Set up Family’s Controls on Home Computers

/in , , , /by

The computers in your household should have controls on them for security—even if you don’t have children living with you.

3HChrome OS

  • On the Chrome browser in the upper right are three horizontal lines; click this symbol.
  • Click “Add supervised user.”
  • Enter the name and password for the new account.
  • This allows the other family member to access their account using the Chrome OS. Just set the controls for that person via the www.google.com/settings/chrome/manage.
  • You will be able to see the sites that the family member visits, and needless to say, you can block the ones you don’t want that individual accessing. The caveat is that it does not permit bulk blocking; so if you want to block five sites, you must set the block up one at a time for each site.
  • The plus side is that this system allows a user access to your Chromebook.

Windows 10

  • Go to account.microsoft.com/family and sign in.
  • Enter the e-mail address of other family members.
  • Or, set up a new one for them.
  • Click the “invite” link.
  • The family member(s) will appear on the family list. You now can set controls.
  • Controls can apply to apps, games, visiting particular websites and even the time of computer use.
  • This feature includes additional controls like seeing the online activity of the other family member(s).

OS X

  • Click Users & Groups in System Preferences.
  • See the lock icon? With your password, unlock it.
  • Click the “plus” symbol located under the user list.
  • You’ll see Managed with Parental Controls. Take it from there to have the new account added to the Mac’s master list.

There are lots of options for customizing the kind of control you want. Take your time reviewing all of the things you can set controls on.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect Yourself from Online Dating Scams

/in , , , /by

$200 million: The amount people were ripped off by online dating scams in a year.

1FDUI: dating while under the influence…of the quest for love…is costly to countless people.

A nytimes.com article notes that this quest impairs judgment, making it easy for con artists to bilk lonely people. Or are some people just plain stupid? But many victims are highly educated.

It all begins with a phony profile that grabs the victim’s attention. The nytimes.com report points out that the scamster uses attractive photos stolen off of other sites.

INTERRUPTION: If he/she is too gorgeous to be true, right-click the image to see where else it appears online! Is “Emilene McKenna” whom she says she is?

These scammers come from anywhere on the globe.

  • They prey upon loneliness, greed and desire.
  • Overseas scam rings
  • Solitary scammers working at home late at night
  • Women, not just men
  • They almost always profess to be in a glamorous or exciting line of work, though occasionally, they’ll pose as a more common person (perhaps to appear less suspicious).
  • People of all ages and walks of life, plus sexual orientations, are targeted.
  • The common denominator is a request for money.
  • Reasons for money requests run the gamut but usually focus on medical bills, legal fees or fees relating to a planned trip to meet the victim (which never occurs).

The nytimes.com article quotes victim specialist Debbie Deem that these con artists are skilled at mirroring the victim’s needs and creating “a sense of intimacy very quickly.” The victim soon becomes convinced that this is their soulmate—and thinks nothing of sending them the requested money.

However, the scammer may reveal their true colors after luring the victim into posing for raunchy photos or videos: The crook threatens to expose these unless the victim sends them money.

Other Facts

  • Being offered a spouse is a growing ruse.
  • Some victims have lost over $400,000.
  • Significant contact from the scammer lauding the victim.

How to Protect Yourself

  • If you haven’t already figured that out after reading this article…I’m very worried.
  • In addition to right-clicking the photo, copy and paste the profile’s narrative into a search engine and see if it shows up anywhere else like on an unrelated person’s blog or another dating profile under a different name.
  • NEVER SEND MONEY! Think: They’ve gotten this far in life without your financial help; they’ll survive without it.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Prevent Child Identity Theft

/in , /by

Here’s one for the know-it-alls: Kids are 35 percent more likely to become victims of identity theft than are adults. Betcha didn’t know that! This startling news comes from a 2015 Javelin Strategy & Release study.

2DNeedless to say, the bulk of parents aren’t on top of this problem, unaware that thieves go after children’s SSNs like two-year-olds grabbing at candy. Thieves know that kids (and their parents) don’t monitor their credit reports. Thieves know that they can get away with their crime all throughout the victim’s childhood until they start applying for college, credit cards, etc., at age 18 or so. That’s a long time to get away with a crime.

Let’s talk about how to prevent child identity theft.

ID Theft Protection

  • Sign on with an ID theft protection company; many such companies protect the entire family including kids.
  • Get an ID theft protection service. This is not the same as antivirus software. For example, ID theft protection services will monitor your credit report. It will also alert you when an account is opened in your name.

