Pay attention to your IoT Device Security

Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…

6DSlow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

  • Was the company ever hacked? Google this to find out.
  • If so, did the company try to hide it from their customers?
  • Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
  • Does the product have excellent customer support?
  • Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
  • Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
  • Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
  • Does the product’s firmware also automatically update? If not, not good.
  • Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
  • Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
  • What data does the device collect, and why?
  • Can data on the device traverse to another device?
  • Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
  • Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
  • Ask the manufacturer how the device lets you know its batteries are low.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

How to Remove Fraudulent Lines of Credit

You just learned you have a new credit card account by checking your credit or because a bill collector called you. Problem is that you don’t remember ever applying for it. You must find out what’s behind this new account and how it got there.

  • Call the corresponding phone number listed with the account seen on your credit report.
  • Begin the process for disputing the entire account.
  • Get the name (and employee ID number) of every person you speak to and a transaction or reference number for every phone call.
  • Speak to the fraud specialist for the issuer of this new account.
  • Maybe you did apply for it. If you didn’t, find out if there are any charges on it.
  • If the issue isn’t cleared up with one phone call, see what your options are to put a freeze on the account while things are being checked into.
  • Get your free credit reports from TransUnion, Equifax and Experian to see how this new account appears.
  • If you’re still in a quandary over this, put a fraud alert and security freeze on all three reports.

Taking Matters Further

  • If it’s fraud, file an ID theft complaint with the Federal Trade Commission. You’ll get an identity theft affidavit online; immediately print it because it can be viewed only once through the FTC’s system.
  • Next, bring the ID affidavit form to the police, plus other documents relevant to your case, and file a report. Don’t assume your problem is too trivial.

What if the credit card issuer is not helpful?

  • Send a certified letter requesting they freeze or even close the account.
  • Include with that letter a copy (not the originals) of the FTC affidavit and police report.
  • The letter should request written proof of the authorization for opening this account.
  • Another request: written statement absolving you from any responsibility towards charges on this mysterious account.
  • Did you know that the creditor has 30 days or less to send you a written summary of its investigation?

If you’ve been assured that the account will be removed, don’t just take their word; follow up to make sure this was done.

You should not be responsible for any debts incurred by this fraudulent account. Any negative notes on your credit report, related to this account, should be wiped clean.

What if after all that, the account still remains open and you feel the case was not handled properly? File a complaint with the Consumer Financial Protection Bureau. Hopefully you won’t have to hire an attorney, though that’s also a next step.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to recycle Old Devices

When it comes to tossing into the rubbish your old computer device, out of sight means out of mind, right? Well yeah, maybe to the user. But let’s tack something onto that well-known mantra: Out of site, out of mind, into criminal’s hands.

7WYour discarded smartphone, laptop or what-have-you contains a goldmine for thieves—because the device’s memory card and hard drive contain valuable information about you.

Maybe your Social Security number is in there somewhere, along with credit card information, checking account numbers, passwords…the whole kit and caboodle. And thieves know how to extract this sensitive data.

Even if you sell your device, don’t assume that the information stored on it will get wiped. The buyer may use it for fraudulent purposes, or, he may resell to a fraudster.

Only 25 states have e-waste recycling laws. And only some e-waste recyclers protect customer data. And this gets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device.

Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless.

To verify this widespread lack of insight, I collected 30 used devices like smartphones, laptops and desktops, getting them off of Craigslist and eBay. They came with assurance they were cleared of the previous user’s data.

I then gave them to a friend who’s skilled in data forensics, and he uncovered a boatload of personal data from the previous users of 17 of these devices. It was enough data to create identity theft. I’m talking Social Security numbers, passwords, usernames, home addresses, the works. People don’t know what “clear data” really means.

The delete button makes a file disappear and go into the recycle bin, where you can delete it again. Out of sight, out of mind…but not out of existence.

What to Do

  • If you want to resell, then wipe the data off the hard drive—and make sure you know how to do this right. There are a few ways of accomplishing this:

Search the name of your device and terms such as “factory reset”, “completely wipe data”, reinstall operating system” etc and look for various device specific tutorials and in some cases 3rd party software to accomplish this.

  • If you want to junk it, then you must physically destroy it. Remove the drive, thate are numerous online tutorials here too. Get some safety glasses, put a hammer to it or find an industrial shredder.
  • Or send it to a reputable recycling service for purging.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

How to Rock the Room as a Professional Speaker

For those of you who want to knock your presentations out of the park and be the speaker everyone raves about, Victoria LaBalme is leading an unbelievably unique workshop titled Rock the Room LIVE.

If you create and deliver keynotes, trainings, breakouts, podcasts, videos, webinars or teleseminars, this event will completely catapult you from being “good” to being “amazing.”

