Beware of ALL these Scams

Scams targeting older people are probably very under-reported, as seniors don’t want to appear senile. The most vulnerable group is educated men over 55, because, quite frankly, they think they know everything.

9DSweepstakes/Lottery

  • This scam comes in many forms, but the common denominator is that you’re requested to pay a fee or taxes.
  • A legit sweepstakes or prize event never requires payment.

Kids/Grandkids Need Money

  • The scammer relies on the odds that the randomly-called senior has trouble hearing.
  • The scammer says, “This is your favorite grandson!” Invariably, the victim announces the grandson’s name. The scammer takes it from there, convincing the victim to send money.

Home Repair

  • A man in a worker’s uniform, complete with company logo, appears at your door, offering to do some service. They may actually perform it, but will overcharge and/or not complete it.
  • Others are there only to case your home for a future robbery.
  • A legitimate company does not go door to door.

Cyber Help

  • A call from someone claiming to be from Microsoft or some other tech giant, claiming your computer has a virus, is a scam.
  • The scam includes background noise that sounds like a busy call center.
  • This scam is also conducted via e-mail.

Dating

  • Never give money to someone you met through an online dating service.
  • If they sound and look too good to be true, they probably are. A sudden sob story in which they desperately need money is a cue for you to run for the hills.

Uncle Sam

  • Through a phone call or e-mail, you’re notified you owe back taxes or that a refund is owed to you (and you must pay a fee to get it). SCAM!
  • The crook can make the caller ID look like the IRS.
  • The caller may threaten to have you arrested or pose as a sheriff.
  • If you owe or are owed, the IRS will always snail mail you.

Ugly Baby

  • You’re approached by a woman while you push a stroller. She says your baby/grandchild is ugly.
  • While you react to this, her accomplice pick-pockets your purse.
  • Distraction scams can come in many forms.

Investments

  • A call out of the blue from an “investment advisor” is very likely a scam.
  • Seek financial counseling only from a reputable service.

Identity Theft

  • Never give personal information over the phone unless you called that company (and say, want to purchase something).

POA

Never give power of attorney to someone you know only casually or without a lawyer to review the document.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The Rising Risks of Tax Identity Theft

What are you doing to prevent tax identity theft? Do you even know what steps to take? You’d better, because this crime has tripled since 2010, says the FTC.

A report on foxbusiness.com describes tax identity theft as the act of stealing someone’s personal information, then the crook files a phony tax return in the victim’s name to get a refund. The victim will never see it in their mailbox. And that’s only the beginning of the victim’s problems.

First, your complaint that you didn’t get your check will fall on deaf ears; the IRS will think they already sent you the check. Remember, the thief posed as YOU. You then must:

  • File a form explaining you’re a victim of tax ID theft.
  • Provide proof that the SSN is yours.
  • Your complaint will be reviewed, delaying your refund for months.
  • But the game’s not over. The thief didn’t report the income you made on the side teaching group fitness classes. You’re now being charged by the IRS with a tax deficiency.
  • The snowball just keeps getting bigger: The thief may have enough information on you to open credit cards in your name and suck dry your bank account.

How to Protect Yourself

  • Guard your personal information. Never give out your Social Security number (job application, yes; sweepstakes contest, no; to someone over the phone, no).
  • Memorize your SSN and keep your SSN card in a locked place at home.
  • Buy a shredder and make a habit of shredding all personal and financial documents.
  • If you do your taxes yourself, your computer should have encryption software. Never use public (non-secure) Wi-Fi for any tax related transactions; cyber thieves could “see” your data transmissions.
  • When it’s time to mail in the return…do it inside the post office, never at a public mailbox or even your home mailbox.
  • If you can’t do your taxes, get them done by a reputable outfit. You may want to go with someone who’s done the taxes for years for one of your family members or close friends.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Eight ways to secure your employees’ mobile devices

Between half and three quarters of all employees have downloaded personal apps to company tablets and phones, according to surveys. At the same time, people are increasingly using use personal phones for work purposes like email, document-sharing and the list goes on.

2DWhat does it all mean? Companies must take extra precautions to ensure that sensitive data doesn’t get into the wrong hands.

Protecting your data

Fortunately, there are several steps that a business owner can take to protect the information on employees’ mobile devices. Here are some tips:

  1. Make sure all devices are password protected.
  2. Require all employees to use an “erase data” function after a certain number of failed password attempts.
  3. Make sure all devices used for business purposes have a “wipe” ability. This allows you to wipe the information on the phone remotely in case it is stolen.
  4. Make sure your staff installs any security patches or updates that become available. These are often published due to security vulnerabilities.
  5. Employees should only download software from approved application providers with solid reputations.
  6. Antivirus protection must be a requirement for Androids.
  7. Make sure employees are discerning about the websites they visit and the links they click on. Too many clicks may lead them to a malicious site that could put data at risk. This also applies to e-mail and text messages.
  8. Employees should know that Wi-Fi is not secure. This is especially true of public Wi-Fi connections. To help guard their information, consider using a virtual private network service.

