New Phone Scam Scares with Social Security Sham

We all get scam phone calls, but the newest one is meant to scare. When you pick up the phone, you get a message that your Social Security number is suspended due to suspicious activity, and then prompts the victim to speak with an agent to get help.

The FTC makes something very clear: your Social Security number cannot be suspended for any reason, so any call that states your SSN is under suspension is a scam. What they are really trying to do is to trick you into giving them your actual Social Security number along with information such as your birthday and bank account number. 

This scam is just a tricky variation of a scammer’s trick that often works. In this case, they are trying to scare you first, and then offer to help…but in reality, these scammers are trying to steal your information.

Remember These Social Security Facts

If you get a call about your Social Security number, you should remember the following:

  • The Social Security Administration only calls from one number: 800-772-1213.
  • A Social Security Number cannot ever be suspended.
  • The Social Security Administration won’t ever threaten an arrest.
  • You will probably NEVER get a call from the SSA.

Also, of course, remember this: NEVER give your SSN to someone who contacts you that you don’t know.

The Scam

There are a few variations of this scam. The first is that they call and say that your SSN is suspended due to suspicious activity. They then say, if you want to know more about the case, press 1. When you do, of course, you are connected to an agent who is trained to get your information.

Another variation of this scam is a bit more aggressive. In this case, it states that law enforcement has suspended your Social Security number because of suspicious activity. You are advised to call a toll-free number immediately and verify your SSN. The scam also claims that if you do not call the number, an arrest warrant will be issued, and you, of course, would be arrested. Though not everyone will get one of these calls, if you do, you should definitely pay attention. Again, the SSA would never suspend a Social Security number, nor would it threaten to arrest you. It’s also good practice to never give you SSN to anyone who asks for it over the phone. Instead, hang up and go on with your day.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Second Hand USB’s Could Have Personal Info Still Inside

An unsurprising study was recently released that found even when a portable USB drive is erased, not all of the documents and images are always removed. That, of course, is frightening.

Here’s how the research was done:

Researchers went online to sites like eBay, to second-hand shops, and even auction stores. They bought 200 used USB drives, half from the US and half from the UK. Almost 2/3 of the devices had data on them! This data was, for the most part, personal data, and it can also be used by cybercriminals to steal someone’s identity. On top of that, these USB drives can contain malware.

Removing All Data is Difficult

When someone tries to delete or remove data from a USB device, they rarely have success. In fact, of the 100 USB devices the researchers bought in the US, only 18 of them were totally wiped clean. The rest of them had data that had been deleted, but someone could certainly recover it. The UK devices were similar. What’s so surprising about this is that it is extremely easy…and free…for someone to fully delete their device. But most people just don’t put in the effort, and that could definitely hurt them in the future.

USB Devices Can Be Risky

Using these devices can be risky, not only for average people, but also for businesses. In 2017, for example, a USB device was lost, and it contained sensitive information about Heathrow Airport. The government investigated, and eventually fined the company. The information was not encrypted, nor password protected, and it was found on the street by a random passerby.

Because of these risks, some companies, like IBM, have banned the use of USB devices. Instead, employees must use the company’s cloud. Other companies still allow them, of course, but they could be going down a dangerous road. These devices are really cheap to buy, and people can save almost anything on them, but they are also very easy to lose.

There are other issues with USB devices too. First, of course, you have the data on these drives to deal with, but there is also the fact that potential malware could be on the devices. Most companies don’t have the same rules that IBM has, and most consumers don’t think of this at all. This makes people and small businesses very vulnerable. So, if you use USB drives, there is one very important step that you need to take: encrypt it.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

84% of Consumers Will Not Buy a Car from a Breached Dealership

Most automotive-dealership owners never think that they are going to be a target in a data breach. However, the reality of this is very different. All dealerships, no matter how big or small, are targets thanks to the information these businesses have. This includes insurance documents, drivers’ licenses, credit card numbers, Social Security numbers, phone numbers, email addresses, credit reports, payment receipts and much more. According to a study done by TDC, about 84% of people said they would never purchase another car from a dealership that allowed their personal information to become compromised.

According to research, identity theft associated with car leases and loans increased 43% in the last year, and it is costing business owners a collective six billion dollars.

