12 Home Security Mistakes We Make

/in /by

Smart criminals love dumb homeowners, but even a dumb burglar can score big when the homeowner makes just a little slip in security measures.3B

  1. Don’t nickel-and-dime your door locks; get high quality locks. A cheap lock is cheap.
  1. Don’t hide keys. Anyone knows to check under the flower pot or on top of the ledge above the door frame. Consider a keyless lock.
  1. Make sure valuables aren’t visible through windows—including those of your car.
  1. Flatten boxes that valuables came in like flat screen TVs so that you can then put them in large garbage bags, then put those out for trash pickup. Don’t tip off the bad guys what you have in your house.
  1. Imagine you’re a burglar…or rapist…on the prowl looking for an easy crime opportunity. You’re jiggling one doorknob after another in a neighborhood, knowing that sooner or later, you’ll find an unlocked door. Why oh why, then, would you try to break through a locked door? Homeowners need to see things from the perspective of the bad guy. LOCK YOUR DOORS! Stop making excuses: “I keep forgetting,” “It’s a hassle,” “I’m going in and out.”
  1. Keep your house alarm on—because some intruders will try to break through a locked door—or get in through a window. The second he penetrates, the alarm will emit a piercing sound that will instantly drive him away. But keep the alarm on even when you’re home. Yes, sociopaths think nothing of breaking in during the day.
  1. Keep your garage door locked at all times except during the seconds it’s in use.
  1. Used timed lighters inside and out so that your place is never dark.
  1. Don’t leave any ladders in the yard.
  1. Don’t post anything on social media that indicates you’re away from home.
  1. For when you’re away on trips, arrange for a vacation hold of your mail and newspaper deliveries.
  1. To increase an occupied-look to your house while you’re traveling, have a trusted person park his car in your driveway and mow your lawn (overgrowth suggests vacancy).

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Having the Privacy Talk with your Kids

/in /by

Years ago, having “the talk” with your kids meant telling them where babies come from. Nowadays, “the talk” has a whole new meaning. Your kids may be able to explain in detail how a baby is created, but may be clueless (because so many adults are) about something called “data permanence.”

2PDon’t beat around the bush. Tell your kid outright, “If you post any racy images of yourself online—it will be there for the next million years for anyone to see. And it can be used against you.” Give this same warning about comments your child might post to an article. Things that your kids put online can come back to bite them many years later when they’re applying for employment. Tell them that.

Of course, warning your adolescent that something they post could come back to haunt them 20 years from now might not have much of an impact on them—kind of like telling your kid—who has endless energy—that smoking could cause heart disease 20 years from now. So how can you get through to your kids?

  • The more open the lines of communication are between parent and child, the more likely your message will get through about data permanence. Don’t make communication one-sided.
  • When your kids ask you how things work, even if it’s not related to cyber space, never act annoyed. Never make them feel it was a silly question. Never show impatience or judgment. If you don’t know the answer to their techy question, say, “I don’t know; let’s find out.” Don’t fudge a half-baked answer in an attempt to sound smart. Admit when you don’t know an answer, then hunt it down.
  • If you think it’s time to have “the talk” with your child, it is.
  • There’s never a perfect time to have “the talk.” Stop putting it off. Stop saying, “I’ll have it when…” Just do it.
  • Emphasize that raunchy images or nasty comments can come back to bite them in the near For example, they might have a crush on someone in a few years. What if that person googles them? What might they find? Ask your child, “What would you like them NOT to discover?”
  • Don’t be all lecture. Get your child thinking and talking opportunities. Ask them open-ended questions, such as the example in the previous bullet point. Get their brain cells working.
  • The privacy talk should be a process, not an event. That is, it should be a work in progress, ongoing, rather than a single event.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Fixing a Credit Report after being hacked

/in /by

First off, how NOT to fix a hacked credit report: signing on with a service that promises to correct the problem in a jiffy—a “sounds too good to be true” advertisement. A company that claims they will 100% fix your bad credit by removing negative information from your credit report is a bit scammy. In fact, whatever a credit repair company CAN legally do, you yourself can do.