Credit Freeze

  • Put a freeze on your kids’ credit reports; 19 states allow this for the three main credit reporting agencies. Equifax allows a freeze no matter what state you live in.
  • A frozen credit will prevent a crook from opening lines of credit in your child’s name.

Who needs your child’s Social Security number?

  • Put your children’s sensitive documents (birth certificate, SSN card, etc.) in a lockable safe and/or keep it hidden.
  • THINK, before you hand out your child’s SSN. Just because it’s requested doesn’t mean you must blindly give it up. Ask yourself: Why on earth do they need my child’s Social Security number? The gruff coach of your child’s new soccer team may be requesting the number. The child beauty pageant director may be asking for it. Don’t be intimidated.
  • Come on, really. WHY would a sports team, karate tournament entry form or any other child-centered activity need this information?
  • Minimize putting your child’s name and address “out there.” Even if you decide to get a magazine subscription for your tween, put your name on the subscription.
  • Meet with your child’s principal to keep your child’s information from getting out. Schools often share personal information of students with third parties.
  • It’s not cute that your five-year-old can rattle off her Social Security number. Kids don’t need to know this number. They need to know your phone number, how to dial 9-1-1 and their home address. But not their SSN. Geez, if they know their SSN, you just never know when they might leak it out to the wrong ears. When kids are in high school, they may need it, but still, be very cautious about when you decide it’s time to give them this information.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Products to keep Kids safe online

/in /by

Some people believe that monitoring your kids’ online activities crosses the line of privacy or trust. But monitoring and controlling online activities is, essentially, no different than controlling access to the cookie jar or TV or even locking a liquor cabinet.

Which brings me to a way that parents can always know exactly what their kids are doing in cyberspace. And control when, too. This is possible due to a type of software known as “parental control” that monitors the goings-on of any connected device in the home network, in concert with a mobile app.

Parental control software is very important to most parents, and they’re always looking for the latest technology. The Pew Research Center’s recent report says that 95% and 93% of U.S. parents have spoken to their teenager about sharing-safety and appropriate online behavior, respectively.

Gadgets like this include Circle and KoalaSafe (easy setup, $99 each). With these, you can even set certain activities to be off limits when you apply filters. When you see your teen daughter’s activity going to a “pro-ana” site, you can bar her from getting on.

Circle

  • Scans all traffic on your home’s network.
  • Traffic data is not stored on Circle’s servers.

KoalaSafe

  • Provides a Wi-Fi just for kids and tracks only that.
  • Uses cloud servers for monitoring.

From your mobile you can watch what your kids are up to in cyberspace, but these gadgets can’t monitor or control 100% their activities (such as Snapchat)—but will do enough for you to know that the cookie jar, figuratively speaking, is bolted shut with a good lock.

Even if your child is a goody two shoes, they may still accidentally get on a site you’d never want to show your grandmother. Circle and KoalaSafe will help control this scenario. This software can also track how much time kids spend with certain activities such as being on Facebook, and you can set time limits.

But remember, parental control software, no matter how good it is, should be seen as an adjunct to one-on-one communication with your kids, not the replacement of it. Parental software isn’t just for “bad” kids, but serves as an extra tool for parents that keeps up with today’s technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Identity Theft on the rise affecting over 13 Million

/in , , /by

13.1 million people were stricken by identity theft last year in America, reports a study by Javelin Strategy & Research which reveals:

  • Many people who don’t trust their banks are unwittingly doing things that make crime easier for crooks. This includes not using the bank’s protection services such as e-mail alerts.
  • Oddly, there are more victims than ever, but the total amount stolen is less. But that hardly matters when you consider that in the past six years, $112 billion have been stolen.
  • 18 percent of U.S. identity fraud involving cards was carried out beyond the U.S.
  • New-account fraud is being driven by EMV.

Javelin Strategy & Research’s Recommendations

  • Every account should have a different password. Every password should be long and strong, not containing keyboard sequences or actual words or proper nouns (sorry, this means no Metallica1), and including a mix of characters.
  • Consider using a password manager.
  • Smartphone protection is a must. This means being vigilant about updates and using all security features offered by the device like passcodes or fingerprint access.
  • Sign up for account alerts. Alerts come in different flavors. For instance, you’ll be alerted for purchases exceeding a specified limit or occurring outside your state. See if your bank or credit card issuer provides alerts for international transactions.
  • Put a freeze on your credit. This will prevent anyone but you from opening an account in your name, and it’s cheap to do. But if you unexpectedly find you must open a new line of credit, the freeze can be lifted.
  • If you suspect any suspicious activity, jump on it immediately. Any delay in notifying the credit card company or bank can make it harder for them to resolve the problem.

