Location Apps make it easy for Thieves

/in /by

If you’re using the app Strava for example, your bike could get stolen, says a report on the manchestereveningnews site. Strava, like many other location apps, isn’t the badguy here.

Bicyclists in Greater Manchester are being warned that Strava’s tracking could lead thieves to their bikes and even homes. That’s because it’s already happened. One man had two bikes stolen after Strava tracked his ride and led the crooks to his garage.

It’s easy to see how this happens. The users simply post their location activities, often to and from their homes and they broadcast this data via the apps and social sites.

Why do people have this app in the first place? Cyclists and runners want to share route information and compare times, says the article. The application is a social media venue for cyclists and runners.

The aforementioned man had made his bike model and home address public on his smartphone without using privacy settings. The brazen thieves broke into his garage, perhaps overnight, and took only the bikes even though there was other loot present such as valuable tools. Hmmm, it can’t be coincidence. Bikes can cost hundreds to thousands of dollars.

Strava has security settings to set privacy zones. USE THEM. The victim recommends starting your tracked route a few hundred yards from your home to throw off any potential thieves. And end the tracking a few hundred (or even more) yards from your house as well.

A spokesperson from Strava explains that the privacy settings are easy to use. How much of the user’s information gets out there can be constrained. Many people don’t bother with the security settings of applications and just dive into these tools without a second thought.

But assume that there’s always someone else spying on the personal information that’s being made public by a naïve user.

A privacy zone means that you can set up cyber barriers around your house so that thieves will not be able to see where your start and finish locations are.

As for the man whose two bicycles were stolen out of his garage, he has since purchased a new bicycle (and the stolen ones were very pricey, by the way—something that the thieves certainly knew once they saw the publically-shared model number). But don’t wait for your property to get stolen before you realize the importance of any app’s security settings.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How long does Information stay on Credit Reports?

/in /by

If you are concerned how long any negative information will remain on your credit report, it takes seven years from the Date of the Last Activity (DLA) before the item is deleted from your records (and seven to 10 years for bankruptcies). This is a very common question posed to credit reporting agencies.

Credit reporting agencies get your information (bad or good) from lenders and collection agencies. The reporting agencies simply compile the information that comes to them.

Consumer Statements

The credit report may contain not-so-appealing information about a dispute that you were involved in that did not see a resolution. For no fee, you can file a statement with the credit reporting agency, summarizing the situation in a brief fashion. At any rate, you can make a request for the dispute information to be removed from your record, and there is no fee or required timeline for this.

Collection Accounts

These stick around for seven years out from the first past-due date for the payment.

Judgments

From the date filed, it’s seven years.

Credit Accounts

These will stay on your record up to a decade from the DLA. If you fail to pay, it will be on your record for seven years from the first past-due date. So you’re looking at seven years for records of delinquent payments.

Inquiries

When entities like businesses get a copy of your credit file, this inquiry report stays on the record for one or two years. Another type of inquiry relates to promotional offers of credit lines; they’re gone in a year. Inquiries do not affect your credit score.

Tax Liens (Paid and Unpaid)

From the date these are paid, it’s seven years. However, unpaid ones are on the record forever.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Beware of Amazon’s scary Customer Service Hack

/in , /by

Do you shop at Amazon.com? Are you aware they have a back door through which hackers can slip in?

11DLet’s look at Eric’s experience with hackers and Amazon, as he recounts at medium.com/@espringe.

He received an e-mail from Amazon and contacted them to see what it was about. Amazon informed him that he had had a text-chat and sent him the transcript—which he had never been part of.

Eric explains that the hacker gave Eric’s whois.com data to Amazon. However, the whois.com data was partially false because Eric wanted to remain private.

So Eric’s “fake” whois.com information wasn’t 100 percent in left field; some of it was true enough for the customer service hack to occur, because in exchange for the “fake” information, Amazon supplied Eric’s real address and phone number to the hacker.

