for grabs in the air by vultures.

Why is VPN online security important?

Your personal data is out there literally in the air, to get mopped up by Internet entities wanting your money—or oppressive governments just wanting to snoop or even block internet access to the rest of the world. If you use your device when traveling, you’re at particular risk for suffering some kind of data breach or device infection.

The unprotected public networks of hotel, airport and coffee house Wi-Fis mean open season for crooks and snoops hunting for unprotected data transmissions. The VPN protects these transmissions of data.

In fact, Hotspot Shield was used to escape the prying of government online censors during the Arab Spring uprisings. This VPN has been downloaded hundreds and hundreds of thousands of times.

This VPN service comes with periodic pop-up ads and some banner ads for the free version, but the $30 per year version is free of ads and has malware protection.

What else does a VPN like Hotspot Shield do?

Users are protected from cookies that track where the users visit online. If your online visits are getting tracked, this information can be used against you by lawyers and insurance companies. And who knows what else could happen when tech giants out there know your every cyber move.

More on Hotspot Shield’s VPN

  • Compresses bandwidths. All the traffic on the server side, before it’s sent to the user’s device, is compressed. This way users can stretch data plans.
  • Security. All of your online sessions are encrypted: HTTPS (note the “S”) is implemented for any site you visit including banking sites. You’re protected from those non-secure Wi-Fi networks and malware.
  • Access. Think of the protection as a steel tunnel through which you access the Internet.
  • Privacy. Your IP address is masked, and so is your identity, from tracking cookies.

Hotspot Shield is compatible with iOS, Android, Mac and PC. It runs in the background once it’s installed and guards all of your applications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

5 Smart Ways to Protect Your Home from Dumb Burglars

/in /by

Having been a home security expert for years, I am always amazed at how dumb criminals could be, but there’s always a homeowner they can outwit, such as in the case below:

3HA man burglarized two houses in Marshall town, Iowa, and then sold the loot on Facebook, says a story in the online Times-Republican. The genius busted in when the homeowners were on a holiday trip, making off with several TVs, DVDs, clothes, even small kitchen appliances.

Here are ways to protect your home from burglars dumb and smart, skittish and determined:

  1. Secure the garage. Many burglars gain entry via the garage. Make sure your automatic garage door opener, if in your car, is hidden from view. Always keep the door locked that joins your garage to your home. Often, this door goes unlocked, creating a weak link in home security.
  2. Have strong doors and locks. Exterior doors should not be hollow-core, but made of metal such as steel, or solid wood. Use a deadbolt lock, and never forget to lock all doors and windows when you leave and also when you go to bed.
  3. Don’t hide keys outside the house; even a dumb criminal will know to look under the flower pot or doormat. Leave a spare set of house keys with a trusted person when you’re on vacation.
  4. Use a home security monitoring system. The screaming alarm is a superb deterrent should a burglar penetrate a portal. All exterior doors should have detectors and motion sensors. This system should be linked to a monitoring center so that trained professionals can promptly send out help.
  5. Don’t advertise your vacation. A would-be burglar can learn you’re away by reading your Facebook page’s posts about your vacation plans. Crooks do indeed peruse social media sites for these kinds of posts. Keep your vacation plans as secret as possible. Put a hold on your mail or have a trusted person collect it. Put a vacation hold on newspaper delivery.

Follow these guidelines and they’ll make a big difference in the protection of your home from intruders.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Small Business Protect Your Wifi

/in /by

With Wi-Fi, your data is literally in the air, up for grabs by anyone with the right tools. It needs protection from nearby users who may want to freeload off you (which can slow you down) or…hijack your accounts. You need encryption.

1WEspecially when you’re connected in airports, hotels, coffee shops, etc., almost always the connection is not secure.

Wi-Fi Security Options

Varying security levels are provided by WEP, WPA and WPA2. WEP is not secure. WPA provides moderate protection. WPA2 is the best. But you can use both WPA and WPA2. Use the “personal mode” (for one or two users) of WPA/WPA2 with a long, non-dictionary word passphrase.

For more than a few users, the “enterprise mode” is suitable, but requires a server. It has stronger security than personal, and each Wi-Fi user has his or her own password and username. Enterprise prevents snooping and hijacking among your organization’s employees.

Personal: To enable personal mode WPA2 on a wireless router, create a passphrase on access points or the wireless router. Type the IP address of each AP or router into a web browser to log into the control panel of each AP or router. Then enable WPA2-Personal with encryption/cypher type by finding the wireless security settings. Create a non-dictionary-word long passphrase—which is required to connect to the Wi-Fi.

Enterprise: You need a RADIUS server to get WPA/WPA2-Enterprise going. A hosted service will set up the server if you can’t. Some APs have built-in RADIUS servers. After the RADIUS server is all set up, input a password (shared secret), etc., for each AP or router. Input usernames and PWs for your organization’s Wi-Fi users into the RADIUS server.