In the winter of 2015, I was given the opportunity to present a 5 minute, timed “TED” type presentation at the NSA’s 2015 national conference in Washington DC. I accepted the challenge determined to present a packed presentation. Up to that point, I’d never presented a memorized program, so I practiced over 100 times, and as I got closer to getting onto the main stage, I started to stress out that I wouldn’t be able to remember the presentation word for word.

On the main stage, there was an actual nerve racking digital clock counting down, second by second. That same day, I received my CSP, which is the National Speakers Associations earned designation for Certified Speaking Professional. When I got up on stage, I was a bundle of nerves and was spooked that I wasn’t going to remember my presentation word for word. I stammered through the first minute, and then froze.

Speaking in front of your colleagues apparently is a lot harder than it looks, and even as a CSP, I didn’t deliver. Most people would have left the conference, and I thought about it, too, but I kept my head high and stuck around.

It was then that Victoria Labalme approached me. She gave me a few pointers, told me I’d be fine, and she offered to help any time. Seeing an opportunity for redemption, I approached the conferences leadership and petitioned for a “do-over” before the end of the event. After some heart to heart negotiations, I got a second chance and Victoria cleared her schedule and provided 3 days of intense consulting. The rest is a Cinderella story. Frankly, I was a dead man walking, but Victoria Labalme saved me.

Here it is: See the before and after.

For those who don’t know her, Victoria Labalme (CPAE), is a rock star speaker and coach…and she changed my career. Her clients include NSA’s top brass, TED speakers, Oscar winning directors, experts creating PBS specials, and the C-suite executives at Starbucks, Microsoft, PayPal, New York Life Insurance, etc.

Victoria is the real deal.

Captivate your audience. Create killer content. Tell stories like a pro using Hollywood secrets. Cut your prep time in half. Use humor in unforgettable ways. And take your audience on a journey they will never forget.

You’ll get texts from people saying, “You nailed it!” People will whisper to you that you were the “best” speaker. And you’ll earn more bookings, greater invitations and coveted speaking opportunities.

Click here to read more: http://www.rocktheroomlive.com

This isn’t like any other event you’ve experienced. In fact, she’s rented out the Los Angeles Theater Center. And she’s got some special surprises planned. So if you can make it, GO!!! You get the online course, too and some whopper bonuses. And she has a special running through Dec 31 (and you will save a ton of $$) and you’ll get a FREE upgrade to VIP status (which includes lunches and reception…)

I know Victoria doesn’t do anything half way. This event is going to be very special and the people attending are world class.

Here’s the link for all the info you’ll need…and to secure your spot:

http://www.rocktheroomlive.com

How to shop securely with a Mobile Phone

“You can buy things with your phone!” No kidding! But imagine what the response would have been had you made this statement in 1984: “Off your meds, eh?”

7WPurchasing via the smartphone may very well eclipse the popularity of shopping via laptop. And cyber thieves know this. They’re counting on you to slip up.

  • Never click a link inside an e-mail, even if the subject line is a warning or alert to a fabulous sale. Cyber crooks know that the small screens on mobiles can easily hide tell-tale signs of scam e-mails, people are especially vulnerable to subject lines blaring great deals.
  • If you’re too tempted to ignore the great deal, then visit the merchant’s site by typing their name into the search engine rather than clicking the link inside the e-mail! That link could lead to a virus download.
  • Never use public Wi-Fi (e.g., at the airport or hotel) to shop. Stick to your phone’s mobile broadband network or at a minimum use a virtual private network (VPN).
  • When shopping with your phone, use a credit card, never a debit.
  • When using your phone, make sure nobody is spying. This really happens; it’s called visual hacking. It can even be done with the crook’s phone—capturing on video the sensitive information you’re entering on your phone.
  • You accidentally mis-type the URL of a major retailer (but don’t know it), and you end up on their site. It’s called typo squatting. How is this possible? The site is the crook’s. He knows people will commit typos and he takes advantage of this: owning a website that mocks the real one, and you’re lured into “buying” off of it—entering your credit card or PayPal information—which he then has. And he knows you won’t pick up that the site is an imposter because your phone’s screen is so small.
  • Keep the phone’s software updated.
  • Deactivate autosave logins.
  • Your phone contains so much sensitive information about you and your family, financial data, maybe medical history, etc. What if a crook gets ahold of it? Set up a personal identification number (PIN) for login.

Download only from official app stores: Apple App Store, Google Play and Amazon. Don’t download from third-party vendors.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Hackers don’t play well with Kids’ Toys

No company is immune from hackers—even a toy company. Hong Kong based VTech got hit by a hacker recently. This company makes techy educational toys for kids, and its database got breached.

11DCustomers go to the Learning Lodge store and download content to their children’s VTech devices. The devices for downloading to are a tablet, watch and action camera.

But recently, this gateway store was attacked.

