DC Murders as horrific as it gets

The latest report says that Darron Dellon Dennis Wint did not act alone in the arson murder of a Washington, D.C., family and their housekeeper. You might wonder how a $4.5 million mansion—presumably with top-flight smoke alarms—could burn enough to kill the occupants.

7HA cnn.com report says they were held against their will since the day prior to the May 14 fire. Wint is being held without bond.

It’s too soon, however, to draw conclusions, as other people are being interviewed by police.

Wint was arrested a week after the bodies of Savvas and Amy Savopoulos, and their son Philip were discovered. Housekeeper Veralicia Figueroa died later at a hospital.

The victims were discovered bound up and injured from blunt force, continues the cnn.com report. Philip, age 10, was apparently stabbed and tortured.

Bernardo Alfaro, the housekeeper’s husband, stated that Veralicia did not return home the night of May 13. (It’s fair to wonder why he didn’t pay a visit to the mansion that night, because next morning he finally did.)

Alfaro received a text message from someone claiming to be Savopoulos, telling him that his wife, who couldn’t drive, was with Amy in a hospital. Someone identifying herself as Amy called a second housekeeper and told her to stay home.

It’s believed that money was the motivation for the murders. Apparently, Wint and accomplices stole $40,000 that was dropped off at the mansion by a Savopoulos employee.

How was Wint caught? On May 13, two pizzas were delivered to the mansion while the victims were bound up. A woman instructed that the pizza be dropped off at the door (it had already been paid for via Amy’s credit card). Wint’s DNA was found on the crust.

Wint’s attorney says that this DNA doesn’t prove Wint was inside the house. So how did his DNA get there? Wint’s record doesn’t help: charges of theft, assault and sexual offense.

Neighbors of Wint’s parents say that Wint had choices and that “he was not raised this way.” Few people want their kids to grow up into murderers and groom them for such. But one must wonder what kind of emptiness and darkness existed in the childhood of a man who grows up to burn to death four innocent people.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Social Media Scams on the rise

Social media is a conduit for thieves to get personal data (they can use it, for instance, to open up a credit line in the victim’s name). Though many people are concerned their personal information will get in the wrong hands, the funny thing is that they continue posting personal information—way too personal.

14DThe FBI’s Internet Crime Complaint Center says that social media is a fertile area for criminals to scam people.

Phishing

You are lured to a phony website that masquerades as your bank or some other important account. The lure might be a warning that you’ll lose your account unless you click the link to reactivate it. Once on the site, you’re then lured into typing in your login information—that the scammer will then use to gain access to your account.

  • Never click these links!
  • Use antivirus/malware protection!

Clickjacking

You’re lured into clicking on a link. Once you do this, trouble begins, either with a download of malware or you being suckered into revealing account information—to the thief on the other end.

Recently I was perusing the FB page of a person I knew from school, and a recent post was what appeared to be a video in still format, ready to be clicked for viewing.

And what was the lure? A man’s head and torso on a road, his severed legs nearby, with the caption saying that this motorcyclist’s cam had recorded his fatal accident. This was surely a scam because the photo has been around for quite some time with only scant information. Now suddenly there’s a video of the accident? Yeah, right.

  • Don’t click on any videos purporting to show something like “Footage Shows Shark Biting Man in Half” or “Top 20 Blondes of All Time—Naked!”
  • Even the “Share” and “Like” buttons could be malicious. Skip these. These days you can’t be too careful, what with all the foaming cyber criminals out there.

Doxing

Doxing is that of leaking someone’s personal identifying data into cyberspace without their permission, potentially leading to ID theft, among other problems.

  • Think twice before you post personal details on social media. Enough seemingly trivial details could add up to something significant to a savvy fraudster.

Make sure your privacy settings are at their highest, but this is only an adjunct to being very judicious about what you post.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

How to Recognize a Phishing Scam

So someone comes up to you in a restaurant—a complete stranger—and asks to look at your driver’s license. What do you do? Show it to that person? You’d have to be one loony tune to do that.

3DHowever, this same blindness to security occurs all the time when a person is tricked by a “phishing” e-mail into typing in the password and username for their bank, or it may be the login credentials for their PayPal account or health plan carrier.

Phishing e-mails are a favorite scam of cyber criminals. THEY WORK.

When a cyber thief goes phishing, he uses a variety of bait to snag his prey. Classic examples are subject lines that are designed to get the recipient to immediately open the message and quickly react to it, such as an announcement you owe money, have won a prize or that your medical coverage has been cancelled.