It doesn’t take much to secure the info your staff needs to do their jobs. A few simple strategies can provide a protective shield that will keep your company’s information safe, no matter where employees find themselves.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

How Motion Detectors Work

Ever wonder how a motion detector works? How can some inanimate object “know” you’re creeping nearby, even if you’re as quiet as a mouse? This amazing technology can be broken down into several types.

3HActive Ultrasonic

  • When an object moves, it can bounce back ultrasonic waves that are directed towards it. An active ultrasonic sensor does just this: sending out ultrasonic waves, that when converging upon the path of a moving object, will be reflected back. If enough reflection is measured, the alarm will sound.
  • The downside is that dogs and cats can hear in this very high frequency range, and if the alarm is on all the time, it can be unpleasant for them.

Passive Ultrasonic

  • This type is peeled for specific sounds, such as glass shattering.
  • The downside is they cost a pretty penny.
  • Another negative is that, due to their high sensitivity level, can send out false alarms.

Passive Infrared

  • Your body emits heat. A dog’s or cat’s body emits heat. That’s because of the warm blood flowing through mammals. This heat is in the infrared range of the light spectrum, invisible to the human eye. The “PIR” type of sensor has a special kind of material that detects this heat emission. Upon detection, the sensor triggers electrical activity. And of course, this is converted to the sound of an alarm.
  • Minimal energy is used by these inexpensive sensors, which have an indefinite lifespan.
  • If an intruder knows where your PIR unit is placed, he might be able to foil it by walking in a straight line smack towards it, as this linear path will not reflect body heat in an easily detectable way.
  • Another minus is that an animal can trigger it.

Tomographic

  • Tomography is when radio waves are emitted. A moving object will upset them.
  • This type of sensor can detect motion in the next room because it can penetrate walls.
  • The downside is that they cost an arm and a leg.

Microwave

  • Microwave pulses are sent out, and any moving object will reflect these.
  • The downside is that the detection might be outside the specified range, setting off a false alarm.
  • Another negative is that this type is a power guzzler. Because of this, it’s commonly set for on and off cycles. And what if a thief knows when these cycles are off?

Duo

  • Two of the aforementioned types are combined. This helps reduce false alarms.
  • Combining two types of sensors, though, can result in missing a real alarm.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect your Home when Traveling

When you go traveling, I’m sure you make a point to protect the various things you bring with you—including your laptop, children, even spouse. But what about something you left behind? Your home? Is that being protected too?

1BBefore Leaving

  • Don’t wait till the last minute to arrange kenneling for your pet.
  • Tidy up the exterior of your house including mowing the lawn. Overgrown grass, unmoved rubbish and dormant toys/tools make a house look unoccupied. If you plan on traveling long enough for the grass to get overgrown, arrange with a trusted adult to mow your lawn.
  • Don’t leave your car outside.
  • Put your snail mail and any paper delivery on vacation hold.
  • Give spare keys to a trusted adult. This person should also know the “safe” word for your security system should they be in contact with the monitoring center.
  • Hopefully you have a reliable neighbor who will promptly remove any flyers in your door or on the knob.
  • Here’s something you probably never thought of: A burglar casing your street on trash pickup day may notice the one house whose trash cans aren’t at the curb. Hmmm…maybe those people are away on vacation? So have a neighbor bring your trash cans out on trash day—with trash in them—and then bring them back in.
  • Get rid of food that may spoil while you’re away.
  • Make sure the locks on your windows and doors work.
  • Set up an automatic timed lighting system. Open curtains or shades enough to reveal this to anyone passing by, but not enough for someone to be able to see your valuables through your windows.
  • Put as many valuables as you can in a fireproof, waterproof safe.
  • To prevent water flooding problems, switch off the water to your dishwasher and washing machine.
  • Make sure all appliances and electronic items are unplugged to avoid fires.
  • Lower the thermostat but no less than 60’.
  • Give the garbage disposal one last run, because if there is food waste in there you may come home to a swarm of fruit flies.
  • Make sure your smoke detectors and home security system work.
  • And don’t forget to turn your alarm system on before you embark on your trip.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Gemaltos’ “EMV For a Week Challenge,” starts now!

