How Smart Speakers Are Exposing Cheaters!

Did you know your home’s smart speaker can land you a divorce? And quickly.

The nation’s top security consultants, including myself, agree that smart devices now contain enough of your personal information to know if you’re participating in a secret relationship.

Americans are becoming more concerned with the lack of privacy associated with “smart” devices (i.e. speakers, bulbs, locks, TVs…etc.). Data advisers employed by the U.S. government have recently warned that certain data (such as taped conversations, location data…etc.) could be used against owners by uncovering unfaithful behavior.

The popular “Amazon Echo”, “Apple HomePod” and “Google Home” speakers can all pick up steamy dirty-talk among the culprits of an affair. Also, they can show when lovers commingle in the same bedroom via features such as “Alexa Guard.”

Safr.me

Duke Professor Dr. Machanavajjhala was recently interviewed clarifying that “Smart meters can tell you whether an individual is at home and what appliances are used. Smart light bulbs and Wi-Fi access points can reveal occupancy. Social relationships between building occupants can be inferred by analyzing sensor logs. Smart TVs and voice assistants can pick up living room chatter, some of which may be shared with third parties.”

Smart speaker adoption is beginning to become a global norm just like smart phones – making home assistants a hot industry for the biggest companies like Google, Amazon, Apple and Facebook who all produce their own versions.

But despite these devices selling rapidly, the mass public is not clear on what tech companies do with the data they collect. Companies trying to creep their way into your data is nothing new; recorded chats and locations will inevitably be used for research, stored in the cloud and used to help sell to you.

Dr. Machanavajjhala was open in admitting that he does not own a smart speaker because he is scared of them. He strongly feels speakers are a threat to his privacy.  “I am waiting for privacy protections to come in. We need to know what is being collected about us, whether or not we have anything to hide,” he said.

According to TheSun.co.uk, when they asked the major companies about losing privacy with recorded conversations, Amazon was the only company who replied stating, “At Amazon customer trust is of the utmost importance, and we take privacy seriously. By default, Echo devices are designed to only capture audio after it detects the wake word. Only after the wake word is detected does audio get streamed to the cloud, and the stream closes immediately after Alexa processes a customer request. No audio is stored or saved on the device. Customers can also review and delete voice recordings in the Alexa App or by visiting www.Amazon.co.uk/privacy.” Google, Facebook and Apple did not comment.

One of the largest mysteries still today is who are they sharing our data with once it’s in the cloud? Dr. Machanavajjhala added, “Smart devices move data to the cloud so they can be analyzed using sophisticated algorithms. Once data is on the cloud, users lose control over it. There is little transparency about who it is shared with.

One thing is for sure, you must stay up to date and informed because these companies are not slowing down.

The Alexa service is always getting smarter, whether you’re using the Echo you bought three years ago or an Echo Show you buy tomorrow. We have thousands of engineers and scientists inventing on behalf of customers, and today we’re excited to introduce even more features…” – Tom Taylor, Senior Vice President, Amazon Alexa.

There will continue to be issues that we will face as a society when it comes to smart devices. For example, Amazon Echo had problems over holidays due to users accidentally logging into the smart phones of the individuals who gave the speakers as gifts. For the past 30 years, I have been warning that in the hands of the bad guy, your information can be used to steal money from your bank account or unlock smart locks to enter your home.

To learn more, please visit my education page complete with both paid and free content designed to help you stay safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Access that Old Email Account

Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

First, Know the Protocol

Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

Do You Remember the Service or Email Address?

If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Make Your Mobile a Tough Target for Thieves

You should definitely pay attention to your mobile phone security. Most of us don’t, which makes it easy for hackers and ID thieves to target us. Here are some tips to protect yourself from becoming a target for thieves.

 

Use a Passcode

One of the easiest ways to ensure that you are not a target for thieves is to use a passcode. All mobile phones have a built-in passcode option, and if you have an iPhone you can even set a passcode if it has been stolen by using the Find My iPhone feature.

Use Face ID or Touch ID

To make your iPhone even safer, you can use Face ID if you have the iPhone X or Touch ID on other iPhone versions. This is much stronger than using a passcode.

Set up Find My iPhone

If your iPhone gets stolen or you lose it, you can use the Find My iPhone app. This is a free app that is built into the iCloud. It uses GPS to show where your iPhone is at any time, as long as GPS is enabled. For Androids set up Find My Device to accomplish similar tasks.