And to resolve these problems, you’re asked to log into your account. This is where you place your account credentials into the palm of the thief on the other end of these e-mails.

  • Phishing e-mails may address you by name (the hacker already knows about you), but usually, your name is nowhere mentioned.
  • The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part. Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
  • A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
  • Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
  • Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

The links will take you to a phony site that looks like the real thing and ask you for your login credentials, credit card information, etc. Another way this scam works is by downloading a virus to your computer after you click on the link. Sometimes there’s an attachment that you’re urged to open. The lure might be that it’s a survey from your bank or a report to review from your employer.

A phishing e-mail may still look like the real deal. So how do you protect yourself? Never click on links inside e-mails. Don’t open attachments unless they’ve been sent from someone you personally know. If you think it’s from your company, healthcare plan or bank, then whip out your phone and call the company to see if they sent you the e-mail.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Don’t Name Your Dog After Your Password

Recently I got a puppy for my child. We decided to name the puppy 4wgu23x5#9. My wife,8yysH3m, thought we should name the dog 0x2%#b5. But I’m sure she’ll get over it. Meanwhile, I’m helping my older child with setting up a few social media accounts, and I suggested the two passwords: Rover and Spot.

5DIs there something wrong with this picture?

Of course! But this picture replays itself millions of times over all the time, as people name their passwords after their pets, family members or favorite sports teams. Don’t do online what you wouldn’t do in real life.

When creating passwords remember that you should avoid using things that are personal to you and that could be easy for a hacker to find out about you. Things like your pet’s name, maiden name, birthday, name of your high school and child’s name can be easily found on social networks, making it even easier for hackers to crack your passwords.

Here are some other great tips to make sure that your passwords are strong and protected:

  • Make sure your passwords are at least eight characters long and include numbers, letters and characters that don’t spell anything.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Craigslist encounter ends very badly

At least one woman is happy that her driver drove like a drunk. That’s because his erratic driving caught the attention of troopers who pulled him over. They then heard a woman calling for help—from the backseat. She was bound and gagged with a bag over her head.

emailThe 41-year-old man had posted an ad on Craigslist; he wanted a submissive partner. His phony profile attracted the 22-year-old woman (who I must wonder, why would she be interested in a man who wants a submissive partner? Doesn’t this sound mighty suspicious?).

The victim chatted online and agreed to meet him. She thought nothing of meeting him in a secluded, remote location near his home.

Then she got into his car. Once inside, she noticed that he didn’t even look anything like the photo he had sent her.

Let’s stop here a moment. Just how dark was their initial meeting spot that she didn’t realize then that he looked nothing like the picture?

She told him to pull over. Instead he assaulted her and tied her up, tossing her in the backseat. She kicked at the man and backseat, causing him to swerve like a drunk.

None of this would have happened had she insisted on meeting in a public spot, and severing the connection with him if he kept insisting on the secluded, dark area.

How to Fight off an Attacker

  • Hit the gym and strengthen your body. Not only will a strong-looking body make a man think twice about attacking, but if he does, a strong body has a much better chance of fighting back and/or escaping.
  • We all know to go for the groin. Go after it like a savage. Hit, yank, pull.
  • Jab stiff fingers into his eye. Why this is rarely done I’ll never know, because it’s extremely effective.
  • Basic self-defense techniques, delivered to the neck, can stun a man and give you time to escape.
  • Slam a palm into his nose. Keep going after it. The pain and gush of blood will disorient him. A self-defense course will teach you how to elbow his nose if he’s behind you.
  • Smash a foot into his knee. You have a better chance of bringing him down if you come in from the side—because your foot will be striking against ligaments, rather than bone.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Most Toxic Superheroes 2015: Super Powers, Super Risky!

The King of Atlantis! The Protector of the Seas and Oceans! A beloved member of the Justice League! It’s none other than Aquaman! While he is most well-known for his ability to control marine animals and breathing underwater, he is also the superhero who poses the biggest threat to you online, according to Intel Security’s list of Most Toxic Superheroes.

Superhero movies and television shows are booming like never before. They have been resurrected and reinvented with the new and improved costume designs and insane special effects we see on the big screen. This superhero craze is drawing in everyone from the youngsters, who tend to idolize the men and women of courage, all the way up to the older generations, who grew up with some form of these heroes, and everyone in between.

