Defensive Shrubs prick Intruders

/in /by

Ever consider using plants to deter an intruder? No, not smashing a cactus into his face, (but that’s an option) but growing thorn-bearing tress, shrubs and vines outside your house. The reasons these plants have thorns is to protect them from predators. They can protect you from predators as well.

1SIf vulnerable areas of your residence have thorn-bearing plants, this can ward off intruders. Some plant varieties grow very fast and prolifically. It’s just a matter of finding out which type of plant grows best in your location. To determine your plant hardiness zone go here to search your zone and plant.

Thorn-bearing Trees

Nobody wants to climb a tree whose trunk is jutting thorns.

  • Honey locust. This tree sprouts sharp red thorns, but also provides edible sweet seeds that can be given to livestock.
  • Argentine mesquite. The thorns on this tree grow to two inches. No criminal will want to tackle these thorns to get to your second story window.
  • Black locust. These thorns not only prick, but cause swelling and additional pain.

Thorn-bearing vines

Here is security and beauty all wrapped into one. Check out the following varieties:

  • Climbing roses
  • Catsclaw creeper
  • Bougainvillea
  • Blackberry vines

Thorn-bearing bushes

Nobody’s going to want to get past these to access your window.

  • Cactus. If your climate permits, these spiked plants will scare off intruders. The chollas have two inch thorns.
  • Pyracantha (fire thorn bush). The thorns will produce a burning stinging that will last for hours.
  • Rogosa roses. These pretty flowers have plenty of thorns.
  • Catsclaw acacia. The thorns are hidden by flowers and leaves; a nice surprise for a burglar.
  • Washington hawthorn tree. It can be pruned into a bush and grow right under a window, displaying aesthetic red berries.
  • Oregon grape holly. This attractive shrub has two inch thorns.

An alarm system is a great way to deter a bad guy from coming in your home, but may not stop an intruder from making contact with a portal to your home. However, many different kinds of vegetation can make a criminal think twice before even getting close enough to put his hands on a window or other portal.

Beef up your home’s electronic security network by planting a network of beautiful but imposing greenery.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures

Guarantee your Customers’ Identity Protection

/in /by

The AllClear Guarantee is designed to protect a business owner’s customers from identity theft. Your customers are assured:
2C

  • Six months of automatic protection once they complete their transaction. Each new purchase means extended coverage with any merchant who displays the Guarantee.
  • Protection wherever customers go. Customers are protected by the Guarantee beyond your site, no matter where they go or how ID theft happens.
  • If a customer’s ID is stolen, AllClear will fix everything: restoration of credit report, recovery of financial losses, etc.
  • Zero cost to customers. Participating merchants pay for the Guarantee.

These points are extremely important to the merchant. After all, according to Forrester (2012), 66% of customers are most worried about getting their identities stolen while they’re online. But what’s their greatest online concern? Edelman (2012) says that 90 percent of customers name sharing financial information online as being their greatest concern—as in, for example, using a credit card to make an online payment to a retailer.

How does guaranteed protection benefit the business owner?

  • Increased revenue. Your customers will have more confidence when they complete transactions and will feel more secure about giving accurate information.
  • Customer retention. When consumers feel safe online, they’re more likely to return time and again. The Guarantee will provide this secure feeling.
  • Reduced risk. You’ll be able to respond faster to a data breach, thanks to the Guarantee.

With the AllClear Guarantee, you won’t hope your clients are safe online; you’ll know they are.

  • Consumers should seek out websites that show the AllClear Guarantee
  • Every purchase gets automatic identity protection.
  • The Guarantee is covered by participating merchants.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Why Should You Care About a Site’s Privacy Policy

/in /by

Most websites should have a privacy policy (although I don’t think it’s always the easiest thing to find). And then once you do find it, you’ll see a huge amount of what I consider to be legal mumbo jumbo. And because you really should care about this stuff, the question becomes how do you sort through all this stuff?

2PMost privacy policies usually begin with something around them collecting, using and sharing your personal information or data. For example, here’s how Google, Twitter and Apple’s privacy policies start out:

  • Google (http://www.google.com/policies/privacy/) – “There are many different ways you can use our services – to search for and share information, to communicate with other people or to create new content.”
  • Twitter (https://twitter.com/privacy) – “This Privacy Policy describes how and when Twitter collects, uses and shares your information when you use our Services. Twitter receives your information through our various websites, SMS, APIs, email notifications, applications, buttons, widgets, and ads (the “Services” or “Twitter”) and from our partners and other third parties.”
  • Apple (http://www.apple.com/privacy/) – “Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information.”

