Are You Part of the 70 Percent Who Are Clueless About Identity Theft?

You’d think with all the media attention regarding data breaches, hackers and identity theft, that consumers would be more focused on their privacy and how to protect their information from prying eyes. Surprisingly, almost 70% of the people are clueless about how a criminal might have got a hold of their personal information.

We all have a lot going on in our lives, and this is exactly how identity thieves like us. Ever lurking, these criminals are counting on us being too busy to give any thought to who we are sharing our information to. These people are always there, and just waiting for us to make mistakes.

The startling truth is that most victims of an identity theft crime, about 68 percent, don’t know how their information was obtained, and 92 percent of victims have no idea who stole their information. A further 45 percent of identity theft victims don’t realize they are a victim until they hear from their financial institution. There are more than 16 million victims of identity theft each year.

IdentityForce created a very informative info-graphic (nice job IdentityForce!) that shows the public are essentially sitting ducks, just waiting to be picked off by identity thieves.

identity_info

What did you do to expose your information? Consider the following:

  • Got married
  • Gave too much info away on social media
  • Responded to a fraudulent text, message, or email

Additionally, major life events put you at greater risk of becoming a victim, such as having a baby or getting a new job.

When most of us consider identity theft, we usually think immediately of credit card fraud, but there is much more to it than that. Though credit card fraud is a common type of identity theft, these thieves can use the information they have obtained to do the following:

  • Open up a new bank account or credit card…and make changes to your billing address, leaving you none the wiser
  • Take out a large loan, such as a mortgage or vehicle loan, and never pay the loan off
  • File a fraudulent tax return, and taking the money that comes from it

If you find yourself to be a victim of identity theft, you could be dealing with the aftermath for years to come, and could struggle to clear your name and repair your credit score.

Fortunately, there are several ways that you can protect yourself from becoming a victim of identity theft. Some of this includes:

  • Only give out your Social Security number when it is absolutely necessary
  • Do not allow mail to sit in a mailbox
  • Don’t respond to suspicious requests for personal information
  • Only create complex passwords for online accounts

Here’s how to be part of the 30% of informed, alert, aware and cyber smart consumers: Take the “Identity Theft Risk Quiz” here: https://www.identityforce.com/resources/quiz To further protect yourself, sign up for an identity theft service, today.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protect your Privacy on your iPhone

If you have an iOS device, you may be leaking personal information about yourself—without even knowing it—because you’re not familiar with the privacy settings.

1PApps have “permissions,” meaning, they can access private information such as your social calendar stored on the phone, appointments, anything. Go to the privacy menu under “settings” to learn which apps can gain this access and deactivate it. And there’s so much more to know…

Ads

  • The Limited Ad Tracking option controls how targeted the ads are to your habits, not the amount of ads you see.
  • This feature does not apply to ads across the Internet; only the iAds that are built into apps.

Location

  • At the screen top is a Location Services entry.
  • Explore the options.
  • Shut down everything not needed beyond maps or “Find My iPhone”

Safari, Privacy

  • Check out the Allow from Current Website Only option; it will prevent outside entities from watching your online habits.
  • You can limit how much Safari tracks your habits (by activating Do Not Track requests).
  • You can also disable cookies, but you won’t prevent 100 percent of the data collection on you.
  • Want all cookies and browsing history deleted? Choose the Clear History and Website Data option.
  • In the Settings app, go to Safari, then Search Engine to change the default search engine if you feel the current one is collecting too much data on you.

Miscellaneous

  • Every app has its own privacy settings. For every app on your device, you should explore the options in every privacy menu.
  • Set up a time-based auto-lock so that your phone automatically shuts off after a given time if you’re not using it.
  • The fewer apps you have, the less overwhelmed you’ll be about setting your privacy settings. Why not go through every app to see if you really need it, and if not, get rid of it?

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to Use your Mobile as a Child Locator

How many times have you read, or at least caught a headline, of the latest high profile missing child case? How many stories have we heard about the kid who got lost on a hike? His body was found several miles from where he’d been last seen, concluding a several-day search.

5WWhat if he had had an iPhone on his person at the time he wandered off in the middle of some vast woods? Sure he could call, but then what? Android and iPhones have a “find my phone” feature that a parent can track down a lost child with—provided that this feature is enabled.