Tips to Know Ahead of Time3D

  • If a company takes action against you, you’re entitled to a free credit report if you request it within 60 days of being notified.
  • Experian, Equifax and TransUnion are required to provide you, free of charge, your credit report every year.
  • It’s free to question anything on your credit report.
  • Credit reporting agencies are required to investigate your disputes, if valid, within 30 days.

Credit Reporting Agency

  • Send the reporting company a document explaining your issues. Include copies of documents for evidence.
  • Your mailed packet (use certified mail) should include an itemized list of your disputes and associated details.
  • The agency will send your material to the entity that provided the information in question. This entity must investigate the issues, then provide feedback to the credit reporting agency, and that includes corrections in your report if it’s deemed that the suspicious information was, in fact, inaccurate.
  • You will then hear back from the reporting agency: an updated report (free) and the results in writing. The agency will send a copy of the revised report, at your request, to anyone in the previous 24 months who had received the erroneous one.

Creditors

  • Inform them in writing of your dispute.
  • Include copies of all evidencing documents.

Repairing errors and getting rid of accurate but negative information are not the same thing. Time heals wounds; you’ll need to let time (usually seven years) completely get rid of the bad stuff.

Should you decide to use a credit repair company, know that it’s against the law for them to lie about their services or charge you before they’ve done their job. By law they must provide a contract explaining your rights and their services, plus many other details including total cost.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Data Breach Aftermath

/in /by

Haste certainly doesn’t make waste if you’ve suffered from an entity getting hacked resulting in a data breach. Don’t waste a single minute delaying notifying affected accounts! In the case of a credit card company, they will investigate; you won’t have to pay the fraudulent charges. The breached card will be closed, and you’ll get a new one. And there is more.
11D
All sounds simple enough, but the experience can be a major hassle. Below is what you should do upon learning your card has been breached:

  • If a SSN is breached, place a credit freeze or fraud alert with the three big credit bureau agencies. Placement of the credit freeze or fraud alert will net you a free copy of your credit reports; review them.
  • See if you can find companies that have accounts in your name—that you didn’t set up. Notify and cancel them. Make a list of entities that might be affected by your ID theft, then contact them.
  • If your identity is actually stolen, you may need documents to show creditors proof of your ID theft, you should file a report with the police and FTC.
  • Keep vigilant documentation of all of your relevant correspondence.

If your credit card was compromised, you also must contact every company or service that was on autopay with the old card. This includes quarterly autopays (e.g., pesticide company) and yearly autopays, like your website’s domain name. Don’t forget these! You now have to transfer all the autopays to your new card.

But you also must consider the possibility that your credit card breach is only the beginning of more ID theft to come. You now must be more vigilant than ever. If it can happen once, it can happen again.

  • Check every charge on every statement. If you don’t remember making that $4.57 charge…investigate this. Thieves often start with tiny purchases, then escalate.
  • Use apps that can detect anomalous behavior with your credit card account. These applications are free and will alert you if there’s a purchase that’s out of the norm, such as there’s a charge to the card in your home town, but an hour later another charge occurs 800 miles away.
  • See if your card carrier will let you set up account alerts, such as every time a purchase exceeds a set amount, you get notified.
  • Never let your card out of your sight. The thief could have been someone to whom you gave your card for a payment—they used a handheld “skimming” device and got your data. If you don’t want to hassle with, for instance, the restaurant server who wants to take your card and go off somewhere to get your payment, then pay cash (if possible).
  • Never use public ATMs; ones inside your bank are less likely to be tampered with with skimming devices.

Other than tampered ATMs and retail clerks taking your card out of your view to collect payment, there are tons of ways your personal information could get into a thief’s hands. Here are steps to help prevent that:

  • Shred all documents with any of your personal information, including receipts, so that “dumpster divers” can’t make use of them.
  • When shopping online, use a virtual credit card number; your bank may offer this feature.
  • When shopping, patronize only sites that have “https” at the start of the Web address.
  • Never save your credit card number on the site you shop at.
  • If a retail site requires your SSN in order to make the purchase, withdraw from the site and never go back.
  • Never give your credit card or other personal information to online forms that you came to as a result of clicking a link in an e-mail message. In fact, never click links inside e-mail messages.
  • Make sure all your computer devices have a firewall, and antivirus/antimalware software, and keep it updated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Spy on your Kids yes or no

/in /by

It’s one thing to bust into your kid’s diary and read it, but if your kids want the privilege of engaging in the cyber world, they need to understand that parents are justified in “spying” on them. Or are they? Depends on whom you ask and how far they go at “spying” on their kids.

