Preplan for a Safe Vacation

Traveling is fun, exciting, tiring and depending on your destination, generally safe. But bad things can happen. The best thing you can do before you go, is prepare.

5HSafety Tips

  • Blend in on your vacation. Before you leave for your trip, plan out your arrival. Dress like the locals. Preparing to blend into the ambience before you leave ensures you won’t be accosted the second you get off the plane. Don’t stick out like a sore thumb dressed in Western attire while you roam around a city where most women are wearing robes or the men are wearing turbans. If wearing a kimono means reducing your odds of being mugged (tourists are known for carrying a lot of cash) or abducted, then do just that.
  • Try not to “play it by ear.” Have a plan in action for every day—and develop it either the night before or early in the morning.
  • Plan. figure out where you’re going to have breakfast; figure out how much time you need in the morning to do anything related to the day’s events (e.g., get tickets, arrange transportation, bring enough diapers for the toddler).
  • Have your young kids wear those sneakers that light up with each step; this will help you know where they are.
  • Before you departed for the trip, you created something to put on your children’s person that contains vital information about them, in case they got lost, right? There are numerous GPS devices that can help you locate them is something happens.
  • And your kids already know how to swim, right? An infant can learn to swim.
  • And you’ve already taught your kids about stranger danger, right? Don’t wait till you’re on vacation to do this.
  • And speaking of young kids…forbid them from dashing ahead of you, especially in crowded areas, especially in a foreign land. You just never know what could happen (e.g., someone swiping your child; your child accidentally ramming into someone and getting injured or inadvertently knocking over a frail elder). Really, I’ve seen kids bolting ahead of their parents like a freight train, including when the parents are not paying attention.
  • Every morning, review instructions for emergencies. This includes instructing your kids to yell, “This man’s not my dad!” if they’re being abducted, rather than just wildly screaming.
  • Before you left for the trip, you packed/uploaded/took headshots of every family member, right? In case someone goes missing?
  • Every morning, make sure everyone has a headshot of everyone on their person. This way, if your young child approaches a woman (because they were taught to approach only a woman if lost), they can show that woman a photo of you and say, “I need your help. I can’t find my patrents.”
  • You’re outside, eager to sightsee. But not before you get key landmarks squared away with everyone in your party.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

I want a Cell Phone Jammer

Well, we certainly can’t blame Dennis Nicholl for breaking the law. Frankly, had I been nearby him when he did it, I would have kept silent and let him continue breaking the law—unless, of course, I was engaged in some loud, planet-moving discussion with a world leader.

5WNicholl, 63, was recently on a Chicago subway train. He brought with him a cell phone jammer. Unfortunately for Nicholl that day, Keegan Goudie was on the same train. Goudie is a blogger, noticed the infraction and began blogging about it. One thing led to another and Nicholl ended up being charged with the unlawful interference with a public utility.

Someone called 911 on him. Though Nicholl was breaking the law, arguably, he wasn’t committing any act that was putting anyone else’s life or limb in immediate danger. Or was he? I’m sure we can all get creative here.

Anyways, Nicholl’s lawyer says his client meant no life or limb danger. Like most of us, Nicholl only wanted some peace. Cell phone users tend to talk a lot louder into their phones than to people sitting right next to them. Sometimes, they’re outright obnoxious. They should be glad the infraction is only a cell phone jammer and not someone’s angry hands.

If making calls becomes allowed on airplanes in flight, it won’t be pretty. It’s bad enough when some fool talks loud while waiting for the boarding door to close. Nobody wants to hear how big the deal you are closing is or that Timmy scored a goal in soccer. Stop being a jerk.

So why is interference with a conversation via electronic device illegal, yet it’s not illegal to “jam” riders’ cell phone yakking with loud whistling, singing, loudly yakking to oneself or playing a harmonica?

Because these non-techy interference techniques can’t jam up someone’s legitimate call to 911. Nicholl’s jammer could have prevented another rider from getting through to 911 to report sudden difficulty breathing. So if you’re hell bent on using a cell phone jammer, maybe make sure first that everyone looks healthy?

The punishment is heavy. A Florida man had to cough up $48,000. Also in Florida, a teacher was suspended after jamming his students’ phones. A priest was even busted for using one in church. Ahh, technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Look out for Shipping E-mail Phishing Scams

Stop clicking on e-mails about your package delivery! Scam, scam, scam! Look, it’s simple:13D

  • Scammers are also pretending to be from the DHL and FedEx shipping companies, not just UPS.
  • Crooks know that at any given time, thousands and thousands of U.S. people are waiting for a package delivery.
  • So these cyber thieves send out mass e-mails by the millions, knowing that they will reach a lot of people who are expecting a package.
  • The subject line of these e-mails says something about “your delivery” or “your shipment” that lures the recipient into opening the e-mail. Usually, the message is that the delivery has failed, and the recipient is tricked into clicking on an attachment or a link.
  • And that’s when malware gets downloaded to their computer.