The hacker got Eric’s bank to get him a new copy of his credit card. Amazon’s customer service had been duped.

Eric informed Amazon Retail to flag his account as being at “extremely high risk” of getting socially engineered. Amazon assured him that a “specialist” would be in contact (who never was).

Over the next few months, Eric assumed the problem disintegrated; he gave Amazon a new credit card and new address. Then he got another strange e-mail.

He told Amazon that someone was impersonating him, and Amazon told him to change his password. He insisted they keep his account secure. He was told the “specialist” would contact him (who never did). This time, Eric deleted his address from Amazon.

Eric became fed up because the hacker then contacted Amazon by phone and apparently got the last digits of his credit card. He decided to close his Amazon account, unable to trust the giant online retailer.

  • Frequently log into your account to check on orders. See if there are transactions you are unaware of. Look for “ship to” addresses you didn’t authorize.
  • Amazon’s customer support reps should be able to see the IP address of the user who’s connecting. They should be on alert for anything suspicious, such as whether or not the IP address is the one that the user normally connects with.
  • Users should create aliases with their e-mail services, to throw off hacking attempts. In other words, having the same email address for all your online accounts will make it easy for them to be compromised.
  • If you own domain names, check out the “whois” info associated with the account. It may be worth making it private.

Be very careful when sharing information about yourself. Do not assume that just because a company is a mega giant (like Amazon), it will keep your account protected from the bad guys.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Popular Passwords make it easy to hack You

/in /by

Your account passwords should be as unique as your fingerprint—to make them less hackable by crooks using password-guessing software that can run through millions of possible combinations in just minutes. And if you have an easy password, there may be a hit within 10 seconds.

5DThink this software can figure out your password of “password1” or “monkey”? These are among the most used passwords. Needless to say, so is “1password” and just “password.” And “login.” What are people thinking?

Every year, millions of passwords are stolen. These are made public by researchers, in order of popularity. Hackers see this list. If you don’t want to get hacked, then avoid using the following passwords (this list is very incomplete):

  • 123456 (avoid ANY numerical sequence)
  • qwerty (avoid ANY letter sequence)
  • 123456789 (long sequences are just as bad as shorter ones)
  • Football (hackers know that tons of passwords are a name of a popular sport)
  • abc123 (combining different keyboard sequences doesn’t toughen up the password)
  • 111111 (how lazy can you be?)
  • 1qaz2wsx (vertical sequences are vulnerable too)
  • master, princess, starwars (give me a break)
  • passw0rd (wow, so creative!)

Don’t even bother with names of animals, countries, cities, famous music bands or people names. Even combining these won’t help, such as EmilyParis. If any component of the password can be found in a dictionary, change it.

Using a unique, different and strong password for all of your accounts goes a very long way in protecting yourself from hackers—and that means a different password for every account/site, not just a strong and original one. A hacker’s software will take millions of years to crack a password like 8guEF$#gG2#&4H.

Now suppose you have 15 passwords like this (for 15 accounts). How do you remember them all, being that they’re a crazy jumble of all sorts of characters?

Use a Password Manager

  • Solves the problem of having to remember (and type in) many different whacky combinations of characters.
  • Creates complex, hard-to-crack passwords.
  • Stores all the passwords and allows you to use one master password.
  • Eliminates having to reset passwords.

But feel free to make some of your passwords up. So if your favorite movie is the original “Star Wars,” your different passwords might be:

  • iLVth1st*wrz!FB (FB being for Facebook)
  • iLVth1st*wrz!A2Z (A2Z being for Amazon)
  • iLVth1st*wrz!$$ ($$ being for your bank)
  • Passwords should be at least eight characters.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Bank Tellers stealing Identities

/in , , /by

Ever consider the possibility that a person gets a job as a bank teller…for the sole purpose of stealing a patron’s identity?

Do you realize how easy this would be?