Configure each AP or router with authentication and security settings. Log into the control panel of each AP or router by typing its IP address. Find the wireless security settings; enable the enterprise WPA2 (“WPA2”). Enter the IP address; input the password (shared secret). Users can now connect.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Kim Kardashian’s Identity Theft Case cracked

/in /by

Never underestimate the brains of a young guy who still lives with his mother—at least not the case of 19-year-old Luis Flores, Jr., who was smart enough to steal the identities of Kim Kardashian and even the head of the FBI, and assume their financial accounts.

11DOf course, he wasn’t smart enough not to get caught.

Flores’ weapon was a flash drive loaded with private data from celebrities and politicians; he got into their credit card accounts and transferred thousands of their dollars to his bank account. He got nabbed finally.

Red flags raised when American Express reported some suspicious activity on a number of accounts, causing the Secret Service to investigate Flores and his mother.

Someone had phoned American Express claiming to be Kim Kardashian, knew her private information, then changed the account’s SSN to that of Flores’. The snail mail address was changed to Flores’ apartment’s. The caller then requested replacement cards.

The Secret Service questioned Flores and Kyah Green, his mother, about the cards but they didn’t cooperate. The Secret Service also discovered that Flores had a history of fraudulent behavior. Additionally, Flores had wired money from Kris Jenner’s account into his own.

It gets better: Authorities linked Flores to fraudulent activity involving Ashton Kutcher, Paris Hilton, U.S. Marshals Service Director Stacia Hylton and former FBI director Robert Mueller.

The flash drive was discovered in Flores’ apartment by the Secret Service. In it was the bank and credit card accounts, credit reports and SSNs of all the victims named prior, but also those of Bill Gates, Michelle Obama, Joe Biden, Beyoncé Knowles, plus other politicians.

How could Flores’ have gotten this sensitive information? A web site that was launched last year by hackers. It is believed the hackers got the data from legitimate sources such as information brokers who didn’t realize their clients were criminals.

The search of Flores’ apartment by agents didn’t stop him; he contacted American Express in an attempt to access the accounts of Gates, Kutcher and Tom Cruise.

Flores and his mother were charged federally; both pleaded guilty. This is one more reason to invest in identity theft protection or get a credit freeze.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Protect Your Home without a Gun: Effective Ways

/in /by

Yes, you can protect your home without a gun. Having been in the security industry for many years, I have instructed homeowners on proven ways to protect their home without using a firearm. Here are proven ways to protect your home without a gun.

5HPepper Spray

This stuff works. Just getting the mist in your face from it being carried upwind will make you cough and your eyes burn. Imagine what this chemical will do when sprayed directly into the face of a home intruder.

House Watching

  • Have a house sitter stay at your place while you’re on vacation.
  • Arrange to have trusted people drop by occasionally as well.
  • Use a monitoring firm that will send help if an intruder trips an alarm.

Exterior Fortification

  • If possible install flood lights, particularly near secluded portals.
  • Employ a motion sensor that flips the lights on.
  • Plant thorn-bearing brush under windows and other areas where a burglar might creep around.

Get a Dog

  • Not only will the homeowner be awakened by even a tiny dog’s frantic barking when it hears/smells a stranger on the premises, but it will get the attention of neighbors. Many a burglar will flee when little Princess begins yipping like mad, let alone Duke.
  • If the dog alarm goes off, call 9-1-1.
  • Grab the baseball bat or golf club (that you have at your bedside) to prepare for possible defense.
  • Don’t get ahead of yourself with swords or weaponry you’re not trained to use, or that look effective but can’t be swung in limited space.

Cameras

  • Arm your perimeter with a complete surveillance system.
  • Security cameras, when detecting motion, can emit a siren or lighting that can alert the homeowner via a smartphone.
  • Use apps that allow you to view your home from your mobile device.
  • Install cameras inside your house as well.

Home security system

  • A home alarm screams when you can’t.
  • Home security systems call the police when you aren’t able.
  • Home security alarms deter intruders who fear they might get caught.

If guns make you feel unnerved, you just learned how you can protect your home without a gun.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Mortgage Brokers put Client Data at risk

/in /by

Your private information may not be safe with your own mortgage lender, even a small one, says cybersecurity firm HALOCK Security Labs. The leak may occur when data goes from applicant to lender.

4DSeventy percent of the 63 U.S. mortgage lenders that HALOCK investigated allowed applicants to send private and financial data (like tax documents) as e-mail attachments—over unencrypted e-mail. Seventy percent also promote faxing sensitive data—not nearly as secure as encryption.

While more than 40 percent provided a snail mail option, only 12 percent offered encryption. Several survey participants, when the subjects were asked why they didn’t offer a secure e-mail portal, replied it was an issue of what the applicant was “most comfortable with.” (Certainly, who’d be comfortable with a leak of their most private information?)

While lenders place customer comfort ahead of security, they fail to realize that customers have been steadily losing confidence in their banks’ commitment to privacy.

Another consideration is whose comfort is really at issue? In a study, one former mortgage lender stated that it was a time hassle to explain to customers about secure portals; unprotected e-mail was quick and convenient.