With the advancement of technology and accessibility, information on these superheroes can be retrieved online at all times. As a result, adults and kids alike need to be wary of the websites they use when they are accessing information on their favorite characters. While you might not think searching for one’s favorite superhero could be dangerous, you may want to take a step back and use caution before randomly clicking on a potentially harmful website.

Originally introduced as a backup feature in 1941, Aquaman has since become a prominent part in the DC universe, and a founding member of the Justice League. Fans express an admiration for his dual obligation to the citizens of the land and sea, as well as his honorable nature. Other than his abilities to breathe underwater and to control marine animals, he also possesses superhuman strength and impervious skin.

After long being the subject of ridicule for his rather interesting array of superpowers, the Dweller of the Depths himself returns to the top of the annual Most Toxic Superheroes list revealed by using McAfee SiteAdvisor having a risk percentage of 20%, close to that of the 2013 list where he came in first with 18.6%.

The Most Toxic Superheroes list is compiled by using McAfee SiteAdvisor that rates websites by risk level that contain the superhero search terms on the most popular search engines (Google, Bing, and Yahoo!). SiteAdvisor informs you of potentially dangerous websites through color coded levels of risk, from green, to yellow, to red that signal when it is okay to click, and when you should skip a particular website.

This year’s Most Toxic Superheroes are:

MTS_Infographic_2015

Whether you are searching online from your PC or mobile device, here are some tips you can use to help you stay safe:

  • Be suspicious: Be wary of searches that turns up a link to free content or too-good-to-be-true offers.
  • Double-check the Web address: Look for misspellings or other clues that the site you are going to may not be safe.
  • Search safely: Use a safe search plug-in, such as McAfee SiteAdvisor software that displays a red, yellow, or green ratings in search results, warning you to potential risky sites before you click on them.
  • Protect yourself: Use comprehensive security software on all your devices, like McAfee LiveSafe™, to protect yourself against the latest threats.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Catphishing is a Heartless Scam

When someone online presents as a different person than their true self, this is called catphishing, and it occurs on online dating sites.
heartbleed

  • Google the name of the object of your interest. Obviously, “Kelly Smith” and “John Miller” won’t get you far, but “Jaycina McArthur” just might. What comes up?
  • See if they have social media accounts, as these suggest they’re a real person. But the absence doesn’t prove they’re a phony, either. Not every legitimate person is into the social media thing.

Here are warning signs:

  • More than one profile on a social media site.
  • Few friends or followers on social media (but then again…this doesn’t prove they’re a catphisher. Remember, Hitler had a million followers, and Christ had only 12!).
  • Photos don’t include other people.
  • Photos are headshots rather than of activities.
  • They find a way to contact you other than through the matchmaking service.
  • They quickly show neediness and request money.
  • They quickly proclaim “you’re the one” despite never having met you in person.

Additional Steps

  • Right click their photos to see where else they are online. Is it them on other sites or some model’s or real estate agent’s picture?
  • Copy and paste excerpts from their profiles and see if they show up elsewhere.
  • It may seem counterintuitive, but if you’re interested, ask for a face-to-face correspondence early on in the relationship (like a week or so into it) so that you don’t waste time getting dragged down by what ultimately turns out to be a catphisher.
  • If the person doesn’t use Skype, ask for a local meeting in a crowded public spot (assuming it’s a local person).
  • If they back down from a face-to-face meeting, be suspicious. They’re not necessarily after your money, but that 6-2, 180pound stud might actually be a 5-7, 240 pound guy who’s 10 years older than what his profile says.
  • Don’t reveal private information like where you work. Make sure there’s nothing revealing about your location on your social media profiles. A catphisher will want this information.
  • Be highly suspicious of someone who wants to know a heck of a lot about you—like if your parents live in town, what kind of home you live in, how much you earn, etc.

Trust your gut. If he or she sounds too perfect, they’re probably fakes.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Beware of Vacation Rental Scams this Summer

Talk about getting taken to the cleaners: Imagine you spot a great summer rental property advertised online. Looks wonderful. The deal sounds too good to be true, but the owner tells you (via e-mail or even phone) that the fee is correct. You apply for the rent and send in the required upfront payment.

9DThen you head down there for the first time to see an empty lot. It then dawns on you that the owner was really a crook who used some photo he found online and advertised it for rent. And if losing your money isn’t bad enough, the thief now has other private information on you like your Social Security number.