  • No techy hacking skills required.
  • No gun required.

So we’ve all been instilled with fear of our bank getting data breached by Russian hacking rings, while that mousy looking teller with the sweet smile could be your greatest threat.

A nytimes.com article points out that a teller from Capital One had gained access to seven accounts and gave information to a co-thief who drew checks on these accounts.

Tellers can fake debit cards and wire unauthorized funds. They can also sell personal data to other thieves.

The nytimes.com article says that a teller was part of an ID theft ring that stole $850,000. The idea of tellers committing these thefts is very real. One teller even took photos with a cell phone of account data to cash phony checks. Another thief, who worked at a credit union, took loans out in customer’s names.

There are many ways that tellers can steal, including creating credit cards in customer’s names. Tellers may also be easily bribed by thieves to sell them customer information, as the tellers’ income isn’t that great, averaging about $25,000 a year.

The thieves, who bribe the tellers, don’t necessarily pay them with money. They may offer them luxuries that the teller can only dream of, such as flying in private jets and meeting famous athletes, says the nytimes.com report.

And if you think that banks require rigorous background checks for new teller  hires…think again. Furthermore, continues the article, savvy thief-tellers will keep their fraudulent withdrawals under $10,000, to keep below the detection radar. These sneaks can get away with this for years.

The general rule of thumb is that tellers have way too much access to customers’ data, and banks are lax at correcting this problem beyond simply reimbursing customers with their stolen money. The banks don’t want to invest the money and time in straightening out this problem, though a small number of banks have implemented tighter controls on tellers.

But what can we, the customer, do? We just have to keep our fingers crossed? The most effective way to prevent fraud is to do two things:

  1. Go over your accounts security controls with a bank advisor. Set up limits on transactions, require second signatures for large dollar amounts, and restrict money flow in any way that will cause financial harm.
  2. Set up alerts and notifications, so you, the account holder can become fully aware of every transaction of any kind.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Businesses Struggling to Keep Up with Latest Wave of Malware Attacks

/in , , /by

Companies have been struggling for years to keep cyber-attacks at bay. Cyberthieves are working faster than ever before to send out their malicious attacks, and it’s become increasingly difficult for companies to keep up.

CNN reports that almost one million malware strains are released every day. In 2014, more than 300 million new types of malicious software were created. In addition to new forms of malware, hackers continue to rely on tried and true bugs because many companies simply haven’t found a fix or haven’t updated their systems to mitigate the threats.

In almost 90% of these cases, the bugs have been around since the early 2000s, and some go back to the late 1990s. The irony here is that companies can protect themselves and create patches for these bugs, but there tends to be a lack of effort and resources when it comes to getting the job done.

Some industries are targeted more than others. After hackers get information from these companies, such as proprietary data, they attempt to sell the information on the black market.

Cyberattacks are spreading quickly, and it takes almost no time after an email is sent for a victim to fall for the scheme. When a hacker is successful at breaking into a certain type of company, such as a bank or insurance firm, they will typically use the same exact method to quickly attack another company in the same industry.

New and improved cyber attacks

While old methods of cyber-attack can still be effective, it is the new scams that users should be nervous about. Here are some examples:

  • Social media scams
    Social media scams work and cybercriminals just love them because the people being scammed do most of the work. Cybercriminals release links, videos or stories that lead to viruses, and people share them with their friends because they are cute, funny or eye-raising. These tend to spread quickly because people feel as if they are safe.
  • Likejacking
    Hackers may also use a practice known as “likejacking” to scam people on social media. In this case, they will use a fake “like” button that tricks people into installing malware. The programs then post updates on the user’s wall or newsfeed to spread the attack.
  • Software update attacks
    Hackers are also focusing on more selective attacks. For example, a hacker may hide malware inside of a software update. When a user downloads and installs the update, the virus is set free.
  • Ransomware
    These attacks, where thieves steal or lock files on a person’s computer and then demand a ransom for access, climbed more than 110% in the last year alone. Once infected, the only way to regain access to the files is to pay a fee, usually between $300 and $500, for a decryption key.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How Water Leak Sensors protect your Home