  • At android.com/devicemanager log onto the Android Device Manager page. The parent must also know the password and name for the Google account that is associated with this tracking feature.
  • You’ll see Android hardware’s location, which is stored in the phone attached to the lost child, on a map.
  • Obviously, you must have your own mobile device on you to locate.
  • This feature works for older kids too, such as your young teen daughter on her first date. She’s 20 minutes past her curfew and she’s not answering her mobile. Time to locate her.
  • You can set up a restricted profile that blocks the teen’s access to the “settings” application, or, you can use a parental control app.
  • There are locator apps also compatible with the iOS phone too.

Do you have an elderly relative who’s not all there upstairs and prone to wandering off? Most phones are compatible with affordable ($6 to $15 a month) applications that can give you the location of your family member. Family locator apps are offered by T-Mobile, AT&T, Sprint and Verizon Wireless.

Locator apps also come with other features, not just the locator aspect. Some offer 911 and emergency features. This would be great for your elderly grandmother who forgets things or gets lost easily.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Your ransomware profile: passwords, profiles and protection

If your computer password contains the name of your dog, your favorite vacation spot, and an easy-to-remember numerical sequence, then you are breaking some basic rules of password safety. Even though “BusterBermuda789” might seem impenetrable to you, this is a password security experts say is vulnerable.

ransomwareHere are five things to know about passwords:

  • A long, strong password goes a long way in helping prevent hacking.
  • Every account should have a different password.
  • A hacker’s password-cracking software can easily expose any password composed of an actual word or proper name, or keyboard sequences. (i.e. Mike123)
  • Passwords should be a jumbled mix of upper and lower case letters, numbers and characters.
  • A password manager tool will make all of this easy for you. Here is one of password manager tool that can help you get started creating stronger passwords.

Need to Know: Four data protection tips

  1. Look out for suspicious emails: Hackers send out phishing emails to trick recipients into clicking a link or attachment that downloads a virus. Or, the link may take them to a website that tricks them into typing out login information. Fraudulent e-mails that look as if they could be from your bank, employer, medical plan carrier, the IRS, UPS, etc. But these will typically ask you do things the IRS and your bank would not. It’s unlikely that your bank lost your account information, and now needs it urgently. Also ignore any email claiming you won a prize, or inherited money. Make sure not to click on any attachments in an email. Attachments are a common way that cybercriminals spread ransomware.
  2. Use 2FA when available. Always choose 2FA – two-factor authentication – option whenever it’s available. Two-factor authentication is when a login attempt to an account prompts a text known as a One-Time Password (OTP) or voice-call to your phone with a unique numerical code that you can enter in a login field. Sign up for it if your account offers it. Yes, hackers have been known to lure users into texting them that special code. Always be suspect of any requests for your OTP.
  3. Protect online profiles. Many hackers get personal information from social media and then use those data pieces to figure out user names and your answers to security questions on your various accounts. Think about it: Do you really need to post the names of all your kids and pets, your wedding anniversary date (which you then might use in a password combination) and tell everyone where you work? It might be time to consider more carefully what you make public. And always make sure your settings are kept private, not public.
  4. Web and Wi-Fi safety. Consider multiple email addresses – not just multiple passwords – to distinguish from business and social contacts. Avoid Wi-Fi at hotels, coffee shops, etc. These are prevalent and convenient, yes, but extremely vulnerable. Never conduct financial transactions on public Wi-Fi. Use a VPN to secure Wi-Fi in remote locations. Your home network should use WPA-2 and not WEP connection. Ignore pop-ups.

A new level of awareness is needed as computer users navigate their professional and personal lives, and realize they are vulnerable – and their data is at risk – every time they log on to a system. Keep simple tips like this close by in order to avoid ransomware and other cyber threats.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.

Set Privacy on these Social Media Apps

Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.

14DParents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.

Applications have safety settings. Do you know what they are? How they work?

Instagram

  • A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”

Snapchat

  • Enable the self-destruct feature to destroy communications quickly after they are sent.
  • But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
  • Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.

Whisper

  • Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
  • Go to your iPhone’s settings and change the location access to “Never.”

Kik

  • Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
  • Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
  • Don’t share usernames.

Askfm

  • This question-and-answer service attracts cyberbullies.
  • In the privacy settings, uncheck “Allow Anonymous Questions.”
  • The user should remain anonymous.

Omegle

  • This video-chatting service is a draw for pedophiles.
  • It should never be linked to a Facebook account.

Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

5 Improvised Secret Self-Defense Weapons

1SDCane

  • If you use a cane, take “cane-fu” classes if possible. Yes, it’s a thing.
  • A sturdy cane with a strong handle works best.
  • Do not assume you can fight with a cane just because you need one to walk.
  • Avoid a cane with a hidden knife or sword unless you specifically train to fight with a blade.
  • A person’s first instinct with a cane-like device for self-defense is to wield it in a horizontal path as though swinging a baseball bat. This is wrong, as it can easily be seen in progress by the person you’re trying to ward off; that person could dodge it, deflect it or grab the cane from you. This is why a cane self-defense class is crucial.

Magazine

  • Swatting someone with an unrolled magazine is worthless, even the most tightly rolled magazine won’t stop an assailant—because swatting is the wrong way to use a rolled-up magazine as a weapon.
  • The proper way to strike is with a hammer motion, your arm as the handle and the magazine as the head, so that the end of the roll is struck into the assailant; the roll, ideally, is perpendicular to the surface it strikes, concentrating as much impact as possible into a small area. But if this small area is his neck, nose, temple or groin, it will stop him long enough for you to either follow up with another blow or to escape.
  • A pre-rolled magazine, fastened tightly with several thick rubber bands, is something you should have on hand, just in case. Otherwise, pray you don’t let panic make you fumble as you’re trying to roll up a magazine when an assailant approaches.

Flashlight

  • A flashlight, being shaped like a rolled-up magazine, is used in the same way as a magazine roll.
  • But because it’s more solid, it will be more effective.

Pen

  • You’re probably already picturing a pen sticking out of the assailant’s eye.
  • A pen jabbed into the temple, nose and neck hard enough will disable the attacker; the more perpendicular the pen to the strike surface, the better.
  • A pen jammed hard enough into the collarbone will also stop the assailant.
  • Other body parts worth mentioning: ear, cheek, top of hand, groin.

Belt

  • The key is being able to quickly pull the belt off your pants.
  • And that’s it: whip at him with the buckle as the striking end. Don’t try to strangle him; that only works in the movies, then run!

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Strengthen your Entry way Security

Did you know that often, burglars gain entry by simply kicking open locked doors? You just would not believe how easy this is. This is why it’s crucial to beef up the strength of your house’s doors. And this can be done several ways.

2BDeadbolt Strike Plate

  • It’s ironic that this piece of hardware is called a strike plate, because an inferior type can be struck by the burglar’s foot and blasted apart.
  • The strike plate is that metal piece that’s on the door frame, where the deadbolt latches into.
  • A low grade strike plate serves the purpose of holding the door shut. Period. It’s no match for a burglar’s foot.
  • In addition to a sturdier strike plate, you need a full metal enclosure and longer screws. The burglar will then worry about breaking his ankle as he continues to try to budge this hardware—which is possible, if he’s persistent, has a decent kick and doesn’t tire easily.

Door and Door Jamb

  • So to stop a persistent burglar who doesn’t mind repeatedly kicking, you must reinforce the door and door jamb.
  • Sturdy door reinforcement can be found at Door Devil.

Solid Wood or Metal Doors

  • A hollow wood construction has no place in an exterior door.
  • A solid wood door would ideally be made of a hardwood variety. It’s not cheap, but it will buy you peace of mind.
  • A steel door is even more secure.
  • The ultimate door may be a hurricane-resistant steel door.

Hinges

  • Burglars have been known to remove the hinge pins and lift the door up and out of the frame.
  • A door that swings out and exposes the hinges is not secure.
  • Safety studs, crimped pins and a setscrew in the hinge will prevent a burglar from removing the hinge pin.

Still More…

  • A door that’s highlighted with a motion detecting light (out of reach from an adult) will help deter intruders.
  • A fake surveillance camera (again, out of reach) is an effective deterrent.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Phishing attacks Two-Factor Authentication

Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail.

13DHow a hacker circumvents two-factor authentication:

  • First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile.
  • Or sends a preliminary phishing e-mail tricking the recipient into revealing login credentials for an account, such as a bank account.
  • The next phase is to send out a text message appearing to be from the recipient’s bank (or PayPal, Facebook, etc.).
  • This message tells the recipient that their account is about to be locked due to “suspicious” activity detected with it.
  • The hacker requests the victim to send the company (which is really the hacker) the unique 2FA code that gets texted to the accountholder upon a login attempt. The victim is to wait for this code to be sent.
  • Remember, the hacker already has collected enough information (password, username) to make a login attempt. Entering this data then triggers a send of the 2FA code to the victim’s phone.
  • The victim then texts back the code—right into the hacker’s hands. The hacker then uses it to get into the account.
  • The victim made the cardinal mistake of sending back a 2FA code via text, when the only place the victim is supposed to enter this code is the login field of their account when wanting to access it!

