Consumers Have Given Up on Security

/in , , , /by

According to a recent study, online security for most people is too bothersome. The US National Institute of Standards and Technology published the study, which shows that most people who use the internet have just given up and don’t follow the advice given to them about online security.

The result of this is that consumers are engaging in risky online behavior, and according to one survey participant, if “something happens, it is going to happen” and “it is not the end of the world.”

This is concerning to many, including security experts and survey authors. During this survey, approximately 40 people were interviewed in order to understand how those without a technical background feel about computer security. Though this isn’t a total significant sample size, it is a surprising look at how people feel about the information that experts are giving them. Each interview ran from 45 minutes to an hour, and the goal of the researchers was to find out where the average person stands on online security.

The authors of the report were surprised by the resignation of the interviewees during the survey. Essentially, they saw that people just can’t keep up with security changes. The survey participants, overall, believe that online security is too complex, and these people don’t see the benefits of making any efforts.

Some of the people who took the survey seemed to be under the impression that they didn’t have any information that a hacker would want. For example, one person claimed that they don’t work in a government agency and they don’t send sensitive information over email, so if a hacker wants to take their blueberry muffin recipe, they can go ahead and take it.

What’s interesting is what the study’s authors found when comparing those who had experienced identity theft with those who hadn’t. Those who have had an incident with the theft of their identity were much more focused on their online security.

To help the survey participants better understand their risks and to change their minds about internet security, study authors advise that those involved in technology and security must work diligently to help the people using the internet understand the dangers of lax security. They also must work to make it easy for internet users to do the best they can when keeping their accounts safe. It’s important for people who use the internet to make it a habit to remain more secure.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Your Hacked Mobile Phone Number is Like Your Social Security Number

/in , , /by

If you have a cell phone, and you use it in any way associated with accessing online accounts (and many do), you are putting yourself at risk of getting hacked. With only a phone number and a bit of information, which is easy to get through social engineering, a hacker can break into your personal and financial accounts.

5WThis works by getting information about you, such as your birthday, address, or even the last four digits of your Social Security number…information that is readily available…and then creating a plausible story to gain access to your phone account, phone and various online accounts. Once they have access to your accounts, they can change the phone number, get a new sim card and then change account passwords, and you will be unable to access the affected accounts. Below, you will find some tips to help you protect your phone number:

Use a Passcode

If you have the option to put an additional passcode on your phone account, do it. Though this isn’t foolproof, it will certainly help to give you some added protection.

Disable Online Access to Cell Phone Accounts

I’m not doing this, but some should. This might be frustrating, but it will further protect you. If you need to make a change, you can call or go into the store.

Consider Using Google Voice

Google Voice is a safer option for many, and you can even forward your existing number to Google Voice. This helps to mask the calls you make, which means no one would have access to your real number.

Use a Carrier-Specific Email to Access Your Mobile Phone Account

If you are like most people, your email address and phone number help you to access most of your internet-based accounts. Ideally, instead, you should have a minimum of three email addresses: your primary address, one for your mobile phone carrier only, and one for sensitive accounts, such as your bank and social media. This way, if your primary email is compromised, a hacker cannot access your sensitive accounts.

Ask Your Carrier for Account Changes

Finally, you can ask your carrier to only allow account changes in person with a photo ID. Though there is still a chance that a hacker could pose as you with a fake ID, the chances are much lower.

There are also some steps that you can take to protect all of your online accounts:

Create Complex Passwords

One way to protect your online account is to create complex passwords. It’s best to use a password manager that creates random, long passwords. If you don’t use a password manager, create your own password of random numbers, cases, and special characters. These might include “4F@ze3&htP” or “19hpR$3@&.” Try to make up a rule to help you remember them.

Don’t Tell the Truth

Another thing that you can do is to stop being truthful when answering security questions. For instance, if a security question asks what your mother’s maiden name is, make it up. Something like this is too easy to guess…just make sure you remember it!

Don’t Connect Your Phone Number to Sensitive Accounts

You also should make sure that you are not connecting your phone number to any sensitive accounts. Instead, create a Google Voice number and use this for your sensitive accounts.

Use Passcode Generators

Passwords are easily stolen via key loggers, which is software that records keystrokes. You can protect yourself from this by using a one-time passcode generator. This is part of the two factor or multi factor authentication process. These generators are wireless keyfobs that produce a new passcode with heavy frequency, and the only way to know the passcode is to have access to the device that created the passcode.

Use Physical Security Keys

You also might want to consider using physical security keys. To use these, people must enter their passwords into the computer, and then they must enter a physical device into the USB port, proving that they are the account owner. This means, in order to access an account, a hacker must not only know the password, they must have the physical device.