Some customers’ private information—now in the hands of the hacker—may put them at risk for being victims of identity theft or even a crime against their children. The customer database is comprised of people from many countries including the U.S., UK, Canada, China, Latin America, France and Australia.

The hacker anonymously contacted the company to reveal what was stolen: customers’ names, their kids’ names and birthdates, passwords, e-mail addresses, IP addresses, home addresses and even their secret question. And we all know that hackers have been known to find the answer to a secret question by perusing the potential victim’s Facebook posts!

At least credit card information wasn’t leaked.

But imagine how unnerving it is to know that someone out there has your mailing address, IP address, children’s names and birthdates. Oh, and it doesn’t stop there. The hacker revealed that photos of kids were also leaked.

Customers were notified and since, VTech has made changes to the attacked website in the name of preventing another breach, though it’s not publically known what those changes were.

Many toys and gadgets for kids are connected to the Internet. But don’t let fear of data breaches stop you from buying educational devices for your kids. Today’s connected toys offer a whole new educational experience.

  • Google the gadget to see if it was ever hacked or has “vulnerabilities.”
  • Immediately scan the product once purchased.
  • The toy should be connected only to a secure Wi-Fi network.
  • Keep its software and firmware updated regularly.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Beware of those hackable Holiday Gifts

If you’re going to drone on and on about how you got hacked by a cyber thief, maybe it’s because you played with your new drone—you know, those rad little flying devices that hover via remote control over your street? Yes, they are hackable.

5WIf you don’t have a drone, don’t be surprised if you get one as a gift this season, as Americans are spending tens and tens of millions of dollars on them.

First off, if you spot a drone, before you go, “Wow, cool, there’s a drone! Kids, come look at this!” consider the possibility that it’s spying on you.

Drones can be connected to the Internet and also have a camera—two ways the cyber crook could spy on you. If something is connected through Wi-Fi, it can hacked, and this includes wireless Bluetooth.

So this means that your drone or your kids’ drone could get hacked into. To guard against this, you must continually keep its firmware updated, and use a password-protected Wi-Fi.

So even though the drone is your nine-year-old’s “toy,” it’s a potential gateway for hackers to slither their way into your bank account, medical records and online accounts. And since the drone can be the hacker’s portal, so can your child’s other remote controlled, Wi-Fi connected devices.

Every device, even a remote controlled car that’s connected to Wi-Fi, should at a minimum have the latest software updates or in some cases have security software to protect against viruses and other malware and also phishing scams.

And it’s not just thieves who want to hack into your personal affairs to get your money. A hacker may be a pedophile, seeking ways to find victims.

A hacker could get in even through an application you just downloaded. Before downloading anything, you should read what the app has access to. You may be unknowingly granting permission for the app to access e-mails or turn on cameras.

Anything that’s “smart” – not just the smartphone, smartdrone, Ebook or tablet – can be a portal to a cybercriminal. This means that smartwatches are on this list. So are those fitness trackers you put on your arm. A hacker could get into your phone via that device on your upper arm that’s tracking your heart rate.

So before you do the “cool!” thing, first do the “security!” thing. Be mindful of what you purchase and the measures you take to protect it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Busted!: Large Identity Fraud Rings Fall Apart

A group of people who are actively collaborating to commit identity fraud is known as an identity fraud ring. These rings are generally made up of two or more career criminals, often including family members or close friends. These rings work by members either stealing a victim’s identity or sharing personal information such as a date-of-birth or Social Security number. Though many fraud rings occur in large cities, there are a surprisingly high number of rings found in rural areas.

According to Bergen County Prosecutor John L. Molinelli, recently, twenty people from Pennsylvania and New Jersey were charged as part of a highly sophisticated identity theft ring. The group used several stolen ID’s to open new bank accounts and then negotiate counterfeit and fraudulent checks.

These new arrests were based on information obtained through an ongoing investigation, which began after a previous arrest of a member of the ring, Miokar B. Wehye. This arrest occurred after a nearly year-long investigation after accusations of fraud and identity theft began coming in from Bergen County business owners.

According to Molinelli, the investigation showed that Wehye created a scheme that allowed his group to steal more than $100,000 from their victim’s bank accounts. The prosecution team alleged that Wehye and his group changed their victim’s addresses, opened new bank accounts in their names, and by using counterfeit checks, made illegal withdrawals from these accounts. The group also applied for business loans in the names of their victims.

Though you may think this will never happen to you, the truth is, it can. Anytime you apply for any type of personal or business loan online, it makes you more susceptible to becoming a victim of identity theft. The system of identification that is currently used has flaws, and the Internet makes it quite easy for criminals to get approval when they are not conducting a face-to-face transaction.