/in , /by

Ever wonder how a water leak sensor actually works?1S

  • Water comes into contact with the sensor. The sensor makes and electrical contact and send a signal.
  • The sensor transmits a signal to a central station of sorts (kind of like how if extreme heat or a needle comes in contact with your skin, your sensory nerves will send a signal to your brain).
  • Once the signal reaches the “brain” of the water leak sensor, an alarm will sound.
  • A more advanced system includes a phone call from a base monitoring center to alert you to the leak.

Where might water leaks occur?

  • Appliances like the dishwasher and washing machine are among the many sources of potential leaks.
  • Obviously, a hot water heater can leak.
  • A leak can also emanate from the plumbing of a toilet.
  • Roofs leak all the time.
  • Your neighbor in your apartment/condo may spring a leak.

Though a water leak may sound like a minor nuisance, it can actually be very costly if unchecked. A worst case scenario is an untreated leak causing mold to proliferate in the house’s walls and floors. This mold can cause serious health problems. Water leaks could ruin wood and carpet as well.

Placement of Water Sensors

  • High quality water sensors can be placed anywhere you’d like. The device may be only three inches long, depending on make and model.
  • Beneath the dishwasher
  • Floor of the basement
  • Under the bathroom sink
  • Drip pan of the washing machine
  • Drip pan of the water heater

These are just suggestions; review your house for any possible location where there could be a water leak.

Water damage is never to be underestimated. It’s the No. 1 reason for insurance claims. We’ve all heard about basements getting flooded—not from storms but from pipes that burst.

And it goes without saying that sooner or later, an appliance is going to have a puddle of water forming nearby it.

It’s smart to get water leak sensors set up in your house for yet another reason other than prevention of damage: a lower rate on your homeowner’s insurance. See if your insurance will offer you a discount if you have water leak sensors.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to secure your Apartment

/in , , /by

I love that show, “Forensic Files.” Every so often there’s the case of a person who was found murdered in their apartment due to some forced entry. Which brings me to the topic of apartment security.

1HNew Apartment

  • Don’t delay in doing a walk-through of the entire premises, including the laundry room (where a crime can occur after a creep spots a vulnerable-looking woman enter the unlocked room).
  • Take note of any portals through which a burglar could make entry. This includes trees and trellises that lead to a window.
  • Take note of where the lit and dark areas are.

Doors and Windows

  • I can’t begin to tell you how many episodes of “Forensic Files” deal with an intruder getting in through an unlocked door or window—and this includes during the day when the victim was home. Keep them locked!
  • However, we all know that intruders will use force to break through a locked door or window (though if you’re home, you’ll have time to call 911 and perhaps make an escape through the back of the apartment—a plan you should already have in place since Day 1. If you’re on the second floor, have a foldable ladder always ready to make your escape.). Sounds crazy, but it’s good for fire escape too.
  • Hopefully your landlord will permit you to replace what’s probably a cheaply built door strike-plate with a strong one with two-inch screws, as this will make it very difficult to kick open. Press your landlord to allow deadbolts on all the doors, even if you must pay for them.
  • Make sure the window locks are very difficult to get past, even if you must pay for revisions. Landlords typically won’t do things like this; if the lock merely “works,” that’s usually good enough for them. This includes sliding glass doors.
  • Put Charley bars or anti-slide devices in the tracks of sliding doors.
  • No matter how mesmerizing the night crickets or ruffling leaves are, you must never go to sleep when the windows are unlocked.