But it’s well-worth the time to hassle with this, says security expert Graham Cluley. Regular e-mail, by definition, is non-secure.

There’s no shortage of methods to send e-mail securely. It’s just that they’re underutilized by organizations. Decision makers want to make things easy for customers, but this doesn’t have to be at the expense of their security.

Security measures that are customer-friendly exist. Bank customers are more demanding than ever for security, even though they usually do not understand about encryption. What bank wants a weak link in the form of a gaping hole through which customer data can leak? An ounce of prevention (secure portal log-in) is worth a pound of cure (identity theft).

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

10 Easy Ways to hide from spies

/in , /by

Who would have ever thought that that marvelous invention, the smartphone, as well as your tablet and PC, would give you cause for concern about hiding from spies? And when I say spies I mean anyone who has a vested interest in your information whether that is governments foreign or domestic or a spouse, employer, marketer or just some freaky weirdo.

11D Today’s technological conveniences also act as portals through which the spies can gain access to your personal information. As a security analyst, I’ve come up with the following:

Easy Ways You Can Hide Your Data from the spies

  1. Use a VPN (virtual private network) such as Hotspot Shield VPN when online. This way your data traffic is encrypted—and thus difficult to detect by spies or any hackers, whether you use a phone, computer or tablet. Data transmission may still occur due to ads, but the VPN will put a stifling effect on it.
  1. Use Tor. You can hide from mass and corporate surveillance with a Tor installation—which the National Security Agency does not like—because it works.
  1. While playing games put your mobile device into airplane mode (which suspends data transmission). You don’t need to be online to play all games. Being offline means your personal data can’t be transmitted.
  1. HTTPS! Install HTTPS Everywhere, a browser plugin for Chrome, Firefox and Opera. It’s free, though currently not available for smartphones. HTTPS means security on the visited web site.
  1. Post on social media only when you’re connected with your password-protected, secure workplace or home Wi-Fi. And in some cases you may need to post via computer, not your smartphone!
  1. Hard drive encryption. A person who uses your computer or mobile will not be able to copy its data if you have an encrypted hard drive. Local storage can be encrypted on the latest versions of Windows, Macs, iOS and Android.
  1. Turn off cellular data connections. Unless you absolutely must know every single e-mail that’s coming in when you’re out and about, switch off the cellular data. Check your e-mail only when you’re on a secure network.
  1. Turn off the GPS and Wi-Fi on your mobile device. GPS, Wi-Fi and geolocation can pinpoint your location fast. Keep them off unless you need them (lost in the wilderness?). To turn off geolocation, start with your apps that take photos, then do the rest. Then you won’t have to worry about government agents finding you.
  1. Dumb down. Your phone, that is. If you’re really concerned about privacy, ditch the smartphone and use a “dumb” phone also known as a “feature phone”. Though even a simple cellphone can be used as a tracking device, it makes it hard for anyone to get your location and data since you can’t get on social media or play online games with a dumb phone.
  1. Never open e-mails with a blank subject line. Though your spacey friend may neglect to type into the subject line, a blank subject field can also mean a virus waiting to make its move. If the sender is familiar, send them a newly created message asking if they just sent you something with a blank subject line.

So there you have it: 10 ways that pretty much work to keep hidden from the spies and all other snoops.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

DIY Home Security Automation is easy

/in /by

Take home security seriously—before the break-in. If you’re up for a great DIY project, get going with home security.

3HReinforce doors. What you see in cops and robbers TV shows is true: Doors really can be kicked in. But not if they’re reinforced with easy screw-on upgrades that can resist even a kung fu master. Start with a door guard plate. Next, a door jam reinforcement will replace the weak pine door frame with a steel inset. Of course, replacing a wooden door with a steel door would really add security. For an added layer of protection, install the Schlage Touchscreen Deadbolt to your front door. It is the only Z-Wave compatible lock to feature a built-in alarm system, producing warning alerts to homeowners prior to their home being breached.

Strengthen windows. A window with a smash-proof coating will repel a thrown brick or whacking pipe. The coating is a film that’s applied like a big sticker. A determined burglar may be able to crack the window, but the film will hold the pane in place, preventing entry.

Landscaping. Though shrubs can deter intruders, they can also shield them from neighbors if overgrown. Make sure that branches are trimmed. To add security, illuminate areas around bushes and trees with flood lights.

Garage. Never leave the garage door opener in your car exposed because thieves can get into your car if it’s parked outside…and you know the rest. One solution is a Wi-Fi garage door opener so you can control the door with your phone.

Surveillance cameras. The latest technology allows you to remotely view your premises. Your phone will receive an alert from these cameras when they detect motion or sound nearby; you’ll be able to see what’s going on in real-time.

Locks. It can take only 15 minutes to replace an old lock with a keyless one such as the Schlage Touchscreen Deadbolt. Its features ensure that your house is locked, and unlocking is a snap, all via a number code. Just assemble the lock and put it in. It’s rare to have to drill more holes.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.