First American Financial Exposes 885 Million Mortgage Documents

Approximately 885 million digital documents have been exposed from mortgage deals that date back to 2003. First American Financial Corp is a provider of title insurance, as well as other services for the mortgage and real estate industries, and it allowed millions of records to be exposed according to one report.

The exposure is likely to put a variety of bank account statements and account numbers at risk, as well as Social Security numbers, tax records, wire transaction receipts, mortgage records, and driver’s license images. All of this information could be read through a web browser without getting authentication from anyone.

First American Financial Corp first learned of its designed defect on May 24 when one of the production applications made it possible for people to gain unauthorized access of its customer data. This information was provided to USA TODAY by the company in a written statement. It also said that privacy, security, and confidentiality are the top priorities for the company, and it is committed to protecting the information of its customers.

The statement also added that First American Financial Corp took action immediately to address the full situation and shut down the external access option for the application. It is currently evaluating the effects of the situation and if any issues were relating to customer information security. It also mentions that it hired an outsourced and unbiased forensic firm to ensure that there has been no unauthorized and meaningful access to its customer data.

Brian Krebs wrote the report and claims that he was contacted by Ben Shoval, a Washington state real estate professional, who said that he’d had no luck getting any response from the company about what he found out, which was that portions of its website had leaked hundreds of millions of customer records.

The initial report by Krebs claimed that Shoval learned that anyone that knew the URL for any valid document on the website could also view other documents by just modifying one or two digits in the link. Krebs then chose to confirm the findings of the real estate developer. He used to be a reporter for the Washington Post and was the first to report about another high-profile data breach because he determined that millions and millions of Facebook users had account passwords that were stored in plain-text format, which could be searched by over 20,000 Facebook employees.

Regardless of past reports, Kreb claims that this exposure issue is one of the worst he has seen because there are just so many individuals involved. Anyone who has ever gotten a document link by First American Financial Corp via email is likely to be a victim in this breach.

The chief data scientist from Rapid7 Labs, Bob Rudis, claims that this exposure is severe for First American, but it also highlights the need for a more comprehensive approach to securing the network and systems, especially for areas that house highly sensitive information.

He also says that anti-malware products, firewalls, and other security controls aren’t enough to reduce that unwanted exposure. Organizations need to think like a cyber-attacker to help them identify any areas of weakness before cybercriminals do it themselves.

The Director of Solution Engineering at CipherCloud, Tyler Owen, says that there has been a gross negligence by First American Financial Corp. He believes that everyone in the info security industry has become numb to these breaches and disclosures because they happen more and more frequently (about once a week). Regardless of the negative impacts and bad press for the company, organizations just aren’t putting enough emphasis on secure processes and data security.

The victims here are primarily the people who have had their data exposed because they have little to no recourse available to them.

The problem is that there is no information about who accessed the files over time, and no one has any concrete information about the misuse of the data because of the temporal exposure. It’s almost impossible to determine who leaked the information, who had access to it, who accessed it, and what they did with that ill-gotten information. If it were to, say, end up being sold on the dark web market, it might generate a lead, but nothing has surfaced so far.

If you believe you were part of the data breach, you should monitor your credit report and look for signs that someone has used your credit card without your permission. You can also freeze your credit report so that no new credit applications can be opened. Your financial organization is likely to have tools available to help you; utilize those tools to ensure that there is no activity on your accounts without your knowledge. It’s also helpful to listen for whatever information First American provides about the matter. That way, you’re well aware of something going amiss and can talk to the right people to seek restitution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon.com author, CEO of Safr.Me, and the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Two Common Government Employee Impersonation Scams: What to Watch For

One of the biggest threats that taxpayers are facing these days is an aggressive scam where criminals call victims and pretend to be IRS agents. The goal? To steal money.

All year but especially during tax filing season, the IRS will see a big surge in the number of scam calls, which tell victims that they will be arrested, deported, or have their driver’s license revoked if they don’t pay a fake tax bill.

How the Scams Work

These scammers make calls to people and claim to be from the IRS. They inform the victim that they have an unpaid tax bill, that must be paid immediately, either through a prepaid debit card or wire transfer. To make this sound even more legitimate, the scammers might also send a phishing email or make robo-calls to the victims.