As part of Gemalto’s #ChipAwayAtFraud campaign, I’m being tasked with numerous tasks, some tacky, some essential to living. Gemalto, one of the world’s leaders in digital security, wants a real-world take on the EMV card experience. Which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that by now, you should have. EMV by the way stands for Euro/MasterCard/Visa. The Euro part essentially means that’s where the card was first deployed.

1CIf you don’t have a chip card by now get on the phone, call your bank and in your loudest, angriest voice scream at them and politely ask why they haven’t sent you one yet.

You, Mr. and Mr.’s credit card holder should support for the new technology in your community by explaining it to people, and encourage its use.

As a Gemalto campaigner I’m deploying two articles, one introductory (this one) and one “wrap-up” piece, detailing my experience during the challenge.

The Challenge:

Complete All Ten Tasks First and Win $400 to a Charity of Your Choice: My Charity is Boston Children’s Hospital

  1. Get coffee at a local (not chain) coffee shop
  2. Make any purchase at a big-box store
  3. Get a meal inside a fast food restaurant
  4. Buy a magazine at a gas station
  5. Get $50 worth of groceries
  6. Buy a tacky t-shirt
  7. Get someone special a bouquet of flowers
  8. Hit a tourist attraction in your town
  9. Buy office supplies for your coworker(s)
  10. Mail us a postcard from your local post office

Easy. Let the games begin!

Beware of Hot and Cold Reading Scams

Many so-called psychics are frauds. But so are some auto mechanics, lenders and roofers. There’s fraud in just about all lines of work.

1SWhat we do know is this: There’s not enough evidence to refute paranormal phenomena. Nor enough to prove it beyond a doubt.

And we also know this: There exist scams involving hot and cold readings.

I could give a scam reading to a flamboyant, colorfully-dressed woman (whom I’ve known for only a minute) with big hair, lots of costume jewelry and a supersonic laugh.

I could tell her she’s attracted to quiet, analytical, detail-oriented, very serious men whose eyes well up during sappy movies. She’ll pay me $100 for my “reading” and think I’m a psychic. What she doesn’t know is that I know that people with “sanguine” temperaments are attracted to the “melancholy” temperament.

I didn’t “read” her based on psychic abilities. I “read” her based on a book about temperaments I read years ago. Some people get really good at cold readings and make money off of this.

Hot Readings

You have an appointment with a woman. You find her Facebook page (because you got enough preliminary information to achieve this). You learn all about her. You look her up on LinkedIn too.

Come appointment (reading) time, you start telling her things about herself, flooring her. Scammers can cunningly extract information via other routes as well, but the bottom line is that the crook gets information ahead of time and pretends it’s only just coming up during the reading.

Cold Readings

The information is gleaned right on the spot—via skilled observational powers. Typically the cold-reader begins broadly, such as, “You’re very sad these days,” watching the customer’s body language and facial reactions, and then making deductions based on those.

The reading is very carefully worded to cover the possibility that the deductions are wrong. The scammer might say, “A person very dear to you is no longer around,” instead of the specific, “A person very dear to you has recently died.”  All possible reasons for the “loss” are covered with the ambiguous statement.

Cold readings to a large group are a joke, because the scammer will announce something that, by the law of averages, will apply to several people in the group. He then narrows it down from there.

There may be many honest, true psychics out there (some police departments use them for missing-persons cases believing if there wasn’t some fire to this smoke).

But beware of the scammers. Don’t pay someone to tell you something about your life that’s already on Facebook or evident in your clothing and mannerisms.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How much is your Data worth online?

Cyber crime sure does pay, according to a report at Intel Security blogs.mcafee.com. There’s a boom in cyber stores that specialize in selling stolen data. In fact, this is getting so big that different kinds of hot data are being packaged—kind of like going to the supermarket and seeing how different meats or cheeses are in their own separate packages.

10DHere are some packages available on the Dark Net:

  • Credit/debit card data
  • Stealth bank transfer services
  • Bank account login credentials
  • Enterprise network login credentials
  • Online payment service login credentials

This list is not complete, either. McAfee Labs researchers did some digging and came up with some pricing.

The most in-demand type of data is probably credit/debit card, continues the blogs.mcafee.com report. The price goes up when more bits of sub-data come with the stolen data, such as the victim’s birthdate, SSN and bank account ID number. So for instance, let’s take U.S. prices:

  • Basic: $5-$8
  • With bank ID#: $15
  • With “fullzinfo” (lots more info like account password and username): $30
  • Prices in the U.K., Canada and Australia are higher across the board.

So if all you purchase is the “basic,” you have enough information to make online purchases—and can keep doing this until the card maxes out or the victim reports the unauthorized charges.