This technique is called social engineering: tricking people into doing things they shouldn’t. People are too quick to click. I wonder how many of these clicker-happy people ever even gave their e-mail address to UPS. The last time I sent something via UPS, I don’t even recall being asked for my e-mail address.

But people so freely give out their e-mail address, that when they receive one of these phishing e-mails by crooks, they think it’s legitimate. They believe that the attachment is a new shipping label to print out. They even believe the threat that if they don’t use this new label right away, they’ll be charged a fee. It’s all about hurry, hurry, hurry! People don’t stop and T-H-I-N-K first.

What can be done about this? First off, don’t freely give out your e-mail. That way, if you get an e-mail from a company that you just, by chance, happen to be doing business with, you’ll know it’s a fraud—because you never gave your e-mail to that company in the first place.

Next, share this information with your family and friends. They’ll probably all deny that they’re capable of falling for this scam, but I’m sure that when the unwise ones are alone, they’ll give it some hard thought.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Shred your Boarding Pass

Apparently there are people who take pictures of their airplane boarding pass…and post it online. I’m dead serious. I’ve heard of toddlers getting excited over scraps of paper, but full-grown adults posting images of their boarding pass online? Don’t get me started.

2DLet’s just only say that this is incredulously absurd. Like, who cares about your bleepity bleep boarding pass, right? OK, you got bumped up to First class. SAVE IT. Well wait a minute. Fraudsters care.

Fraudsters also care about the boarding pass that’s left intact in a rubbish can or lying on a seat somewhere.

Few travelers know that the bar code on the boarding pass MAY contain that individual’s home address, e-mail address, name and contact number. All a crook needs is this basic information (revealed via bar code reader off his cell phone!) to get the fraud ball rolling.

  • Keep your boarding pass out of everyone’s sight except the airport employee who requests it.
  • After you no longer need it, tear it up and flush it down a toilet.
  • When you arrive to your hotel, don’t bring it with you to your hotel room and leave it sitting out in full view. Shred and destroy it prior.  Putting it in the hotel room trash isn’t enough. Realize that when you’re not in the room, maids and other hotel employees can gain access—and I can’t say it enough: You just never know who has a bar code reader app.
  • And for Heaven’s sake, don’t post images of it online, if for no other reason, this makes you come across as less interesting than a doorknob. In fact, don’t even think of taking a picture minus the bar code. You just never know with today’s technology what a crook could get off an image online.

Man, if you still don’t believe me about any of this, check out these two very short but alarming videos. You’ll be flabbergasted at how much information about you a techy thief could get off of your boarding pass! “If a hacker can find it, he can find YOU!”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

IRS Identity Theft Prevention Tool hacked

The Identity Protection PIN tool on the IRS.gov site has been temporarily suspended—because it was recently hacked into. The tool provides retrieval of forgotten or lost IP PINs to users who want an extra layer of protection against identity theft.

9DBut some users who received the IP PINs recently via the online tool learned that a thief had used their IP PIN to file tax returns in their name.

So now, for the moment, you cannot use the IRS’s online function to retrieve your IP PIN; meanwhile, the IRS is investigating the hack.

The online tool attracts taxpayers who lost or forgot the six-digit IP PIN they were issued via snail mail. Despite the suspension of the tool, taxpayers are encouraged to file their returns without any qualms. The IP PINs purpose is to add additional protection to the user, but is not required to process a tax return.

Lesson learned: If you ever receive an IP PIN in the future…memorize it or write it down in hardcopy and keep in a safe place.

Tips from the IRS

  • There will always be someone who misplaces or accidentally throws out the letter containing the IP PIN, or who intentionally discards the document but then can’t remember the number and never wrote it down. They should call the IRS in the wake of this suspension.
  • Over the phone, they will need to verify their identity, after which they will receive a letter with the IP PIN.
  • If since the first of this year the taxpayer has moved, they will need to file a paper return, and this will take longer to process if it doesn’t contain an IP PIN.
  • The IP PIN is given out to those at risk or who feel at risk for tax identity theft. But again, it’s not necessary to use it if it’s been lost or forgotten. But for those who managed to retrieve their number, they should include it on their tax return.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How Parents can de-motivate Sexting in their Teens

Whatever the appeal of sexting is to kids (attention), it’s definitely there, and won’t be going away too soon. Of all the things that teens can do in their daily lives, why spend time sexting?4D

  • To feel cool
  • To get a crush’s attention
  • To make a relationship seem more serious
  • To harass the recipient
  • Peer pressure
  • ATTENTION, SHOCK, AWE, SEX.