To get the victims to pay, and to pay quickly, they make threats, as mentioned above. On top of this, they also can alter the number they are calling from through caller ID spoofing services to make it look like the IRS is actually calling. The scammers also will use badge number and IRS titles to make themselves sound more official.

The IRS is onto these scams, of course, and it has released information to remind taxpayers to be aware of them. For instance, a report from the Treasury Inspector General for Tax Administration, TIGTA, states that there are more than 12,000 people who have paid more than $63 million due to these phone scams over the past few years.

Recognizing an IRS Scam

There are certain things that the IRS will never do, so if you see any of these things, or you are asked to them, you can be sure that it’s a scam.

The IRS will NEVER:

  • Threaten to bring in local police for not paying your tax bill
  • Ask you to pay via a gift card or wire transfer
  • Demand that taxes are paid without question or the opportunity to appeal
  • Ask for debit or credit card numbers over the phone
  • Call about an unexpected refund
  • Call to collect money without first sending a tax bill

If you get a call from the “IRS” asking for any of this, hang up.

There are Social Security Administration Scams Out There, Too

The IRS is not the only government agency plagued by scams. People are also getting scammed by people claiming to be from the Social Security Administration, or SSA. The goal here is to try to get your Social Security number.

Basically, someone will call you and claim to be from the SSA in an attempt to collect your personal information, including your Social Security number. If you get a call like this, you should definitely not engage with the caller, nor should you give them any money or personal information.

One of the ways that scammers are so good at getting this information is that they try to trick their victims by saying their Social Security number has been suspended due to suspicious activity, or that it has been connected to a crime. They will ask the victim to confirm their SSN in order to reactivate it.

Sometimes, they might even go further with this and tell the victim that their bank account is about to be seized, but they can keep the money safe…by putting it on a gift card, and then sending the code to the scammer.

You might wonder why people fall for this, but it really is easy for these scammers to change their phone number to show the same number as the SSA on caller ID. But this is a fake number…it’s not really the Social Security Administration.

There is also the fact that the scammers will say that someone has used your personal Social Security number to apply for a credit card, and because of this, you could lose your Social Security benefits. They also might say that your bank account is close to being seized, and you must withdraw your money or wire it to a “safe account,” which is, of course, the account of the scammer.

Here’s some of the details about these scams that you need to know:

  • Your Social Security number won’t be suspended. You never have to verify your number to the SSA, either and the agency can’t just seize your bank account.
  • The SSA will never call you about taking your benefits or tell you that you must wire money to them. If you are asked for money from the SSA, it is a scam.
  • The SSA’s number is 1-800-772-1213, but scammers are using this to appear on caller ID. So, it looks legitimate. So, if you get a call from this number, hang up and call it back. This way, you can be sure you are talking about the SSA and get the information you need…or find out that someone was trying to scam you.

Do not give your Social Security number to anyone over the phone or via email…also, don’t give your credit card number or bank account number to anyone over the phone or via email.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Mass Shootings: Driven by Evil or a Desire for Celebrity Status?

If all a gunman, who opened fire and randomly killed nine people, wanted was 15 minutes of fame, he could have achieved this running naked into the field at a major league baseball game.

At least one criminologist believes that the driving force behind mass shootings is a desire for celebrity status. According to Adam Lankford, a criminologist at the University of Alabama, they want to be famous.

But this theory has holes. You don’t have to kill people to be famous, and since when are murderers treated like celebrities? Since when does celebrity treatment include prison food?

If it all came down to wanting to be famous, then why do these mass murderers always have troubled pasts, particularly a history of being victimized by bullying?

However, many criminologists do believe that most shooters are seeking infamy – even though, certainly, anyone who’s planning a shooting spree knows there’s a good chance they’ll get killed in the process – in which case, they won’t be alive to revel in their infamy.

In an attempt to prevent future mass shootings, the media has decided not to mention the killers’ names more than once, such as with the 2012 movie theatre slaughter in Colorado and the 2017 Las Vegas concert massacre.