In addition, inspect your credit card statements every month. Do not dismiss tiny charges that you’re not familiar with just because they’re tiny. Sometimes, crooks will “test the waters” and make miniscule charges to see if they can get away with it. Their intention is to then escalate and ultimately max out the card.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Ransomware as a Service: A new threat to businesses everywhere

/in /by

Cyber criminals have been attempting to extort money from individuals and companies for many years, and the latest attempt to take advantage of others is by using Ransomware as a Service, or RaaS.

4DA ransomware virus infects a computer when a user clicks a link and unknowingly download a malicious file. The ransomware virus then encrypts the computer’s files and promises to render them useless unless the victim pays a ransom. The cost varies greatly and groups sending these out can bring in hundreds of millions of dollars in profits.

RaaS makes it even easier for criminals to deploy ransomware viruses. All they have to choose a ransomware virus, set a ransom amount and deadline, and then trick their victims into downloading it onto their computer.

What to do if systems become infected with ransomware

If you have been attacked with ransomware, consider the following:

  • Tell the hacker you will pay, but that you need time to get the cash.
  • Gather all correspondence from the hacker.
  • Tell the webhosting provider, maybe call the cops, but expect little. If there is a major loss, reach out to the FBI, just know they might not see it as serious.
  • Delete all infected files and download clean versions from your backup system. Remember: If you have a quality backup system in place, you won’t need to pay the ransom.

Handling computer viruses

Ransomware isn’t the only type of virus to be on the lookout for. Symptoms of other types of virus infections include programs opening up on their own and a slow computer. Some viruses may send messages from your email account without you knowing about it. Here are some more ways to protect yourself from ransomware and other computer viruses:

  • Use both firewall and anti-virus software
  • Do not open attachments, links or programs from an email, including those from people you know, until you check for viruses.
  • Do not use public Wi-Fi connections unless on a virtual private network or using encryption software.
  • Keep security software current, use administrative rights and use a firewall.
  • Use the most recent version of your operating system and browser.
  • Back up all data.
  • Train employees on security measures for all devices.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Most Locks are stupid easy to pick

/in , /by

I hate to say this, but…any dummy can learn to pick a lock. This means that the locks on your house’s doors are probably very “pickable” unless you have a top-flight lock system—which few homes actually have.

1BAn article on lifehacker.com describes how easy it was for the writer to pick a lock from a lockpick set. He discovered that this type of lock isn’t much different than door locks. He also makes a point about the term “pick resistant.” This doesn’t mean “pick preventable.”

Don’t count on your average door locks to be pick resistant. They are pick easy. Grade 1 locks are the most pick resistant, while Grade 3 are easy.

The article also notes that a fancy looking lock might entice a thief to try to pick it, as he’ll assume a fancy lock means lots of valuables inside. A Grade 1 deadbolt doesn’t have to look snazzy, though.

The author also writes that there are other ways than picking to get past a lock.

  • Bump keys. You can get these at a hardware store or online. Their ridges can line up with a lock’s pins and open it. These are truly master keys to most house doors.
  • Lock snapping. Apply pressure to the lock and snap it in half. However, few locks these days are made this weak.
  • Credit cards. Sticking a credit card in between the door and frame really does work—but not for deadbolts.

Many burglars use non-picking methods. The bottom line is that average locks are just plain weak. But not all intruders care to buff up their lock picking skills. Impulsive intruders, such as teen boys, just want to get in without being savvy about it, so they’ll often kick open a door, smash through a window or ring the doorbell till someone answers and force their way in. Heck, they may even do what so often they do: waltz through an unlocked door.

The FBI says that most burglars get in via forced entry. But it greatly helps to have great door locks. Intruders don’t want to get noticed. They don’t want to set off every dog within a hundred yards barking. They usually really care about being as sneaky as possible. But if they lack lock picking skills, they’ll likely give up on a well-protected house.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to prevent IRS scams

/in , /by

Once a thief knows your Social Security number…you’re at very high risk for having your identity stolen.

Computer crime concept

Computer crime concept

A report on bankrate.com says that the IRS is warning of a cyber attack on its electronic filing PIN application. Thieves infiltrated it with malware in an attempt to claim other people’s refunds as their own. Over 450,000 SSNs were involved, and over 100,000 of them enabled the hackers to access an E-file PIN.