Last June, researchers found an online database that contained information about more than 10 million vehicles. It was then noted that cyber criminals had accessed the information, which included VINs and personal information about owners. They then can use this information to make a stolen car seem legal.

On top of this, dealerships are “financial institutions” as they collect and store financial information from their customers. This means that they have a responsibility to follow established guidelines to protect that information from getting out. If this wasn’t enough, dealerships could get steep fines, loss of reputation and the potential to lose revenue and customers.

Checking Compliance

Like most businesses that work with sensitive customer information, dealerships are regulated. Owners must be aware of the regulations and laws (that are designed to protect the identities of their customers) as well as keep privacy and financial data safe. For example, the Gramm-Leach-Billey Act forces dealerships to give customers a description of their privacy practices. Another law, the Disposal Rule, requires dealerships to immediately and securely shred consumer reports when they are no longer needed. If dealers are not doing these things, they could face legal consequences.

Regulations for Third Parties

There is also the fact that dealerships often share information with third parties, such as financial organizations and insurance companies, and it cannot be assumed that these companies have the same security standards as the dealership. To avoid sensitive customer information from getting shared, it is imperative to confirm the security protocols of these third parties.

On top of this, dealerships see people coming in and out all of the time, and visual hacking is rising. So, it is very important that employees of dealerships are watching for unusual acts, such as customers taking photos in office areas. Making sure that all visitors are escorted is the best way to alleviate this.

Shred Everything, and Stay Secure

Shredding documents before throwing them out is one of the best ways to get rid of sensitive information. This type of destruction helps you to eliminate any of those “what ifs,” and it also ensures that car dealerships are securely getting rid of any unwanted devices or papers. On top of this, document disposal is generally legally required in the industry.

Keep in mind that reputation is everything—especially in an industry like the auto industry, as customers have so many options to choose from. By protecting your reputation, you are also protecting your customers’ information.

Threats to Your Automotive Dealership

There is a need for all dealers with staff to understand the electronic threats against them. However, approximately 80% of dealerships don’t have the right type of network protection because they lack the expertise and resources. This causes customer information to be in the open and open to being stolen. There are other ways that dealers can also fall victim to cybercrimes including:

·         Evil Emails – Email is a very easy way for a hacker to spread viruses on computers and networks. All it takes is one person on your network to click on and download an email attachment that has a virus on it. Once this virus is there, a hacker can do almost anything, including access credit card information of customers.

·         Fake Sites – There are also many hackers who create fake websites that look almost identical to the websites of real companies. Again, it just takes one person on your network to log into a fake site and lose money or other valuable information.

·         Wi-Fi – If people are using mobile devices or personal computers on your network during the workday, and then take it home to do more work, the data that is on those devices is not secure.

Preventing Your Dealership from Becoming a Victim

As you can see, there is no limit to how a vehicle dealership can become a victim of hacking. So, you have to become very vigilant and take on a very active role to make sure that you are protecting the information of your customers. Here are some things that you can do to prevent your dealership from falling into this trap:

·         Take a look at your security – One thing you can do is look at where you might have a lapse in security. Fundamentally, it is best that companies conduct yearly intelligence gathering to learn where data might be compromised. This can give a dealer the upper hand in creating ways to predict where breaches can happen and how to avoid them.

·         Train staff on what to look out for – It is very easy to open emails or download attachments. Security awareness training is as important as sales training. Dealerships can train anyone to never open emails from people they don’t know or to confirm that they are only putting information into authentic websites.

·         Get cyber liability insurance – Another thing that you can consider is getting cyber liability insurance. This can cover the costs associated with any potential data breach.

·         Restrict information from becoming accessed – Finally, consider restricting access to things like your dealership’s Wi-Fi network. You also might have to create a policy that limits the devices that are connected to the network. This will help to limit the instances of data theft.

These are just a few of the ways that a dealership can create a better sense of security for their digital information. Customers will feel as if their personal information is safe, and that will keep customers coming back for cars time and time again.

FTC Brings Office Depot Fines and a Strong Warning to Other Companies

The Federal Trade Commission (FTC) announced that Office Depot, along with a tech support firm, must come up with $35 million to settle a lawsuit over claims that both organizations were part of a computer repair service scam, which involved a fake malware scan.