Consider Biometrics

Finally, if you really want to protect your internet accounts, you should use biometrics. You can purchase biometric scanners, such as those that read your iris, fingerprint, or even recognize your voice. When using these, you will be unable to access your accounts unless you provide this biological information. There are a number of devices on the market that do this.

Though these steps might seem a bit time-consuming, they can be the difference between keeping your private and financial information safe and getting hacked.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Desperate Teens Turning to Prostitution and Drug Dealing to Survive

/in /by

Teenagers across the country are falling into drug dealing, theft, and prostitution in order to eat. This, according to a recent study, which found that poverty has been increasing throughout the U.S.

10DResearchers at the Urban Institute in Washington, D.C. have taken a close look at the current Census data, and this group estimates that more than 6.8 million Americans between the ages of 10 and 17 struggle to eat, including almost three million who currently have “very low food security.”

During this study, 20 different focus groups of teens were studied in 10 separate communities across the country. In eight out of the 10 communities, the study participants claimed that pre-teens and teens often participated in theft and drug dealing to make ends meet. In all 10 communities, teens claimed that they participated in prostitution. Additionally, in a couple of communities, teens intentionally committed petty crimes and went to jail in order to get a meal.

The stigma that surrounds hunger and poverty often stops many teens from reaching out for help. It’s true that some rely on friends, family, neighbors, or teachers, but too many face criminal acts to survive.

In the communities with the highest rates of poverty, these teens are often desperate and not only steal food for themselves, but also for their family. Teens in all of the studied communities, and in 13 out of the 20 focus groups, mentioned that several teens are “selling their body” or having “sex for money.” Mostly girls, the teens who are doing this are feeling pressed to the extreme to get the basic resources for their basic needs.

Many instances of having sex for money came in the form of girls regularly seeing a man, generally one who was much older, in exchange for food and other items. This, in turn, has opened these teens up to forms of sexual exploitation, with both men and boys harassing girls in the neighborhood. This includes everything from catcalls to stalking. Other girls gave sexual favors for cash or even stripped to make money to get food, and these acts took place in locations including flea markets and abandoned homes.

Looking at a case in Chicago, an 11-year-old girl dropped out of school to make money for her family in the sex industry. A group of boys in LA confirmed that the same thing happens there, and even claim that girls in middle school are sharing flyers in public to advertise their offerings.

Having food insecurity has had a significant effect on these teens, as they are at an extremely important stage in their physical and mental development. For those who do not have enough to eat, it undermines their emotional and physical growth, academic achievement, job performance, and stamina. This gets even worse when you look at the quality of the food that is available to them.

All of these actions including sex work, shoplifting, and drug dealing, severely affect the future of these teens. They risk dropping out of school, arrest, bodily harm, incarceration, and criminal records that might inhibit their future opportunities for employment.

There are a few solutions that could address this crisis, including offering more food from federal programs and more job opportunities for these teens. Counseling and informing the teens could also have a positive impact.

In the long run, making an investment in ending poverty is the only solution. This means that expanding housing assistance, creating more jobs, improving the access to existing jobs, and offering more cash assistance is necessary. To do this, however, will require some daring steps to make a big difference.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Fake News is Becoming Too Real

/in /by

Fake news is a problem that is taking the internet by storm, and it ran rampant during the 2016 Presidential Election. In fact, many believe that fake news stories had a strong impact on the outcome of the election. In a survey following the election by the Pew Research Center, a whopping 64 percent of polled Americans said that fake news has given them a “great deal of confusion” about current events.

12DAll of us have been fooled by fake news, and it doesn’t seem to be going anywhere, anytime soon. But, there are some lessons that we can learn from it: Here are five of those lessons:

Fear and the Unknown are Perfect for Fake News

One of the lessons that we can learn from fake news is that any event that causes fear or the unknown is the perfect breeding ground for fake stories. We live in a world where competition for attention is rampant, and headlines are written to make you click. Remember, anyone can write up a fake news story and make it look legitimate, and in many cases, these stories are based on fact. For instance, you might recall the stories of creepy clowns walking through neighborhoods earlier this year, which was actually real news. However, you might also recall that these clowns were going on murdering sprees. This is fake…it never happened, but because these stories appear on legitimate looking sites, people believe it.

Some Stories Fool Us All…

Another lesson to learn about fake news is that some stories are so good or so believable, that they fool us all. You might remember a meme that was shared stating that Donald Trump said that Republicans are the “dumbest group of voters in the country.” Due to the fact that Donald Trump doesn’t exactly keep his views silent and has made a habit of insulting people, most people took this for truth. It wasn’t. He never said it, but many believed it.

Most Fake Stories are Obviously Fake When You Actually Read Them

Most of us are tricked by fake news stories because we never actually read past the headlines. Writers of these stories make sure that these headlines are eye-catching and believable, in addition to viral. When we read a headline of a fake story, we often get the wrong impression of what the story is about. This is on purpose. If you actually click these stories and read them, you will often find that they have a lot of incorrect facts and are poorly written.