Before the advent of sexting, teens talked sex and even shared racy photos with each other. But the old-fashioned way meant that the only viewers were the people with the teen.

Sexting, on the other hand, means that the communication—including naked images—can spread to thousands of people like wildfire. Privacy is zero. Furthermore, it’s illegal for teens to sext.

Just how bad can it get?

Well, if teen Jesse Logan were still alive, we could ask her how it felt when her classmates harassed her after her nude image got out to other students after she merely sent it to her boyfriend. Unfortunately, she killed herself over this.

I’m sure she wouldn’t have sent him the photo had she known of the wide-reaching potential of sexting. Can we blame her for not anticipating the school-wide circulation of her photo? Whose responsibility is it to teach kids this stuff? Maybe even her parents were in the dark; not all adults are savvy about the dangers of cyberspace.

Calling All Parents…

  • Sit down with your child and talk. Choose a good time to do this. Maybe include their favorite snack. But just get it done. Be pre-emptive. Don’t wait for a bad sexting situation to arise.
  • Collect real-life stories of teen sexting incidents gone horrible and share them with your child.
  • Instruct them to immediately delete any sexual content that’s sent to them.
  • Explain how the Internet works and how easy it is for sext content to “get out there.”
  • Recognize that the peer pressure to sext is similar to the peer pressure to drink and smoke. Don’t just tell your kids what not to do. Role play with them. Recruit an older teen to do some staged pressuring. See how your child responds. Does your child stammer and find it difficult to vocalize resistance? Are they at a loss for words? Is their body language mousy? If the answer is “yes” to these, you have a big job to get done fast.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Change Passwords or not; that is the Question

We’re told to change our passwords often to minimize getting hacked. Now we’re told this is a bad thing.

5DBut not for any inherent techy reason. It’s because frequent password changing makes many people lower their guard when it comes to creating new passwords.

They get lax and end up with passwords like Bear1, Crazy4u and GetHigh1978. Or, they often only minimally change the password, such as going from Hotbaby!! to Babyhot!!.

Believe it or not, despite an infinite number of permutations involving 26 letters, 10 numbers and 10 symbols, many people struggle to create new passwords beyond just minimally altering existing passwords. And don’t even ask these folks to remember any new and very different, strong passwords.

But if you already have unique, strong and jumbled passwords, you do not have to frequently change them. So if your Facebook password is Ihv1dggnPRvGr8tGamz!, there is no reason to change this 90 days after creating it. However, changing ANY password every six months to a year is still a wise idea. And this infrequency won’t leave you drained.

And you can always use a password manager to do the figuring for you anyways. A password manager will create long, strong and unique passwords, and issue you a single master password.

Rules for a Virtually Uncrackable Password

  • Does not include any names that are found in a dictionary, including proper names, sports team names, rock group names, city names, etc.
  • Does not have any keyboard sequences, no matter how unintelligible. So even though sdfgh looks jumbled, it’s just as much a sequence as 12345.
  • It contains numbers, letters and symbols.
  • If you predict struggling to remember a bunch of jumbled passwords, then think of a phrase that you will never forget, especially one that pertains to the account you want to create the password for. An example might be the password for your credit card account. You can shorten “I Hate Making Credit Card Payments” to: iH8tmkngCCpymnt$!.

You can also shorten phrases that pertain to things you love, like for instance, a phrase about your favorite movie, food, vacation, TV show, etc.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Xfinity Home Security Flawed

Bad news for users of the Xfinity home security system: It can report locked doors and windows that have been bypassed by an intruder and miss an intruder’s movements, says an article on wired.com.

3HThe intruder circumvents the system by using a radio jammer to block the 2.4 GHz radiofrequency band of the alarm system. The system won’t detect this as an anomaly, “thinking” that the doors and windows are still locked.

It gets worse. Suppose the thief ends the jamming and leaves with his loot. Then a second, unrelated intruder breaks in. He may go undetected and no alarms will go off, no remote alerts to the homeowner, because it may take the system’s sensors up to three hours to return to a functioning mode.

An Xfinity sign that’s on the property is a welcome mat to thieves who know how to circumvent the system. And the homeowner will never know anything happened until they return and see the place was ransacked. A surveillance camera, of course, will show the intrusion—unless the radiofrequency band of the camera was the same as the system and hence also jammed.

Radio jamming equipment can be constructed by anyone with half a brain about electronics.