So in short, the crook somehow gets your password (easy with brute force software if you have a weak password) and username or retrieved in a data dump of some hacked site. They spoof their text message to you to make it look like it came from the company of your account.

Red flags/scams/behaviors/requests  to look out for:

Pay Attention!

  • You are asked via phone/email/IM etc to send someone the 2FA code that is sent to your mobile (prompted by their login attempt).
  • If you receive the 2FA code, this means someone is trying to gain access to your account. If it’s not you, then who is it?
  • Never send any 2FA code out via text, e-mail or phone voice. Never. Consider any such request to be a scam.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Social Engineering: How to steal Brand New iPhones from Apple

Looks like there’s some worms in Apple.

3DNot too long ago, dozens and dozens of iPhones were stolen from two Apple stores. How could this happen, what with Apple’s security? Simple: The thieves wore clothes similar to Apple store employees and obviously knew the innards of the stores.

They sauntered over to the drawers that held the new phones, acting nonchalant to avoid attracting attention. In fact, a new face in Apple attire at one of the stung locations wouldn’t raise eyebrows since new employees are trained there.

What mistake did Apple make to allow these robberies? The introduction of new uniforms, perhaps? They came up with the idea of “back to blue, but all new” attire. But really, that shouldn’t be so easy.

This meant no one and only uniform, but rather, a variety of options that fit within a color and style concept. This makes it easy for someone off the street to visually blend in with store employees. There are six styles of just the top alone. You can pick up a strikingly similar top, including color, at Walmart. And unlike previous attire, which changed seasonally, this new line is meant to be permanent.

Have you yourself ever been mistaken for an employee at Walmart or Target (blue shirt, red shirt), or asked someone for assistance who replied, “I don’t work here”? See how easy it is to blend in—without even trying?

The theft at the two Apple stores are believed to be related, but the thieves are not known. It’s also not known if the thief or thieves were wearing an actual Apple top or just a look-a-like.

This ruse can easily be pulled off by anyone appearing to be in their early to mid-20s, clean-cut, wearing glasses (to look geeky), and with calm, cool and collected mannerisms—and of course, a royal blue shirt.

The solution would be for Apple to require a line of tops with a very distinct color pattern, and only two choices (short and long sleeved).

The lesson here: Not everything or everyone appears to be what they actually are. Social engineering is a confidence crime. As long as the thief has your confidence either in person, over the phone or via email, you are likely to get scammed.

Always be suspect. Always challenge what’s in front of you. Never go along to get along. And put systems, checks and balances in place to prevent being scammed. In this situation, proper, secure identification and authentication with proper checks would have prevented this.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Your Ransomware Response: Prepare for the Worst

A ransomware attack is when your computer gets locked down or your files become inaccessible, and you are informed that in order to regain use of your computer or to receive a cyber key to unlock your files, you must pay a ransom. Typically, cybercriminals request you pay them in bitcoins.

binaryThe attack begins when you’re lured, by a cybercriminal, into clicking a malicious link that downloads malware, such as CDT-Locker. Hackers are skilled at getting potential victims to click on these links, such as a phony e-mail, apparently from a company you do business with, luring you into clicking on a link or opening its attachment.

And if you find your computer is being held hostage:

  • Report it to law enforcement, although it’s unlikely they can provide help. It’s just good to have it recorded.
  • Disconnect your computer from its network to prevent the infection from spreading to other shared networks.
  • You need to remove the ransomware from your computer. Remember, removal of the ransomware won’t restore access to your files; they will still be encrypted. To remove ransomware from your computer, follow the steps provided here.
  • If you already had your data backed up offline, there’s no need to even consider paying the ransom. Still, you will want to remove the ransomware and make sure your backup solution was working.
  • But what if very important files were not backed up? Prepare to pay in bitcoins. The first step is to find out what the experts say about making payments in bitcoin.
  • The crook will be essentially impossible to trace. You’ll be required to make the payment over the Tor network (anonymous browsing).
  • Finally, don’t be shocked if the crook actually provides you the decryption key—essentially a password; ransomware thieves often follow through to maintain being taken seriously. Otherwise, nobody would ever pay them. But it would not be unprecedented to not receive the key. It’s a gamble.
  • The best course of action is to prevent a ransomware attack, and that means looking for all the clues to malware and phishing scams. Don’t let threatening e-mails, saying you owe back taxes or bank fees, jolt you into hastily clicking a suspicious link or attachment. If you regularly back up your data online and to an external drive, then you’ll never feel you must pay the ransom.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.