Here’s what you really need to understand about a website’s privacy policy as this can affect you

  • How it gathers information – sites usually use cookies to collect or track information.
  • The type of information it gathers – it is keeping track of your name, age, or email address.
  • What it is doing with the information – make sure you understand how the site is using your information, whether it’s just to provide a better experience for you when you return to the site or it is sharing your data with third parties.
  • Security measures it has in place – how a site is protecting your information that it gathers is critical. This should be not only when the data is being transmitted to them, but also once they have it.

And why is this important? Those factors above can affect you if the site is not taking care of your personal information. It could lead to unwanted spam, identity theft and financial fraud depending on what type of information they have gathered from you and how they are using it or taking care of it.

You should also know that the sites should provide options for you to opt in or opt out of how they share your information. Another key thing is to find out how long the site keeps your information. Some sites keep it forever, while others delete it after a certain amount of time. For instance, you should know what happens to your data if you delete your account.

Yes this is something else for you to check. But in our digitally connected world, it’s something you just gotta do.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Student Financial Aid Fraud is a big Problem

/in , /by

Educational institutions are giving out student loans and grants, and the recipients aren’t even attending school. Instead they’re spending the money any which way, while the schools have no idea they’re being ripped off.

9DWith a database, the Education Department flags applicants who’ve applied for federal Pell grants—applicants with an “unusual enrollment history,” such as having received financial aid for at least three schools in only 12 months.

The Department forwards these suspect names to educational institutions; the schools then request that applicants provide documents including prior transcripts. What the school then gets from the applicant determines if a loan or grant is denied.

This flagging procedure has caught 126,000 applicants who sought aid for the 2013-2014 school year.

It’s so easy to scam schools because most federal aid does not require a credit check, and how the money is spent is not tightly restricted.

A school receives the money from the government and spends some on tuition. The remainder is sent as a check to the recipients to spend on books and even living expenses while (supposedly) the recipient attends classes.

Community colleges are especially vulnerable due to their open enrollment and low tuition. The lower the tuition, the more money that’s left over to be sent to the con artist.

The proliferation of this scam can be attributed to the Internet because online applications can result in receiving aid—without the applicant ever being within a mile of the campus.

Application Red Flags

The American Association of Community Colleges (AACC) names the following alerts that financial aid offices can check applications for.

  • Large financial aid refunds or disbursements
  • Attendance at several other colleges
  • A large student loan balance but no degree

Unfortunately, these red flags won’t flutter much if the applicant is a first-time scammer.

Data Red Flags (according to the AACC)

  • Several registrations coming from similar locations out of state
  • Several uses of the same PO box, physical address or IP address
  • Multiple uses of the same computer and/or bank account
  • The emergency contact is the same person for multiple registrants.
  • Certain courses getting a fast increase in number of enrollees
  • Frequent communication from similar individuals or locations

Every applicant should be identity-proofed, which is easier said than done. Verification is one element of identity proofing.

To combat this fraud, Finaid.org notes:

  1. Families must sign a waiver allowing the financial aid office to obtain tax returns straight from the IRS. Some people have submitted fraudulent tax return copies during verification. Getting them directly from the IRS prevents falsification. Another route is to require families to provide copies of their 1099 and W-2 forms, especially when income figures seem suspect.
  2. Request copies of the applicant’s four most recent bank statements; inspect them for unusual transfers and unreported income.
  3. Conduct 100 percent verification.
  4. For parents claiming to be enrolled in college, require a proof of registration plus copy of the paid tuition bill. Confirm registration with the school. And if a parent with a PhD or master’s degree is returning to school for an associate’s degree, be highly suspect.
  5. In cases of divorce or separation, ask for the divorce decree or proof of legal separation, plus street address for each parent.
  6. Compare to each other two consecutive income tax returns to detect any movement of assets to hide them.

There’s more that can be done for identity proofing: biometric software. Biometric Signature ID (BSI) has designed a “Missing Link” patented software-only biometric.

This is the most potent form of ID verification on today’s market, and additional hardware is not required. It measures:

  • Unique way someone moves the mouse, finger or stylus upon logging in
  • Length, direction angle, speed, stroke height, of the

The password is created with BioSig-ID™. Measurement of the above can positively identify the user, regardless of what device they log into. This technology makes it impossible for a fraudster to impersonate the user.