However, the “fullzinfo” will allow the thief to get into the account and change information, thwarting the victim’s attempts to get things resolved.

How much do bank login credentials cost?

  • It depends on the balance.
  • $2,200 balance: $190 for just the login information
  • For the ability to transfer funds to U.S. banks: $500 to $1,200, depending on the balance.

Online premium content services offer a variety of services, and the login credentials to these are also for sale:

  • Video streaming: $0.55 to $1
  • Cable channel streaming: $7.50
  • Professional sports streaming: $15

There are so many different kinds of accounts out there, such as hotel loyalty programs and auction. These, too, are up for sale on the underground Internet. Accounts such as these have the thief posing as the victim while carrying out online purchases.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Data security policies need teeth to be effective

Bottom line: If you have a data security policy in place, you need to make sure that it’s up to date and contains all of the necessary elements to make it effective. Here are 10 essential items that should be incorporated into all security policies:

4H1. Manage employee email

Many data breaches occur due to an employee’s misuse of email. These negligent acts can be limited by laying out clear standards related to email and data. For starters, make sure employees do not click on links or open attachments from strangers because this could easily lead to a ransomware attack.

2. Comply with software licenses and copyrights

Some organizations are pretty lax in keeping up with the copyrights and licensing of the software they use, but this is an obligation. Failing to do so could put your company at risk.

3. Address security best practices

You should be addressing the security awareness of your staff by ensuring that they are aware of security best practices for security training, testing and awareness.

4. Alert employees to the risk of using social media

All of your staff should be aware of the risks associated with social media, and consider a social media policy for your company. For example, divulging the wrong information on a social media site could lead to a data breach. Social media policy should be created in line with the security best practices.

5. Manage company-owned devices

Many employees use mobile devices in the workplace, and this opens you up to threats. You must have a formal policy in place to ensure mobile devices are used correctly. Requiring all staff to be responsible with their devices and to password protect their devices should be the minimum requirements.

6. Use password management policies

You also want to make sure that your staff is following a password policy. Passwords should be complex, never shared and changed often.

7. Have an approval process in place for employee-owned devices

With more employees than ever before using personal mobile devices for work, it is imperative that you put policies in place to protect your company’s data. Consider putting a policy in place which mandating an approval process for anyone who wants to use a mobile device at work.

8. Report all security incidents

Any time there is an incident, such as malware found on the network, a report should be made and the event should be investigated immediately by the IT team.

9. Track employee Internet use

Most staff members will use the Internet at work without much thought, but this could be dangerous. Try to establish some limits for employee Internet use for both safety and productivity.

10. Safeguard your data with a privacy policy

Finally, make sure that all staff members understand your company’s privacy policy. Make sure that data is used correctly and within the confines of the law.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses.

How Glass Break Sensors work

Your home should have multiple layers of protection. You’ve certainly heard that before. Motion detection is a critical layer of protection, and this is comprised of the simple act of unauthorized movement sensed as the result of breaking and entry. Glass break is similar in concept. One detects movement the other detects sound. 3B

  • Motion: The sensor detects when someone is moving about inside the house.
  • Entry: The sensor detects when a door or window is opened.
  • Breaking into: The glass break sensor detects when a burglar smashes through a window with a crowbar.

Many people don’t know that the sensor for breaking into exists. This special kind of sensor detects the unique sound (in terms of frequency) of window glass being hit and then shattering. The sensor then sets off the alarm.

So in other words, the sensor doesn’t wait for the glass to shatter. The detection starts when the crowbar or baseball bat makes heavy contact with the glass. This initial detection can be thought of as phase one. And phase two, the actual breaking of the glass, occurs just milliseconds later, setting off the alarm.

In a house full of windows, one sensor per room may be sufficient, covering three or more windows and even glass doors. And fortunately, it’s not necessary to have your kid hit a baseball into a window to test out the sensor.

The device has a “test mode.” You should produce a clapping sound (preferably with your hands). At the bottom of the sensor, a small light will blink, in response to the sound of the clapping, which simulates the sound of a window being struck.

Now if you don’t see the light blinking, the sound wasn’t detected. Make sure the sensitivity setting is on “high” in the device, and also check your windows; are they blocked by heavy curtains or furniture? If your hand clapping is weak, do you have a few wooden boards to smack together?

After you make the necessary adjustments, create the clapping sound again. If the unit is correctly installed, the light should blink.

If your child thinks he could trip the alarm by banging cymbals or dropping a glass on the kitchen floor, tell him don’t even think about it. The break-into sensor system has already taken false alarms into account. So if a glass or china plate crashes to the floor, or the sound of windows breaking is coming from the TV, these noises will not trip the alarm.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.