2WFrankly It’s not spying at all and both kids and parents should get over it. It’s called parenting. My kids are still young, but as they get older there will be hardly a thing they do online that I won’t be aware of. The internet isn’t a right, it’s a privilege to someone under age. No 13 or even 17 year old of mine will be on it without being supervised. Same goes for passwords. I’ll have access to all of them. This may be far-reaching to some, akin to the ancient form of spying: listening in on the extension phone to a phone conversation between your kid and his buddy. But really, it’s simply being a parent.

Spying can also be a life saver. Kids are being bullied today like never before. And as a result, they are hurting themselves. And then there are all the illegal things they may be doing. These same acts can get them killed. In this case, knowledge is definitely power to keep your kids safe.

Parent believe and they are right that spying is “an invasion of privacy and a violation of trust.” If you get caught, your relationship could be sabotaged, this is true. So spy openly and honestly. Tell them. Show them. Remind them. If kids know you are watching, they are often less likely to do things they aren’t supposed to.

The element of surprise, however, may be a factor. It makes a world of a difference if, from an early age, the parent establishes with their children that there will be “spying,” vs. never discussing this concept with the kids, and then one day you get busted.

Don’t use the word “spy,” either. Instead say “monitor” and let your kids know

How do you balance protecting your kids and maintaining trust? Team up with your kids. Make family agreements and contracts that show transparency. This will go far is keeping a close eye on their safety and security.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Survival is about being Persistent

/in /by

“Survivor.” What comes to mind when you see or hear this word? A victim of a disease or of a perverted crime? A TV show? We’re all survivors in that every day, we do something to stay alive—life-saving things we don’t even think about as life-saving, such as eating healthy and exercising. People die every day from killing themselves with food.

1MSurvival also may conjure up true spectacular stories of survival, like the man who cut off his arm to free himself from a boulder because he was starving to death, and the man who ate a caterpillar and lotion from a bottle because he was starving to death after getting lost in the wilderness (both men fully recovered, though one has an artificial arm).

Sometimes we get a chance to survive, like being lost in the wilderness or adrift at sea in a raft. Sometimes that chance is shorter, like being in a house that catches fire.

And sometimes you don’t get a chance to employ tactics, like the guy who’s hit in the head from behind (or even from the front), falls to the cement and the pavement shatters his skull, causing a fatal acute subdural hematoma. Of course, that’s a better way to go, perhaps, than experiencing the terrifying six minutes it takes for an airplane to take a nose dive from 35,000 feet.

You can’t do much when you’re sitting in that plane or your leg’s in that wood chipper that’s rapidly pulling you in and nobody could hear you screaming. Ouch!

However, many people die because they simply didn’t have their wits. They had the time to survive, but made the wrong choices. Sometimes, survival begins with a choice. Do you want to get into that stranger’s car just because your legs are a little tired? Will walking kill you? Probably not. But the stranger who’s offering a perfectly able-bodied, young woman a ride in perfect weather likely has something sinister up his sleeve.

So many people worry about survival in terms of things that they’re very unlikely to ever die from, such as a terrorist attack. Don’t forget that the No. 1 killers are heart disease and cancer. And believe it or not, medical errors rank right up there in the top five too.

Perhaps the greatest weapon for survival, however, is the mind. Are you a screamer or a fighter? Panic disables, but anger enables! I’m reminded of a woman who was assaulted by a tall teen boy. After struggling, she eventually got him on the ground, pinning his arms over his head and sitting on him till police arrived. She states in an article at torontosun.com: “When I get angry, I have a lot of strength. The secret to getting through something like this is, ‘Don’t panic, but think through what you’re going to do now.’ ” Love her!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Researcher says HTTPS can track You

/in /by

Perhaps you’ve read that “HTTPS” at the start of a website address means that the site is secure, encrypted. However, a feature of the HTTPS can track you, says an article at theregister.co.uk.