With these unique patterns, BSI software can distinguish the user from everyone else. If the person who registered for the account is NOT the same person who is attempting access, they are stopped – avoiding any potential cheating or financial aid fraud.

Robert Siciliano, personal security and identity theft expert and BioSig-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

10 More Things Burglars Don’t Want you to Know

/in /by

In a previous post, Schlage and I revealed the 10 things burglars don’t want you to know, and guess what, there are10 more!
5H

  1. If a burglar can hear your TV or sound system, chances are pretty good he’ll think someone’s home. Don’t rely only upon your state-of-the-art alarm system.
  2. An alternative to leaving a TV on while you’re on vacation is to use a device that generates a simulation of the flickering lights of a TV at timed intervals.
  3. Burglars don’t mind taking the entire safe with them if they’re too impatient to figure out how to crack it. Bolt it down.
  4. A barking dog really does deter break-ins. So do nosy neighbors.
  5. A one-time loud noise (like a window being broken) almost always doesn’t compel a neighbor to investigate. If it happens continuously or even just a second time, he usually will. However, a burglar is inside your house after just one window smash.
  6. Yes, a person casing your neighborhood for break-ins looks like the guy who would never do such a thing: clean-cut, maybe dressed in a workman’s uniform with a fake logo, carrying inspection equipment to make himself look legit.
  7. Never reveal your vacation or business tip plans on your Facebook page. Don’t assume nobody could figure out your address just because it’s not on your page.
  8. No errand is too short to leave the alarm system turned off. A burglar can invade your home and steal your valuables in a lot less time than it takes you to run the shortest errand. Products that you don’t have to arm, like the Schlage Touchscreen Deadbolt with a built-in alarm feature, can also help out when only stepping out for a short amount of time.
  9. Ignoring a knock or doorbell is a smart idea, but leaving the door unlocked—even when you’re home—isn’t. Many burglars will try the door if nobody responds. If it opens, they’ll enter.
  10. No matter how hot the day is, never leave a window open even a tiny bit when you’re away. Burglars can’t resist this.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

New year, new Passwords, here’s how

/in /by

You must change your passwords like you must change your bed sheets. This is not up to negotiation, thanks to the influx of viruses, malware, phishing sites and key loggers.

5DChanging a password means having a new password for all of your accounts rather than using the same password. Imagine what would happen if someone got ahold of your one password—they could get into all of your accounts.

The biggest problem with passwords as far as how easy they can be cracked, is when they have fewer than eight characters, and are an actual word that can be found in a dictionary, or are a known proper name. Or, the password is all the same type of character, such as all numbers. There’s no randomness, no complexity. These features make a hacker’s job easy.

How to change Passwords

  • Each site/account should have a different password, no matter how many.
  • Passwords should have at least eight characters and be a mix of upper and lower case letters, numbers and symbols that can’t be found in a dictionary.
  • Use a password program such as secure password software.
  • Make sure that any password software you use can be applied on all devices.
  • A password manager will store tons of crazy and long passwords and uses a master password.
  • Consider a second layer of protection such as Yubikey. Plug your flashdrive in; touch the button and it generates a one-time password for the day. Or enter a static password that’s stored on the second slot.
  • Have a printout of the Yubikey password in case the Yubikey gets lost or stolen.
  • An alternative to a password software program, though not as secure, is to keep passwords in an encrypted Excel, Word or PDF file. Give the file a name that would be of no interest to a hacker.
  • The “key” method. Begin with a key of 5-6 characters (a capital letter, number and symbols). For example, “apple” can be @pp1E.
  • Next add the year (2014) minus 5 at the end: @pp1E9.
  • Every new year, change the password; next year it would be @pp1E10. To make this process even more secure, change the password more frequently, even every month. To make this less daunting, use a key again, like the first two letters of every new month can be inserted somewhere, so for March, it would be @pp1E9MA.
  • To create additional passwords based on this plan, add two letters to the end that pertain to the site or account. For instance, @pp1E9fb is the Facebook password.
  • Passwords become vulnerable when the internet is accessed over Wi-Fis (home, office, coffee shop, hotel, airport). Unsecured, unprotected and unencrypted connections can enable thieves to steal your personal information including usernames and passwords.
  • Thus, for wireless connections (which are often not secure), use a VPN—virtual private network software that ensures that anything you do online (downloads, shopping, filling out forms) is secured through https. Hotspot Shield VPN is an example and has a free version, available for Android, iPhone, PC and Mac.
  • Set your internet browsers to clear all cookies and all passwords when you exit. This way, passwords are never retained longer than for the day that you’ve used them.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

3 Essential Post-Burglary Tasks

/in /by

What should you do if you come home to find it’s been ransacked? Don’t panic; be organized and strategic.