This tactic has proved futile, given the shootings that occurred the first week of August 2019 in El Paso, Texas and Dayton, Ohio, plus many additional (smaller) shootings since 2012 and even 2017.

Nevertheless, supposedly the Sandy Hook Elementary School shooter kept a journal detailing decades of mass shooting events.

If a man has suffered a corrupt childhood and is seething with hatred towards people, feels no hope for his future and knows how to get an AK-47, or AR-15, do you really think that he cares whether or not his name is mentioned after a killing spree?

Sure, he’d like to gain a lot of notoriety – as long as he’s going to commit the deed. But notoriety isn’t the reason he wants to kill people.

Are killers born or made via childhood environment?

These killers may have come from “privileged backgrounds,” but a big house, a swimming pool in its backyard and tennis lessons can still be part of a childhood environment that’s conducive to creating a soulless, evil person who hates humans so much that he one day decides to shoot into a crowd.

We can argue till the cows come home whether or not years of bullying led to the Columbine massacre, or if while growing up El Paso murderer Patrick Crusius frequently heard his father rant that Mexicans didn’t deserve to live.

But at the end of the day, it really makes no sense that wanting to hear your name on CNN would make a well-adjusted man go on a homicidal rampage.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Woman Murdered after Man Tricks Her with Lost Puppy Ruse

This entire post is brutal and for some, hard to read. But if there is a woman or girl in your life that might benefit from being freaked out, read it, forward and share it.

We’ve all heard about the man approaching a child, showing her a picture of his “lost” puppy, asking the child to help him look for “Truman” or “Roxie.” The child goes off with the predator – never again seen alive.

You’d think that no ADULT could ever fall for this scheme. But at least one woman, 36, did. Now maybe Kimra Riley, mother of a toddler, had never heard of the lost puppy ruse.

But according to ID Channel’s “Swamp Murders: A Dark Place to Die,” there were several blaring red flags that Rodney O’Neal Hocker was a predator.

  • Take note of these red flags.
  • Teach them to your kids.
  • Teach them to YOURSELF!

In March 1996, Kimra’s decomposed body was discovered near the shore of the Tennessee River after being reported missing two months prior. Tied to the body were bricks. An autopsy revealed that she had been alive when forced into the water; she had drowned.

Lost Puppy Trick

The docudrama depicts Kimra telling her boyfriend she was headed to the Bama Club to meet a female friend. There, she ran into Rodney, who recognized her as his server at a diner several days prior.

After small-talk, he asked if she wanted to see his puppy which was in his truck outside.

  • RED FLAG: What adult asks a stranger in a building to come outside to see his puppy?
  • When in doubt: Ask yourself if it’s easy to imagine the man asking another man if he’d like to see this puppy!
  • What to do: Tell the stranger to bring the puppy inside “so everyone can see it.”

Kimra went to the parking lot with Rodney. Rodney, 27, said the puppy had escaped the back of his pickup truck. He asked if she’d like to get in his vehicle to help look for the alleged yellow lab.

  • RED FLAG: The man immediately wants to drive around to search for the puppy. If a puppy jumps out of a parked vehicle, the first place to look is the parking lot, on foot! A puppy won’t get far!
  • What to do: Run back inside the building. Never mind hurting the stranger’s feelings.

Once Kimra was in the truck, her fate was sealed. He stopped the vehicle, came onto her; she resisted. The investigation determined he had rammed her head into the windshield, incapacitating her. Sexual assault was suspected because her body had on only a shirt, but was too decomposed for a rape kit.

If You Love Puppies…

  • Don’t ever go off with ANYONE to see an unseen
  • Tell the suspicious individual that you get enough puppy fixes with your neighbors’ dogs.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Another Rideshare Rape is an Epidemic

Women should never take a ride from a stranger because it’s dangerous – unless she’s paying the driver???

Wrong, of course. Uber and Lyft drivers provide paid rides to strangers as requested via the Uber and Lyft apps.

As of August 2018 WhosDrivingyou.org tallied the number at almost 400 rapes and probably stopped recording the sexual assaults because it has become so common. A quick Google search for “rideshare rape” pulls almost 7K results.