In the FTC complaint, it was stated that Office Depot, OfficeMax, and Support.com ran a program called PC Health Check. This program is designed to search for malware on a customer’s computer. However, it actually doesn’t quite do that. Instead, it gives the customer a questionnaire, and then it uses the answers given by the respondent to flag some malware…even though malware might not have even been on the computer.

Some of the questions asked by the PC Health Check program included asking if the computer was slow, if it had a lot of pop-up ads, or if it crashed a lot. When the person clicked “yes,” to these questions, the software prompted them to buy fixes for the issues, which could cost hundreds of dollars.

Additionally, the complaint alleges that Office Depot and OfficeMax told their store employees to run PC Health Check on every computer that was brought into the store. In total, it is estimated that there were tens of millions of dollars lost in this scam.

On top of this, it is alleged that this scheme went on from 2009 until late 2016. It was only stopped when KIRO 7, a CBS-affiliate, began looking into it after viewers started reporting complaints about the program. Employees were also upset, and the FTC shared an incident from 2012 in its report. It said that an employee complained to upper management and said that they could not keep “lying to a customer” or be subject to being “tricked into lying” just so their store could “make a few extra dollars.”

If all of this wasn’t enough, the complaint also alleges that Office Depot advised its stores to never run a PC Health Check on any computer that had been repaired, because the program would still report malware, even though there was none on the machine. In other words, Office Depot knew that the program would flag malware even if there wasn’t malware on the computer.

Because of this scam, Office Depot will have to pay $25 million and Support.com must pay $10 million to settle with the FTC. The agency says that it will use the money to repay people who were victims of this scheme. Joe Simons, FTC Chairman, said in a statement that this should “send a strong message” to any other companies that might be considering this type of deception to trick people into buying services that they might not really need.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

“Troncast” Podcast with Tron Jordheim

I recently had the opportunity to join Tron Jordheim on his podcast hosted on stitcher.com. We talked about digital security and how to watch out for yourself in our digital landscape. I was able to share advice on privacy, information security and why it is so important to take control of your own security, and ultimately your life. Thanks again to Tron, stitcher.com and the sponsors of this “Troncast!”

Facebook in the Spotlight Once Again for a Massive Data Breach

It’s a new day, so you should expect news about another data breach—again, with Facebook. According to research, tons of Facebook user data was recently exposed on cloud computing servers owned by Amazon.

safr.me

According to UpGuard, a cybersecurity firm, it is believed that Facebook app developers store the data on the servers, but they did so in a way that allowed the public to download it. One of these groups stored more than 500 million records on the servers, but it’s not yet clear how many people might have been affected. Another developer stored Facebook passwords for more than 20,000 people.

According to “the powers that be” at UpGuard, it is believed that the data was gathered through some type of Facebook integration. Basically, Facebook allows its developers to integrate these websites, apps and other info with its platform, which allows people to sign into another account by using their Facebook account.

Facebook has stated that it prohibits its developers from storing Facebook information in any public database. It said that once it was alerted to the breach, it began working with Amazon. The company also says that it is committed to working with its app developers to protect its users’ data.

This is only the latest incident that shines a bright light on Facebook’s struggle to keep its users’ data safe. With more than two billion users, this is extremely important, and it is surely going to put the social media giant under increased scrutiny.

Just about a year ago, Cambridge Analytica, which is a data firm that has connections to the Trump presidential campaign, was able to access information from almost 90 million Facebook users without their consent.

Facebook has stated that the data was first collected by a professor, who was doing it for academic reasons, which is or was actually allowed according to Facebook’s policies. The information was then transferred to a number of third party companies, including Cambridge Analytica, which is in direct violation of Facebook’s policies.

Since the Cambridge Analytica scandal, Facebook has been under scrutiny for offering its users’ data to more companies than it had admitted previously. In the last year, the company also admitted that hackers had exploited some type of bug in the Facebook platform, which ultimately exposed the information of almost 50 million people.