Miscellaneous

  • Make sure no valuables are visible through your windows.
  • A landlord won’t pay for a security system. Hang on every doorknob a sensor (available online and fits in your palm) that, when the door is opened, emits a loud beep.
  • Install your own home security system. They are relatively inexpensive and some can be moved to another apartment.
  • Use timed lighting devices to make it appear you’re home when you’re out.
  • Every time you leave your apartment to get mail, empty rubbish or go to the laundry room, lock your door!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Should You make the Investment in Alarm Monitoring?

/in , , /by

Imagine the effectiveness of the following sign at your front door when a would-be intruder reads it:

WARNING: This house is protected by a remote monitoring service; if you break in while the homeowner is away, he’ll be instantly alerted and the police will be automatically dispatched. And if you break in while he’s home, well heck, you’re still screwed.

2WWhat exactly is a remote monitoring service?

  • It’s always ready for an intruder, 24/7, every single day.
  • A comprehensive service will also detect smoke, water heater problems and other issues like a carbon monoxide leak.
  • You will have a “safe” word that only you (and other trusted people) know.
  • If the alarm is tripped and the monitoring service can’t get the safe word from whomever answers the phone, or there is no answer, police will be on their way.
  • An advanced system will also allow you to remotely revise settings on your customer account.
  • Another feature of a high tech system is that it allows you to set silent alarms, so that the “intruder” won’t know they tripped the sensor, but you will get an alert to your phone indicating this. This feature is great for people who suspect a family member is snooping around where they shouldn’t.

The Technology

  • Joe Thug kicks down your back door (you kept putting off getting a top-flight strike plate).
  • The alarm is triggered.
  • This alerts the monitoring center.
  • They call you.
  • But you can’t answer because you’re not there.
  • The intruder answers, intending to convince the company that it was a false alarm. Instead he’s asked for the secret word. Startled, he hangs up and flees.
  • The police are dispatched.
  • After the dispatch, your secondary phone numbers are called (family, friends, etc.).
  • This same technology has a panic button for fire, police and EMT. Once pressed, help is on the way.

So should you make this investment? How worth it is your home, family and peace of mind? Invaluable.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Scareware Scam almost snags Victim

/in /by

Cybercriminals know that the best way to get their claws on the next victim is to appeal to their emotions, not logic.

4DThere’s lots of scary things in life, and one is learning that your computer has been infected with a virus. If this happens, you’re now vulnerable to spending money on getting rid of the malware. The tactic of scaring users is called scareware.

  • A pop up tells you “Warning! Your Computer Has Been Infected with Malware!”
  • The pop-up can be triggered by visiting an infected website or by making a bad click.
  • The pop-up can’t be closed out, or if it can, another appears.
  • Additional information in the pop-up lures you into clicking a link inside it, such as buy some downloadable security software that will destroy the virus.
  • Once the alleged security software is downloaded/installed, it crashes your computer—even if you already have a legitimate security software program in place.
  • You’re screwed at this point. (Hope you had all your data backed up before this happened!)

Here’s another way the scam can unfold, from someone who wrote to me:

I was notified by a notice supposedly from Windows Security that my PC has been attacked.  They claim that all my PC ID numbers were stolen and that Russia had got about 8-12 other IDs.  They took control of my computer and said they scanned it to find this out. They claimed the only way that I could clear this problem was to have them clear it for $199.99 and security for 1year (sic) for $149.99.  They said the only way to accomplish this was by check.  They said it couldn’t be done by credit card because them (sic) numbers would be stolen too.  I refused to go along with that plan and closed them out.  

P.S. I checked my account and it is paid thru 6/2016.  How do I know if I get a notice from Windows that it is legit? 

All windows notifications come via Windows Update. That “pop-up” emanates via your notifications area on your taskbar and NOT a popup via your browser. What a mess.

Protect Yourself

  • Use security software only from a name-brand company.
  • Keep it updated.
  • See a pop-up? Close it out. Never click inside it—which you can’t do if you close it out immediately.
  • Exit the site you think triggered it.
  • Play it safe and run a scan using your legitimate security software.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.