YeT another rideshare rape allegedly happened this week when an intoxicated woman was overcome by her driver. And before you blame the victim, JUST SHUT UP.

Almost the Perfect Crime

  • The predator has no problem getting a woman into his vehicle.
  • There’s an easy explanation for her DNA in the vehicle: the ride service.
  • She might be intoxicated, which is a common reason for hiring a rideshare service, and intoxication means vulnerability and lack of credibility.

Has the rideshare industry created a monster?

What makes rape even easier to get away with is if the passenger passes out from intoxication.

But by no means does this mean a predator should feel confident he could get away with his crime, such as Uber driver John David Sanchez, who got 80 years for ride-related sex crimes.

A CNN investigation revealed that at least 31 Uber drivers have been convicted of crimes such as rape as well as forcible touching.

On the other hand, CNN reported the case of an Uber driver who was accused by his fare of sexual assault. He claimed it was consensual; the charges were dropped.

CNN also reported that many of the women who were sexually assaulted by the over 100 accused drivers had been drinking or were drunk at the time of the alleged crimes.

A similar investigation of Lyft by CNN also revealed numerous sexual assault accusations.

What can a woman do?

  • Use Uber, Lyft (or a taxi service) only as a last resort, i.e., you can’t find someone you know to transport you.
  • Make sure you’re not impaired by any substances. This is a two-edged sword because an impaired person should not drive, either. If you’re convinced ahead of time you’ll be impaired, then arrange for a trusted friend to drive you home. If you can’t find someone, then reconsider your plan on getting wasted; is it worth it?
  • Arrange to use rideshare services with a companion.
  • Hire only female drivers.
  • Under no circumstances let a driver into your home.
  • Make sure your phone has a one-touch emergency alert button that will activate first responders who can home in on your location.

Don’t assume that just because someone works for Uber or Lyft that they’re safe. Though these companies do background checks, you have to consider that some predators have a clean record because they haven’t been caught (yet).

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

6 More Places to Put Your Identity on Lock Down

If you have been thinking about a credit freeze, you probably should know that the process is designed so that a creditor cannot see your credit report unless you specifically allow it. This process blocks any potential creditors from viewing or pulling your file, which makes it much more difficult for an identity thief to apply for new credit using your name or information. For links to freeze your credit at the 3 major bureaus go to How to Freeze My Credit.  However, there have been reports of people complaining of having accounts opened in their name while having credit freezes. So, if you already have a credit freeze at Experian, Trans Union, and Equifax, you also might want to consider freezing at the following companies, too:

Innovis Credit Freeze

Innovis is the 4th credit bureau you need to freeze with. The process is similar to the big three and its free. Go here to freeze your Innovis Credit Freeze.

National Consumer Telecommunications and Utilities Exchange or NCTUE

One place you should contact to freeze your credit through is the National Consumer Telecommunications and Utilities Exchange, or NCTUE. Many mobile phone companies, for instance, get credit inquiries done through this organization, so hackers can still open mobile phone accounts in your name, even if your credit is locked down elsewhere via the 3 major bureaus.

In general, only mobile phone companies use NCTUE, but there are other companies, like water, power, and cable companies that also use it. You can contact NCTUE to freeze your credit by calling them and giving them your Social Security number. You will also have to verify a few other details, but the system is automated, so it’s very easy. If the system can verify your identity, your credit report through this organization will be frozen. You can also get your NCTUE credit report and risk score by calling their 800-number 1-866-349-5355 or try to do it online here NCTUE Freeze but some say this links form doesn’t work well.

ChexSystems

You should also place a security alert with ChexSystems. This is a system that is used by banks to verify the worthiness of customers who are requesting new savings and checking accounts. When you request a freeze through this organization, it is only applied to your ChexSystems consumer report. If you want to freeze your credit at other companies, you must do it directly through them. For ChexSystems, you can do it here: ChexSystems Security Freeze.