Look at Your Privacy Settings

You should also take a look at your privacy settings. Your data is extremely important and there are threats all of the time. Fortunately, you can set your privacy settings to make it tough for people to get into it. Depending on your phone OS, seek out built in privacy, location, encryption and VPN settings.

Should You Get Antivirus Software for Your iPhone?

You might think that you can make your phone safer by adding antivirus software. Yes, it’s very important to have anti-virus software for your computer, but you don’t need it on your iPhone, but definitely do need it for your Android. Do a search on Google Play, there are plenty.

Stop Jailbreaking (iPhone) or “Rooting” (Android) Your Device

Another way to keep your phone safe is to stop jailbreaking. A lot of people like jailbreaking because it gives more freedom to customize your phone how you want. You can also download apps that Apple has not approved of. However, jailbreaking your phone can cause it to become more open to hackers, too, which could really be devastating.

Encrypt All Backups

When you sync your iPhone to your computer, it holds data for your as a backup. This way, if you ever need it, you can get it easily. However, this also means that this data could be open to hackers if your computer ever gets hacked. So, it’s always best to make sure that you encrypt all backups. You can do this in iTunes with only a few additional steps.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Monitor a Cell Phone

Do you fancy yourself a spy and wondering how you can monitor someone else’s cell phone? You won’t get that information here, but there is some good info on cell phone monitoring if you keep reading:

The Legalities of Tracking Cell Phones

Generally, it is not legal to monitor a cell phone that does not belong to you. However, generally speaking, and THIS IS NOT LEGAL ADVICE, if the account is under your name or if you have written permission from the person who owns the phone, you can track it.

Why Monitor a Cell Phone?

There are some situations where it is perfectly legal, and even useful, to monitor a cell phone. One good reason is to monitor your family. This is especially the case if you have a tween or teenager who has some freedom.

Another reason you might consider monitoring a cell phone is if you have an elderly family member, like a parent, who uses a cell phone. If your loved one has dementia, you certainly should track their phone.

Businesses also often track company issued cell phones. The main reasons to do this is to locate a device if it is ever lost or stolen and to monitor employee communications.

The Main Ways to Track a Cell Phone

There are three different ways that people track cell phones:

  • Through the Cell Phone Carrier – Most major cell phone carriers offer a feature that allows a person to track a cell phone that is on their account. There is a fee for this service, it is totally legal, and it’s a great way to track family members.
  • Through a Smartphone or Computer– If you have a smart phone that runs iOS or Android, you can use features like Find My iPhone, or you can use apps like Find My Friends. Just keep in mind that the phones must have GPS enabled for these to work.
  • Though a Third-Party App – To trace a phone through an app, you usually have to have access to the phone you want to track AND own it and/or written permission from the phone’s owner. Typically, both devices must have the app loaded for these apps to work. Some of these apps are free for limited features. Others come with a one-time or monthly payment for the service.
  • Through an Infected email or Text Link – This is pretty much illegal and might get you stint in the klink. Pulling this off requires special malware or spyware which can be obtained on the dark web for a price. That will mean you’d got from being legal to the seedy world of Blackhats. And as they say, once you go black, you never go back. You would then officially be a criminal.

In most cases, it is not legal to trace or track a cell phone unless you have permission from the owner. However, each state has their own laws, so it’s very important that you understand the laws in the state you live. This way, you can avoid any repercussions.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Top Cyber Security Threats to Real Estate Companies

Gone are the days when hackers would only target retailers. These days, the bad guys an target businesses in any industry, especially those that aren’t quite up on cyber security.

The real estate industry is one such group, and according to a recent survey, about half of businesses in the real estate industry are not prepared to handle a cyberattack. Federal law requires some industries, like hospitals and banks, to have some type of security in place for things like that, but the real estate industry is quite vulnerable. Here are some of the security threats you should look out for if you’re in the real estate industry:

Business Email Compromise (BEC)

A BEC, or business email compromise, is a type of cyberattack that tricks a business into wiring money to a criminal’s bank account. The hackers do this by spoofing email addresses and sending fake messages that seem like they are from a trusted business professional, such as the CEO or a company attorney. The FBI has found that multi-billions in business losses can be attributed to BEC.

That’s scary enough, but the FBI also says that real estate companies are specially targeted in these attacks and every participant in the real estate transaction is a possible victim.