Identity thieves can easily change a mailing address and begin diverting documents away from you and directly to themselves. All it takes is a Change of Address request to the US Postal Service, and your mail can be forwarded to a new destination address, and this change may be permanent or temporary. Currently, anyone can change anyone else’s address simply by filling out a form online or even in person at a local post office.

Fortunately, arrests like Wehye’s help police to breakup these rings, and in this case, it led to fraud charges against almost two dozen people, which means there are 20 people who are off the streets and unable to steal your personal identity, for now. Each of these people have been charged with conspiracy to traffic in the personal identifying information of another, which is a second-degree crime. Wehye, and his accomplice Rachel Horace, were charged with receiving a stolen vehicle, too, as at the time of their arrests they had a 2015 Range Rover which was stolen at gunpoint from its owner in Elizabeth, New Jersey.

Though these people are off the streets, there are still dangerous people out there, so make sure you remain vigilant about your identity.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Indiana Is a Big Target for Identity Theft

As the holiday shopping season quickly approaches, identity thieves are quickly looking for their next victims. In Indiana, government officials are taking steps to stop these thieves in their tracks. Just recently, the state’s Attorney General Greg Zoeller was in Fort Wayne to announce the launch of “Freeze Identity Thieves.”

2PThis program, which is designed to protect consumers who may become victims of identity theft, allows people to freeze their credit online, for free. And it’s been around since 2008. He just figured it out.

This past year, there were reports of more than 400 data breaches in the state, which allowed for the exposure of financial and personal information. In addition, there were more than 1,000 identity theft complaints filed. Zoeller does not want this number to get any higher.

Why is Indiana such a big target? I suspect it’s due to a couple of reasons. First, I think they may simply be a bit behind on the available security upgrades. This is a simple fix, fortunately, as long as the state begins to improve their security policies. Another reason is that there could be an individual or even an identity theft ring that is wreaking havoc on residents of the Hoosier state.

Zoeller urges every resident in Indiana to assume that their information has been compromised. Agreed. Actually, if you are a US citizen, with the billion plus records breached, consider your identity stolen. Though you may not be a victim of identity theft at this point, it may be a good idea to freeze your credit information now, so you do not become a victim of identity theft later.

You may be wondering if this action will work, or if freezing your credit reports is enough to prevent identity theft. The answer is yes. This type of credit freeze is something that all states adopted in February 2008 and in my opinion, and it will lock down your credit report, which will prevent fraud.

Brief FAQ About Credit Freezing

When is it a good idea to freeze my credit?

If you are 18 years old or older and have a credit report, you should freeze your credit. You should also freeze it if you are under the age of 18 and your identity has been stolen in the past.

What should I consider before ordering a freeze on my credit?

Don’t consider anything, just do it. Your credit should be frozen across the board, even though lenders have been trying to prevent this. Why? Because they would be unable to give out instant credit, and it would “gum up” the lending system.

What does it cost to freeze a credit report?

Depending on where you live, it costs between $0 and $15 to freeze your credit report. To apply for a new line of credit, you will pay between $0 to $5 to thaw the report.

Where can I freeze my credit report?

You can freeze your credit report by contacting the three main credit bureaus by following the links, below:

Equifax

Transunion

Experian

Credit freezing stops an identity theft from using stolen information, such as a Social Security number, from accessing and racking up credit in your name. Once the freeze begins, you can lift it at any time, such as when you need a new loan or want to apply for a new credit card. Also, just because your credit report is frozen, it does not mean that you cannot use your present credit.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Protect Your Family Online With WOT

The web is a dangerous place. Malware, scams and privacy dangers are around every corner, and children can easily find themselves face to face with sites that are not suitable. What can a parent do? One option is to try WOT, Web of Trust, a free browser add-on.

WOT rates each site on the Internet for reliability, privacy, trustworthiness and child safety. When searching a website with WOT, you will see a colored icon, red for bad and green for good, which indicates if a user should proceed. You can also use the WOT rating for every site and read reviews from those who have been on the site.

wot1

WOT offers other features, too. For instance, when visiting a “red site” a large warning appears on the screen. This allows people to choose if they go through or surf away. Additionally, you can also click the WOT button in the browser, and you can see information about the rating of the site, too.

When performing an Internet search and you come across a link that looks fishy, WOT places a red icon next to it. You may also see a yellow icon, which indicates the site may or may not be safe, and gray icons indicate the site is unrated. Hovering over each icon will give you more details about the website, as well as ratings and reviews from users.

WOT2

The latest version of WOT has four levels of safety included. Lite, the lowest level, only shows icons for dangerous websites. The highest level, Parental Control, not only blocks dangerous websites, it also blocks any sites that are not suitable for kids.

Web of Trust is available as a browser add-in for Firefox, Google Chrome, Opera, Internet Explorer and Safari.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. This is a review opportunity via BlogsRelease. Disclosures.