People from all over the world have criticized the way Facebook stores data, and the U.S. Federal Trade Commission is thought to be looking into a fine against Facebook for violating a data privacy agreement. Facebook was fined £500,000 ($653,000) over the issue with Cambridge Analytica.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Exclusive Coaching Call Webinar Recording

My interview with CNN has been trending all over the internet, and that makes me so happy because we talked about a very important topic–personal security. I’m so passionate about this subject that I wanted to provide some followup commentary. Use this link to view my most recent discussion, but this is not for the faint of heart…

2013 Boston Marathon: My Best Worst Day Ever

UPDATE: April 15th, 2019. Today marks the 123rd Boston Marathon. As many of my followers know, I have ran the marathon seven times, and I look forward to it every year. My charity for the past 6 years has been The Boston’s Children Hospital, and I have raised upwards of $60,000+. This year I am proud to announce my 2019 charity – The Martin Richard Foundation, please donate here.

Training for a marathon is a taxing, physical, emotional and expensive process. For me personally, that has meant multiple cortisone shots, almost a hundred physical therapy appointments and a few arguments with my wife. Why do it? Why climb a mountain? Why be a police officer? Why be an emergency room nurse? Why detonate a bomb in a crowd of innocent people? We all make choices others wouldn’t and we justify our decisions based on our interests, options and perspective.

Shortly after the bombings, evacuating the city, carrying my 40lb child after running 26 miles. Hurt, angered, saddened and grateful to get to my family.

Shortly after the bombings, evacuating the city, carrying my 40lb child after running 26 miles. Hurt, angered, saddened and grateful to get to my family.

For me, I just wanted to lose weight, get fit and finally give back to a charity; killing two birds with one stone, so to speak. When you’re 50 with a young family and your health and marriage are good, bills are paid and life is settled, words like “health,” “gratitude” and “grace” begin to have more meaning. And when you become a runner, you join a special club of conscious people who enjoy challenging themselves and understand our time is limited .

In 2013 I was on my way to run about a 4:10 (my best time ever), but was stopped at mile 26 due to some a couple terrorists’ agenda.

During the 2013 Boston Marathon, my improved time put me on Boylston Street shortly after the blasts. There were two loud bangs, and as I rounded the corner I saw the finish line through dissipating smoke. Boston police immediately corralled runners from going any farther down Boylston because it was now a volatile area and potential crime scene. At 2:52 PM I called my wife, who was at the finish line, about 100 yards from the first bomb, and got no answer. A minute later, I got my dad on the phone; he was with my wife and the kids and he confirmed they were OK. I instructed him to leave ASAP, as another bomb could go off any moment. I told him to “walk down the center of the street and avoid any cars!”

But nothing was going to keep me away from them; I couldn’t just sit there and wait. In my mind, there were bombs going off between my family and myself. As a father, son and husband, the instinctual need to get your family to safety overpowers every sense of reason. I dodged a couple of police officers and ran down Boylston, the only runner on the field, putting myself in jeopardy and now also causing law enforcement to chase after me. At the 26-mile mark, I saw people on the ground, bloody and getting medical attention from the few paramedics that were on hand to take care of runners expected to be injured in more predictable, less violent ways. I made a decision to keep going. Which still doesn’t sit well. It felt like a 3D movie where the scene was pushing me back in my chair, but the sound was off. I know the scene was loud with sirens and screams, but I heard nothing.

Then I heard an angry cop (rightly so) blasting his voice in my ear before he wrestled me off the course. Eluding further apprehension, but onward to my family, I hopped a fence and ran down a back alley behind the restaurants, bars and shops that were evacuating people through their back doors. What I saw was people—many victims who must have made their way on their own or with the assistance of others—screaming, crying and making frantic phone calls…and there was blood. Some victims I saw lost anywhere from pints to whatever; I don’t know. I just remember freaking out and not wanting to run in it.

I ended up behind the finish line and found a way to cross Boylston. I made my way to the Weston Hotel, where I found my family, scooped up my four-year-old and hiked another half mile to my vehicle. Leaving behind two vehicles, we piled nine adults and children into my Yukon and evacuated.

Out of relative danger, our attention now turned to our two children and damage control. To gauge my seven-year-old’s feelings, I calmly asked her, “Did you have fun today?” She said, “Yes, today was awesome! Until the bombs went off!” Knowing she was shaken, the radio stayed off and adults did what they could to speak in code. Note to adults who may try this: It doesn’t fool a seven-year-old.