Why can’t this system detect that anything went awry? And why does it take up to three hours for the sensors to regroup? Sounds like a lot of stuff is wrong with this system.

It’s not truly known if Comcast plans on remedying these flaws. Rapid7 security researchers contacted Comcast but have not received a reply, continues the wired.com article. Comcast has also ignored contact from WIRED and from CERT, a cybersecurity research entity.

Interestingly, once the wired.com article was posted, Comcast spokesperson Charlie Douglas issued a statement inferring that these flaws exist in any home security system. However, it has not been confirmed that these flaws are inherent in wireless home security systems in general.

So will Comcast patch up the flaw? Douglas’s response to WIRED was rather evasive, again stating that it was an “industry issue,” and that he’s not even sure that a “simple patch” is even the solution.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect Yourself from Phishing

Everyone has received very obvious “phishing” e-mails: Messages in your in-box that have outrageous subject lines like “Your Account Will Be Suspended,” or, “You Won!”

13DWhile some phishing attacks are obvious, others look harmless, such as those in a person’s workplace in-box, seemingly from their company’s higher-ups.

Researchers point out that an e-mail may appear to come from the company’s HR department, for example. E-mails with an “urgent email password change request” had a 28% click rate, Wombat security reported.

Phishing victims act too quickly.

In the workplace, instead of phoning or texting the HR department about this password reset, or walking over to the HR department (a little exercise never hurts), they quickly click.

So one way, then, to protect yourself from phishing attacks is to stop acting so fast! Take a few breaths. Think. Walk your duff over to the alleged sender of the e-mail for verification it’s legit.

Wombat’s survey reveals that 42% of respondents reported malware infections, thanks to hasty clicking. However, employees were more careful when the e-mail concerned gift card offers and social media.

The report also reveals:

  • 67% were spear phished last year (spear phishing is a targeted phishing attack).
  • E-mails with an employee’s first name had a 19% higher click rate.
  • The industry most duped was telecommunications, with a 24% click rate.
  • Other frequently duped industries were law, consulting and accounting (23%).
  • Government was at 17%.

So as you see, employees continue to be easy game for crooks goin’ phishin.’

And attacks are increased when employees use outdated plug-ins: Adobe PDF, Adobe Flash, Microsoft Silverlight and Java.

The survey also reveals how people guard themselves from phishing attacks:

  • 99% use e-mail spam filters.
  • 56% use outbound proxy protection.
  • 50% rely on advanced malware analysis.
  • 24% use URL wrapping.

These above approaches will not prevent all phishing e-mails from getting into your in-box. Companies must still rigorously train employees in how to spot phishing attacks, and this training should include staged attacks.

Protect Yourself

  • Assume that phishing e-mails will sometimes use your company’s template to make it look like it came from corporate.
  • Assume that the hacker somehow figured out your first, even last name, and that being addressed by your full name doesn’t rule out a phishing attack.
  • Get rid of the outdated plug-ins.

Phishing attacks are also prevalent outside the workplace, and users must be just as vigilant when on their personal devices.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Three ways to beef up security when backing up to the cloud

Disasters happen every day. Crashing hard drives, failing storage devices and even burglaries could have a significant negative impact on your business, especially if that data is lost forever. You can avoid these problems by backing up your data.

Backing up means keeping copies of your important business data in several places and on multiple devices. For example, if you saved data on your home PC and it crashes, you’ll still be able to access the information because you made backups.

A great way to protect your files is by backing up to the cloud. Cloud backup services like Carbonite allow you to store data at a location off-site. You accomplish this by uploading the data online via proprietary software.

Cloud backup providers have a reputation for being safe and secure. But you can’t be too careful. Here are a few ways to beef up security even more when you use a cloud backup system:

  • Before backing up to the cloud, take stock of what data is currently in your local backup storage. Make sure that all of this data is searchable, categorized and filed correctly.
  • Consider taking the data you have and encrypting it locally, on your own hard drive before backing up to the cloud. Most cloud backup solutions – including Carbonite – provide high-quality data encryption when you back up your files. But encrypting the data locally can add an additional layer of security. Just remember to store your decryption key someplace other than on the computer you used to encrypt the files. This way, if something happens to the computer, you’ll still be able to access your files after you recover them from the cloud.
  • Create a password for the cloud account that will be difficult for any hacker to guess. However, make sure that it’s also easy for you to remember. The best passwords are a combination of numbers, letters and symbols.

Cloud backups are convenient and have a good record when it comes to keeping your data safe. It doesn’t require the purchase of additional equipment or the use of more energy. You can also restore data from anywhere, to any computer, as long as there is an Internet connection available.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.