2BThere are three main actions you should take, in the following order:

  • Report and check
  • Clean up
  • Plan ahead

Report the crime and check the home

Your goal here is safety first and then catching the bad guys. The following tips will point you in these directions.

  • If you’re sure your house was robbed before you make entry, do not enter until the police come.
  • Call the police, then check to make sure all occupants are unharmed, starting with the most vulnerable, if the crime took place while you all were present.
  • If you come home to what appears to be a burglary/invasion, immediately call the police once you know you’ve been robbed.
  • Leave the home and seek a safe place like a neighbors or your running car.
  • Don’t linger outside; the burglar/s could still be inside.
  • Don’t assume that the intruders will get away with it because there’s no sign of them. Your stolen property may still be recovered.
  • Do not touch anything until the police arrive.
  • If you’re sure the burglar/s are gone and nobody is hurt, do an inventory of stolen belongings. Create two lists: one for the police and one for your insurance company.
  • Don’t wait longer than 24 hours to file a police report; prompt reporting is necessary for an insurance claim.

Clean up

Burglary and home invasions can have long lasting emotional and traumatic affects on a person. Your goal here is a fresh start so the impact of the robbery doesn’t take over your being. If your home or apartment develops a “black cloud”, then moving may be your only consolation.

  • After the police are finished, clean up. Promptly remove furnishings or appliances that are no longer functional, as these will otherwise serve as reminders of the violation.
  • Alter the rooms where the robbery occurred so that they’re not as much of a conditioned stimulus for fear or anger: repaint the walls, rearrange the furniture, get new curtains.

Plan ahead

Being proactive is the most effective way to avoid being chosen as a victim or to reduce the impact of a burglary.

  • Before being robbed, take photos of valuables; list their model and serial numbers.
  • Ask yourself what you can do to deter another invasion.
  • Assess your house and pretend you’re a burglar. Where are the weak points? Are there areas you’d be able to easily enter?
  • If you don’t have a home alarm system, get one. If you already do, find out why it didn’t stop the invasion. Consider upgrading it.
  • Change all locks.
  • Get shatter-proof window screens.
  • Enroll the entire family (save for preschoolers) in a self-defense program. Don’t assume a gun is your only or best defense.
  • Discuss with law enforcement, locksmiths, your insurance company and security professionals ways to improve your plan.
  • Live happily ever after.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

It’s Data Privacy Day, and It’s a Mess

/in /by

Target continues to be tangled up in chains due to its December 2013 data breach that current estimates say affected 110 million customers.

2P Target is known as proficient and prolific in the use of mobile devices and other means for collecting consumer data. This proficiency has backfired, resulting in the retail giant struggling to regain consumer trust and brand name reputation, not to mention figuring out how this mess happened in the first place and how to prevent a repeat performance.

  • Was there a lapse in Target’s IT security?
  • Did “Big Data” go too far and get way too ahead of security?

And let’s not put all the focus on Target, either. What happened with Target is a sign of the times and perhaps a sign of things to come in this world of cyber transactions. The questions above should also be asked of Facebook, Google, Yahoo and others who waited until the fiasco involving Edward Snowden’s NSA scandal to better encrypt their user data.

Big Data is like a drug; so addictive you can’t get off it, and of course, a huge potential for danger. Companies like Facebook, Google and Twitter love to sell consumers’ data to advertisers—this is how these giants stay giants; otherwise, they’d shrink into nothing. And there’s no end in sight with Big Data. Big Data is on course to become the Big Bang Data—to forever expand consumers’ personal information into cyber space.

But all of these entities—retailers, social media, the government—need to take responsibility for what they’re doing with our data.

Just when you thought that your privacy couldn’t be violated any more, Big Data has now spread its tentacles into the realm of selling lists of sexual assault victims, people with AIDS and HIV, and seniors with dementia to marketers. The World Privacy Forum, in the midst of researching how data brokers gather up and sell consumers’ private information, discovered these lists, and unfortunately, there are more disturbing list categories that were uncovered. Marketers are actually purchasing this kind of data to target shoppers from every which way.

When are lawmakers going to catch up to Big Data and grab it by the horns?

In the meantime, consumers need to take control of their information online; it just takes one hacker to wreak havoc. Here are 6 tips every consumer should take to stay protected online.