By this time my phone was going nuts, Facebook and Twitter were buzzing and my mother, who couldn’t get in touch with us, was in complete meltdown.

Once I got home and got the kids situated, we ordered a bunch of pizza because that’s what you do when a bomb goes off. People need to feel normal.

My mom showed up at our home shortly after we got there. She was a total mess, and after the kids saw her emotional state, they understood the gravity of the situation. Today, they are showing a tremendous amount of affection and gratitude, which seems to be a side effect of their trauma.

I posted a brief note on Facebook: “Im OK, I was on Boylston St. when it happened. I saw smoke, I saw blood and people on the ground. My family was 300 yards away, waiting for me and I got to them and evacuated from the city. More later.” And the comments and “likes” poured in.

Shortly after, I provided an update: “I was right there, bomb went off. Boston police removed everyone, I kept running toward the bombs because my family was at the finish line. Police got me off the road, I resisted then another cop almost tackled me (rightly so). I ran in the back alleys, people spilling into the alleys from the explosion, screaming, crying, blood, got my dad to get my wife and kids out of there concerned for another explosion. I’m telling it to Dr. Drew on CNN between 9:15ish and 9:30ish tonight.”

Again, comments poured onto my page like never before. People offering an outpouring of help and support. I never knew I had that many real friends.

I feel I have to explain the part about Dr. Drew and CNN.. It may seem opportunistic, but frankly, for me, it’s therapy. I do lots of media as the expert. My network is “the media.” So when I send a blast email to raise money for charity, my network knows I’m running the Boston Marathon. When I logged into Facebook and email, the requests came in from CNN, Extra and Canadian TV, along with a few radio shows too. So I spent the evening after the run as an eyewitness. And, because it’s who I am, I gave security tips too.

My cousin, who is an Iraq and Afghanistan soldier and flies one of those crazy killer helicopters, reached out to me via Facebook and said, “I think your situation was much worse than many Middle East situations I’ve been in.” Which I thought odd because he’s had his best buddy blown up right next to him. Then he said, “When I deploy I’m armed, geared up and expecting to fight. You were at a peaceful gathering around families and innocent civilians, not expecting bombs. That makes it much worse.”

We accept the possibility of death and destruction when we sign our contracts. I’m sure no one who signed up for the marathon expected this.

This completely messed me up, putting into perspective just how awful this situation is.

I only slept three hours that night, on edge, emotional and fragile. The next day, I headed to the media compound near Boylston to meet with Maria Menounos from Extra, who is a Boston girl. I connected with Maria, and within two minutes we were both crying. She started talking about how she loves Boston so much, then I started crying, then she started crying…which completely messed me up. I tell you this because she told me people should know this is real and they can’t forget. She was professional, but she was real. She put me at ease and we got through the interview.

Since then I’ve done more media on this than I wished, including the Boston Globe,  Dr. Drew, Extra, Current TV, Canadian TVagain and again, Fox Boston and some radio.

In early May after the blasts, I was asked to speak to the North Eastern Massachusetts Law Enforcement Council on the benefits of social media to law enforcement and how social can help get the word out in a tragedy. When I walked into the room to speak, everyone was in uniform. What I didn’t know was many of the men and women attending were the first responders saving lives at the finish line, and others who were involved in the capture of the bombers.

That was a very emotional speech for me. Check out the Huffington Posts blog on how the Boston Police did a stellar job using Twitter during the bombing.

At this point, my family and I are safe, like most of America. Emotions are still high for some. Even as I update this post from 6 years ago its messing me up. We were and still are angry.  This celebratory event will forever be marked by the visual of a plume of smoke that symbolized the evil intent of misguided people that do not value human life and have no regard for our freedoms. 

We caught the bastards and while there are no real answers, we may never get them. The movie Patriots Day actually did an amazing job of telling the tragic story through a composite character.

On behalf of my Boston, we are proud of our city, its first responders and its people, who showed the true measure of the human spirit through powerful acts of kindness and displays of citizen courage. We are strong as a city, undivided as a country and unbowed by this attack. No terrorist will be allowed to alter our nation’s course.

Please like my Facebook Page to stay in touch and see you at the finish line!