Mortgage Closing Wire Scam
Prior to closing on the sale of a home, the buyer receives an email from their real estate agent, title attorney or other trusted service professional with specific details of the time, date and location of the closing. In this same email, there are detailed and urgent instructions on how to wire money for the down payment but to a criminal’s bank account. Within moments of the wire transfer, the money is withdrawn, and the cash disappears.

A report by the FBI's Internet Crime Complaint Center totals the number of victims of the mortgage closing wire scam ballooned to 10,000 victims, an 1,110 percent increase in the years 2015 to 2017 with financial losses totaling over $56 million, which is a 2,200 percent increase.

Ransomware

Another threat to real estate companies is ransomware. This is the type of malware that makes the data on your device or network unavailable until you pay a ransom. This is very profitable for hackers, of course, and it is becoming more and more popular. All it takes is one member of your team clicking on a link in an email, and all of your data could be locked.

Ransomware doesn’t just target computers though. It can target any device that is connected to the internet including smart locks, smart thermostats and even smart lights, which are gaining a lot of popularity in American homes. When digital devices get infected with ransomware, they will fail to work.

Generic Malware

Though most people hear about ransomware these days, there are other types of malware out there that hackers use, too. For instance, you have probably heard of Trojans a.k.a. Spyware or Malware, which is very much still around. These can be used by cybercriminals to spy on their victims and get a person’s banking information or even wipe out their accounts. Malware can also be used to steal personal information and even employee information, such as client data, credit card numbers and Social Security numbers. Again, real estate companies are not exempt from this type of attack and are now even bigger targets.

Cloud Computing Providers

If you are part of the real estate industry, your business is also at risk of becoming a victim thanks to cloud computing, which is more economical these days. A cyber thief doesn’t have to hack into a company to get its data; all they need to do instead is target the company’s cloud provider.

It might seem that by using a cloud company you are lowering the risk of your business becoming a target, but the truth is, the risk still lies with your company, how secure your own devices are and how effective passwords are managed. In most contracts with cloud computing companies, the customer, which would be your business, is not well-protected in the case of a cyberattack.

Protecting Your Real Estate Company from Becoming a Victim of a Cyberattack

Now that you know your real estate company is a potential target of cybercriminals, you might be wondering what you can do to mitigate this risk. Here are some tips:

  • Create New Policies – One of the things you can do is to develop new policies
    in your agency. For example, in the case of BEC scams, if you have a policy that
    you never wire money to someone based only on information given via email,
    you won’t have to worry about becoming victimized in this type of scam. Instead,
    you should talk to the person sending the email in person or via a phone call just
    to confirm. Make sure, however, that you don’t call a number from the suspicious
    email, as this could put you right in touch with the scammer.
  • Train Your Staff – Another thing that you should consider is better staff training.
    Most hacking attempts come via email, so by training your staff not to blindly
    open attachments or click on any links in emails, you could certainly save your
    staff from these scams. Check out our S.A.F.E. Secure Agent for Everyone
    Certification Designation course, which is a marketing differentiator that offers
    ideas and methods to promote proactive strategies to ensure incident-free
    results. Learn how to develop client-centered procedures customized for safety
    and security.
  • Train Your Clients – Mortgage closing wire fraud scams can be manageable if
    not preventable. Inform your clients that in the process of buying or selling a
    home, there will be many emails to and from your real estate agent and other
    service professionals including your attorney, mortgage broker, insurance
    companies and home inspector. Tell them: Call Your Agent: Under no
    circumstances and at no time in this process should the client or service
    professional engage in a money wire transfer unless the client specifically speaks
    to the real estate agent in person or over the phone to confirm the legitimacy of
    the money wire transaction. Email Disclosure: Clients should always look for
    language in the real estate agent’s email communications stating the above or a
    similar facsimile.
  • Back Up Your Systems – It is also very important that you always back up
    everything. This way, if your system does get hacked, you won’t have to pay a
    ransom, and you will be able to quickly restore everything that you need.
  • Better Your Cloud Computing Contracts – Since you know that cloud
    providers don’t really like to take on the responsibility in the case of a
    cyberattack, you might want to start negotiating with the company in question
    about what you can do about that. This might include getting better security or
    adding some type of notification requirements.
  • Consider Cyber-Liability Insurance – You also have the ability to get cyber-
    liability insurance. This could really help you to cut the risk to your real estate
    business. There are all types of policies out there so make sure to do your
    research, or better yet, speak to a pro about what you might need.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.