How can you protect yourself if the property is too far away to check out in person? Limit yourself to only local rental properties that you can actually physically check out first? Whether or not you can do that, here are safeguards:

  • Copy and paste the rental description into a search engine. If it shows up elsewhere consider it a scam. However…a smart crook will alter the wording so that this doesn’t happen!
  • Google the listed address and see if it matches up. Google any other information connected with the ad, such as the landlord’s name.
  • If you locate the property on another site that lists it for sale, the rental ad is a scam.
  • Request a copy of the owner’s driver’s license to verify property records at your county assessor’s office.
  • If you can’t physically visit the property, use an online map to get a full view, including aerial, to make sure it actually exists. But this doesn’t rule out scam. The property may exist alright, but the ad you’re interested in was not placed by the owner, who’s either not renting at all or might be selling the place.
  • Conduct all communication by phone.
  • Never wire transfer an upfront payment or pay via prepaid debit card—two red flags for a scam. Pay via credit card.

Honest landlords can be scammed, too. They should search the information of responders to their ads to see what comes up.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Consumers smartening up to Privacy Issues

According to a recent report from Pew Research, many Americans take privacy seriously—as in the cyber kind, but also offline. 2P

  • 9% of survey respondents thought they had strong control over how much of their personal information was collected and shared.
  • 38% thought they had moderate control; 37% believed they had little control; 13% said they had zero control.
  • 25% used temporary e-mail addresses or usernames for some online activities.
  • 24% gave non-truthful information about themselves (e.g., when registering on a site to post comments, a single woman might indicate that she’s a married man; or a childless person might indicate that he has kids).
  • 59% cleared their browser and cookies.
  • 47% avoided giving out non-relevant information for online transactions.
  • 55% remained anonymous for some online activities.
  • 74% believe the government should have better limits to collecting people’s data.

Why don’t more people do things in the name of privacy like adjust the settings of their accounts or smartphone? For starters, some don’t want to hassle with “techy” things, while others don’t think it’ll make any difference. Some just aren’t worried all that much and have nothing to hide. Others don’t want to pay more money for more security. And some are clueless over how much of their data gets shared, such as those who blindly allow mobile apps “permissions.”

Some users also know that higher privacy, in general, comes with slower loading times and other inconveniences. People want efficient usability. Nevertheless, people are getting cranky.

For example, the U.S. Drug Enforcement Administration was surveilling Americans’ phone calls overseas. They’ve now been sued. Secondly, the Stop Online Piracy Act was on the brink of being shelved, but lawmakers put a stop to these plans.

The National Security Agency’s metadata program with bulk phone calls was recently deemed illegal after the American Civil Liberties Union brought a lawsuit to the U.S. federal appeals court.

And that’s just a sample. There are more lawsuits in the works in the name of Americans’ privacy rights.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

ATM Skimming rising, again

Do you know what ATM stands for? For crooks, it stands for A Thief’s Moneymaker.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813A new report from FICO says that “skimming” crimes have made their biggest spike in the past 20 years. This includes ATMs on bank premises, but of course, public ATM kiosks have seen the biggest spike.

The thief tampers with the ATM’s card receiver; the installed gadget collects card data which the thief retrieves later. “Skimming,” as this is called, also refers to capturing the PIN via a hidden camera.

With the stolen data, thieves craft phony debit cards, which they then use at ATMs or for purchases. In seconds, your bank account could be sucked dry—poof!

ATM users normally do not know that a skimming device is in place; they just swipe their card. The thief will come back to collect the skimmed data (likely in the middle of the night).

  • He downloads your data.
  • He burns it to a blank ATM card.
  • He drains your bank account first chance he gets or goes on a wild shopping spree.
  • All of this can happen within minutes to hours.
  • The hidden camera may be concealed by a brochure slot near the machine—placed there by the crook himself—with bank brochures he got from inside the bank.
  • The camera may be hidden in a nearby lighting fixture or even attached somewhere on the ATM.

Prevent Getting Skimmed

  • Use only ATMs inside banks if possible. The riskiest locations are restaurants, bars, nightclubs and public kiosks.
  • Regardless of ATM location, inspect the machine. A red flag is if the scanner’s colors don’t jibe with the rest of the machine.
  • Jiggle the card slot to see if it feels like something’s attached to it.
  • Inspect card slots at gas stations and other non-ATM devices that scan your debit card.
  • Look around for areas a camera might be hidden. Even if all seems clear, cover your hand when you enter the PIN.
  • Try to get away from using a debit card at all. At least with a credit card, you can dispute fraudulent charges before you lose any money (up to 60 days), but with a credit card, you have only a few days to do this.
  • Frequently check your bank and credit card statements.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.