2DHTTP is not secure. Carnegie Mellon University in a Register article states “HSTS”, which is “Strict Transport Security”  redirects users to HTTPS. The HSTS authors decided that this redirection every single time was a bit much, so they came up with a feature that browsers could remember regarding the HSTS policy of visited sites. I know, a LOT OF INFORMATION.

The Register article goes on to explain that this feature is a “super cookie.” If you use a redirected site, an HSTS “pin” is set. It’s unique to you and the site you visit. Sam Greenhalgh says, as quoted in the article, “Once the number is stored it could be read by other sites in the future. Reading the number just requires testing if requests for the same web addresses are redirected or not.”

The browsing modes of incognito or private have no effect, continues the article. IE doesn’t support HSTS, but Chrome, Firefox and Opera browsers permit HSTS flags to be cleared.

Safari is a different story, says Greenhalgh. The article quotes him: “When using Safari on an Apple device there appears to be no way that HSTS flags can be cleared by the user. HSTS flags are even synced with the iCloud service so they will be restored if the device is wiped. In this case the device can effectively be ‘branded’ with an indelible tracking value that you have no way of removing.”

Think of all of this as a kind of fingerprinting of the user, you. A crook who runs a malicious site is capable of exploiting this feature. However, Google has reported to Greenhalgh that it’s “not practical” to “defeat such fingerprinting.”Its not practical getting hacked either.

Protect your privacy:

  • Don’t send any sensitive information when connecting over public Wi-Fi (e.g. don’t do banking or shop online)
  • Use private browsing mode on your Internet browser or at least turn off your browser cookies.
  • Never reply to spam or unknown messages, whether by email, text, IM or social networking posts from people you don’t know—especially if it’s for an offer that sounds too good to be true.
  • Only friend or connect with people online you know in real life.
  • Make sure when you’re providing any personal information online that the site uses encryption (look for https:// in the URL) and check to see how they are using your personal data in their privacy policy.
  • Be aware of location services with your smartphone or tablet. Turn off the GPS on your mobile device’s camera and only allow

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

What is ATM Skimming?

/in , /by

Ever hear of a crime called skimming? It may not be as dramatic a crime as assault or Ponzi schemes, but it can cause significant problems to you as your  savings account can be wiped out in a flash.

4HPicture a scrawny nerd tampering with an automated teller machine (ATM)—the machine you use with your debit card to get cash. The thief places a device over the slot through which you slide your debit card. You have no idea it’s there. You swipe your card, and the device “skims” or reads your card’s information. In the middle of the night, the thief creeps back, removes the skimming device, downloads your data, burns it to a blank ATM card, makes a fat withdrawal and goes home with the loot. Or they could download your information from the skimmer and then use your information to make online purchases or access your account. Either way, they could clean you out before you wake up next morning!

Now, to be successful, the criminal not only needs a skimming device, they also need to attach a tiny wireless camera to capture your PIN.  These cameras are usually concealed in the lighting fixture above the keypad, in a brochure near the machine, or attached directly to the ATM.

To protect yourself from being skimmed, and generally staying safe when using your debit or credit cards, follow these tips:

  • Scrutinize the ATM. This means every ATM, even ones from your bank. You also want to check any of the card sliders like ones at gas stations, etc, especially if you’re using your debit card. If the scanner does not match the color and style of the machine, it might be a skimmer. You should also “shake”  the card scanner to see if it feels like there’s something  attached to the card reader on the ATM.
  • Cover the keypad when entering your PIN. In order to access your bank accounts, thieves need to have your card number and your PIN. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.
  • Check your bank and credit card statements often. If someone does get your information, you have 60 days to report any fraudulent charges to your credit card company in order not to be charged. For a debit card, you only have about 2 days to report any suspicious activity.
  • Be choosy. Don’t use general ATMs at bars or restaurants. These are not usually monitored and therefore, can be easily tampered with by anyone.

Stay safe from skimming!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Don’t Believe These 6 Mobile Security Myths

/in /by

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to our mobile device. Here are some of the most common mobile security myths.
5W

  1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
  2. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
  3. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
  4. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
  5. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
  6. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android and Apple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.