#1 Install/update your devices antivirus, antispyware, antiphishing and firewall.

#2 Update your devices operating system ensuring the critical security patches are current.

#3 Password protect your devices and use strong passwords with upper/lower case, numbers and characters. Never use the same password twice.

#4 Protect your wireless communications from prying eyes with a virtual private network that encrypts your data. Hotspot Shield masks your IP address and prevents data leakage.

#5 Limit your exposure on social networks. Consider what you post and how it can be used against you by criminals, predators and your government.

#6 Before giving out your name, address, phone, email, or account numbers consider how it will be used and read the services terms of service and privacy policies.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Stolen Identities are cheap on the Darknet

/in /by

What a steal: You can purchase a U.S. stolen identity for $25, and an overseas one for $40. Cybercrime is booming. Cybercriminals are competing even against each other. Data theft is becoming increasingly easier, with more and more people gaining entry into this realm. It’s no longer for the elite.

11DHiring someone to perform a cybercrime doesn’t take technical knowledge; only the ability to pay. Even a computer isn’t necessary, and the crime can be outsourced.

The underground of cyberspace is known as the Darknet. Illegal activities of the Darknet are mighty cheap these days.

  • Under $300: credentials for a bank account that has a balance of $70,000-$150,000.
  • $400-$600 a month: Hire a crook to fire a denial-of-service attack on your online competitor to knock it offline. This service can also go for $2 to $5 per hour. Prices are actually quite varied, but the range goes well into the cheap end.
  • $40 bought a personal identity (U.S. stolen ID as of 2011), and $60 bought a stolen overseas ID (as of 2011). Currently, these IDs cost 33 to 37 percent less.

Other Crime Fees

  • $100 to $300: hack a website
  • $25 to $100: A hacker will steal all the data they can on a person or business by using social engineering or Trojan infiltration.
  • $20: a thousand bots; and $250 will get you 15,000.
  • $4 to $8: one stolen U.S. credit card account including CVV number ($18 for European accounts)

What does all this mean to you? It means your identity is at risk.

  • Update your PC with the most current antivirus, antispyware, antiphishing and a firewall.
  • Update your devices critical security patches.
  • Require password access for all your devices and use strong passwords for your accounts.
  • Invest in identity protection because even if you secure your data, a major retailer or bank can be breached putting your data at risk.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Been Breached? A Response Plan

/in /by

Should victims of a data breach be notified? This situation can be confusing due to various state laws. Certain issues must be considered, including differences among state laws. Differences include what exactly defines personally identifiable information; which agency (e.g., law enforcement, credit reporting) should be alerted; when victims should be notified; and what the notification letter should say.

4DLegal counsel can tell you what level of notification you’re entitled to. Not every data breach case requires that consumers or businesses be alerted. But not alerting has its own set of negative consequences.

When an incident does require notification, the information that follows must be considered: (these are general guidelines – review any and all steps with your attorney)

  • Treat all victims equally; all get notified, even if this means out of state. Not doing so can yield legal consequences or the media might pounce.
  • Though there aren’t really any notification laws regarding overseas victims, they too should be notified.

Notification

The sooner victims are alerted, the better. Under what circumstances, though, should victims be notified? The nature of the breach should be considered, along with type of information stolen and whether or not it may be misused, and the possible fallout of this misuse.

Damage from misuse can be significant, such as with stolen SSNs and names.

When in doubt, consult with legal counsel. Don’t be surprised if you’re informed that breached consumers must be notified; most states require this. And within 30 days. Some states mandate that the Attorney General’s office also be notified.

FTC Recommendations for Notification

  • Inform law enforcement when notification takes place so they don’t cross lines with it.
  • Also find out from them precisely what information the consumer notification should contain.
  • Select someone from your organization to manage release of information.
  • This contact individual should be given updated information concerning the breach, plus your official response, as well as guidelines for how victims should respond.
  • To aid victims’ communication options, consider providing a toll-free number, posting a website or mailing letters.
  • Explain clearly to victims just what you know of the breach. How did it happen? What information was stolen or compromised? How might the thieves misuse it? What actions have the organization taken for mitigation? What reactions are appropriate?
  • Make sure victims know how to reach the contact person.
  • Make sure the law enforcement official who’s working your case has contact information for victims to use.The officer should also know that you’re sharing this contact information.
  • Victims should ask for a copy of the police report, then make copies to give to credit card companies that have honored unauthorized charges.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.