Endless scams are directed towards SSNs, like the classic phishing attack. A phishing attack basically goes as follows:

  • An e-mail arrives with an alluring or threatening subject line, which may actually be a warning to protect your SSN.
  • The e-mail looks legitimate, complete with logos and privacy information at the bottom.
  • The hacker’s goal is to get you to fill out a form that includes typing in your SSN.
  • The FTC warns of a “Get Protected” subject line for the latest scam. This scam e-mail mentions the “S.A.F.E. Act 2015” that protects against fraudulent use of SSNs.
  • Like many phishing e-mails, the “Get Protected” one contains fake information.
  • These e-mails include a link that, when clicked, will release a virus, or take you to a website that will download a virus or lure you into revealing sensitive information.

Three Ways to Get Scammed

Most people make important decisions based on emotion. Cyber thieves know this, and they prey on fear, greed and generosity.

  • People aren’t thinking straight when emotions are ruling. Logic gets swept under the rug. There’s pressure to act quickly, such as helping the scammer (who pretends to be a grandchild of the victim) who was in an accident: wire money asap. Natural disaster scams prey on the desire to give. The emotion of greed is manipulated in “You’ve Won!” and inheritance scams.
  • Of course, before the fraudster plays with emotions like a cat playing with a mouse, he first gains your trust, pretending to like the same things you do, whatever it takes so that you don’t question him.
  • Scammers are adept at appearing credible, such as tricking your caller ID into showing “IRS” or the name of your bank in the ID field. They may have a snazzy website up, a “badge number,” noise in the background to simulate a call center, even a fake accent.
  • Remember, scammers are pros. It’s going to seem legitimate.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to freeze your Child’s Credit

/in , , /by

Identity thieves are after children’s Social Security numbers. With this number, a thief can do so many things like open a credit card account and rent an apartment. Kids’ SSNs have great appeal to crooks because:

  • A child’s record is usually very clean.
  • This means fertile opportunities for new credit lines.
  • Kids usually don’t check their credit reports and thus the fraud can go undetected for years.

3DParents should consider putting a freeze on their kids’ credit. Simply getting the credit monitored will not prevent thieves from opening accounts using the child’s SSN. A freeze does literally that: blocks a fraudster from doing anything.

Experian

  • Will not create a file for a child unless required by state law, unless they are victimized.
  • However, will give a free copy of an existing file of a child to the parent and will freeze it upon request.
  • There may be a very small fee unless the parent provides proof that the minor’s identity was stolen.

Equifax

  • Their freeze is free and doesn’t answer to any state requirements.
  • The child need not already be a victim of ID theft to get the freeze.

Trans Union

  • Their site allows parents to check for a credit file of their kids.
  • Freezes are permitted only in states that allow this. Fees may apply.

 

Innovis (another credit reporting agency)

  • Parents can place a freeze no matter what their state says.

Not all the states provide protection for minors’ credit. Find out what your state’s requirements are, as some, for instance, provide only a flag on the Social Security number. Other states have protection going up only to age 16.

Signs that someone is using your child’s SSN:

  • You receive an IRS notice claiming your child didn’t pay income taxes.
  • You get an IRS notice informing you that another tax return used your child’s SSN.
  • You receive collection notices for things you didn’t purchase.

Rejection of government benefits because the benefits are going to another account with your child’s SSN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to protect your network from malicious insiders

/in , /by

You may be putting your company at risk simply by hiring a new employee. Why? Because that person could have a hidden, malicious agenda.

11DThis is known as an inside threat, and it means that someone within your organization is planning or conducting activities meant to harm the company.

There is a pattern that most insider threats use: The first step is to gain access to the company’s system. Once they have access to the network, they will investigate it and seek out any vulnerable areas. The malicious insider then sets up a workstation to control the scheme and spread the destruction.

What type of destruction can you expect? The hacker could introduce malware or they could steal or delete critical information, all of which can be damaging to your business. Fortunately, there are ways to protect business from these types of hacks.

Most companies protect their IT systems with firewalls, anti-virus programs, data backup software and even spyware-scanning technology. The problem is that these technologies only work when hackers are trying to get information from the outside.

One way to protect against insider threats is to ensure that employees can only access the data necessary to do their jobs. You should look at the flow of data throughout the organization to determine how information is shared and where it becomes vulnerable to theft or other security breaches. Then work with each department to implement the proper security controls.

The process of preventing data loss begins with discovering the data, classifying it, and then deciding how much risk your company may face if the data gets out. Some of the tools and procedures you may want to consider for protection include:

  • System-wide encryption
  • Password management
  • Device recognition
  • Access controls
  • Data disposal

It’s important to create security policies and procedures that are easy for employees to understand. The more transparent these policies are, the more effective your departments will be when communicating what they want and need.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.