No One is Immune From Fake News

You will also find that no one is immune from fake news, and sometimes this news crosses over into the real world. Take the Pokemon Go phenomenon of this summer. There was a fake new story of a man who was stabbed while playing Pokemon Go in a bad neighborhood. However, a few days later, a man really WAS stabbed while playing the game.

There were also fake news stories that Hilary Clinton was given debate questions in advance. It was untrue. However, a few weeks later this actually happened.

Politics is a Huge Factor in Fake News

There is no question that politics are emotional, and this is not just the case in the U.S. It is also similar in Europe. Thus, the emotions of politics helps to make fake news extremely believable.

Many people simply do not trust the mainstream media, so they seek out other news sources. However, these news sources are extremely biased, highly believable, and generally fake.

You have probably noticed that many of these news stories over the past several months have focused on accusing the two Presidential candidates of crimes. There were also many stories about violence between supporters of the opposing parties. The vast majority of these stories were fake, and if you believed them, sorry to say, you were duped.

In our current climate of fear, anger, and hate, the facts are being clouded by emotions, and this is why we are so ready to believe the stories that fall in line with our beliefs. Facebook is not a trustworthy news site. Do your own research, go to trusted sites written by those who are fully researched. You will quickly see that fake stories become transparent once you have the facts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Top 3 Social Engineering Scams

/in , , , , /by

Think about hackers breaking into accounts. If you think they need top-notch computer skills, you would be wrong. These days, instead of requiring skills behind a keyboard, hackers generally rely on strategy…specifically a strategy called social engineering. This means that hackers don’t have to be technical, but they DO have to be clever and crafty because they are essentially taking advantage of people and “tricking” them into giving information.

There are four main ways that hackers use social engineering:

  • Phishing – where hackers use email tricks to get account information
  • Vishing – similar to phishing, but through voice over the phone
  • Impersonation – the act of getting information in person
  • Smishing – getting account info through text messages

Phishing accounts for 77 percent of all social engineering incidents, according to Social Engineer, but in vishing attacks, alone, businesses lose, on average, $43,000 per account.

Here are the top scams that all consumers and businesses should know about as we move into 2017:

Scam Using the IRS

Starting from the holiday season stretching through the end of tax season, there are scams involving the IRS. One such scam uses caller ID to change the true number of the caller and replaces it with a number from Washington, D.C., making it look like the number is from the IRS. Usually, the hacker already knows a lot about the victim, as they got information illegally, so it really sounds legit.

In this scam, the hacker tells the victim that they owe a couple of thousands of dollars to the IRS. If the victim falls for it, the hacker explains that due to the tardiness, it must be paid via a money transfer, which is non-traceable and nonrefundable.

BEC or Business Email Compromise Scam

In the business email compromise, or BEC scam, a hacker’s goal is to get into a business email account and get access to any financial data that is stored within. This might be login information, back statements, or verifications of payments or wire transfers.

Sometimes a hacker will access the email by using an email file that contains malware. If an employee opens the file, the malware will infect the computer and the hacker has an open door to come right in.

Another way that hackers use the BEC scan is to access the email of a CEO. In this case, they will impersonate the CEO and tell the financial powers that be that he or she requires a wire transfer to a bank account. This account, of course, belongs to the hacker not the business. When most people get an email from their boss asking them to do something, they do it.

Ransomware

Finally, hackers are also commonly using ransomware to hack their victims. In this case, the hackers are working towards convincing targets to install dangerous software onto their computer. Then, the computer locks out the data and the victim cannot access it…until he or she pays a ransom.

At this point, they are informed that they can get access back when they pay a ransom. This might range from a couple of hundred to several thousands. Usually, the hackers demand payment by bank transfer, credit card, bitcoin, PayPal, or money transfer services. Victims are usually encouraged to go to a certain website or call a certain number Unfortunately, too often, once the victim pays the ransom, the hacker never opens up the system. So now, the hacker has access to the victim’s computer and their credit card or financial information.

The way social engineering works in this scam is varied:

One way is this…imagine you are browsing the internet, and then you get a popup warning that looks quite official, such as from the FBI. It might say something like “Our programs have found child pornography on your computer. You are immediately being reported to the FBI unless you pay a fine.” When you click the popup to pay, the program actually downloads a program called spyware to your computer that will allow the hacker to access your system.

Another way that social engineering works with ransomware is through voice. In this case, you might get a phone call from someone saying they are from Microsoft and the representative tells you that they have scanned your computer and have found files that are malicious. Fortunately, they can remotely access the machine and fix the problem, but you have to install a program to allow this. When you install it, you give them access to everything, including personal and financial information, and they can do what they want with it.

Finally, you might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.