Opt-Out Prescreen

You can additionally opt out of any pre-approved credit offers by calling 1-888-5-OPT-OUT or you can go online and visit the website Optoutprescreen.com.

myE-Verify Self-Lock via the Department of Homeland Security

The fourth organization you should freeze your credit with is called Self Lockvia the Department of Homeland Security. This freeze helps to protect you from any employment-related fraud. When you lock your Social Security number through this tool, it will stop anyone from using your Social Security number to get a job, which is another scam. If a Social Security number that has been locked is entered into the system, it will result in a mismatch, which will flag the number as fake. It’s easy to lock and unlock your identity through Self Lock, and each time you do it, it remains locked for a year. Once that year is over, you can choose to renew the lock, too. You can learn more online at the Self-Lock Freeze.

Social Security Administration

Finally, if you want to prevent any type of Social Security fraud, you should set up an account at the Social Security Administration. There are a number of Social Security scams designed to siphon your benefits or sensitive information. Your telephone may ring followed by and automated message saying your Social Security number has been “suspended” because of some suspicious activity or be threatened with arrest if you don’t call the telephone number provided in the automated message. Simply by setting up the account you can prevent someone else from setting it up as you and posting as you. Also you can check in with then SSA should you received any calls, emails or mail to determine the communications legitimacy. You can do it online,Social Security Administration Set-up.

Here’s your Freeze to-do checklist.

  1. NCTUE Freeze
  2. ChexSystems Security Freeze.
  3. com.
  4. Self-Lock Freeze.
  5. Social Security Administration Set-up
  6. How to Freeze My Credit.
  7. Innovis Credit Freeze.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Teen Tragic Love: Lesson for Parents?

This story is kinda dark. Recently the ID Channel ran an episode called “Forbidden: Dying for Love — Together Forever, Forever Together.”

The 19-year-old was Tony Holt. Let’s call his 15-year-old girlfriend Kristen.

Kristen, 14, Falls Hard for Tony, 18

She met him when he was working at a grocery store. But he also happened to be a senior at her new high school. Prior to meeting him, Kristen knew her mother wouldn’t allow dating till she was 16.

Kristen’s mother eventually learned of the secret relationship and forbad it. The girl and Tony kept seeing each other on the sly. Mama learned of this and again, forbad it. Kristen then pretended the relationship was over and even talked of how she now hated Tony. Her mother was thrilled.

Meanwhile the teens kept sneaking around.

Forbidden love can be funner! Anyway, Mama found out again, stormed into the grocery store and angrily announced to Tony that if he ever went near her daughter again, she’d have him arrested for statutory rape. Which, is in fact statutory rape in many states.

The threat had him really scared about going to prison. He appeared at Mama’s house soon after and apologized for upsetting her and said that he and Kristen were going to cool it and just be friends.

But they continued seeing each other, and Mama discovered photos in Kristen’s bedroom of the two making out. More furious than ever, she forbad any contact. (Kristen’s father was out of the picture.)

Not long after, she got a call at work to come to the house. The police were there. Tony and Kristen were both dead from a gunshot wound to their heads.

A suicide note left by Kristen explained that the only way they could be together was to die and go to heaven where they could live happily ever after. Kristen had also left a suicide message on the answering machine, apologizing for the suicide pact. I’ll bet you didn’t see that one coming. Neither did I.

Questions to Wonder About

  • Why didn’t the teens decide to just avoid sex for three years, after which they could then marry and have up to 70 years of glory together? Abstinence is hardly an extreme move when you pit it against a murder-suicide.
  • What if Kristen’s mother permitted the relationship and even had Tony over every week for dinner? But what if, at the same time, she expressed her disapproval over their sexual relations?
  • What if she had said, “If you get pregnant, you’ll be grounded – by your baby. I won’t report statutory rape, but I also won’t help you out with the baby, either.”

That last warning may sound harsh, but it’s a crapshoot type of warning: It just might work.

Lessons Learned

  • You can’t stop two love-struck teens from seeing each other, so you may as well be civil to the unapproved young man.
  • While it’s important to stand your ground as a parent, there also comes a time when a sweet spot needs to be figured out. After all, not only might there be a suicide pact, but there are quite a few documentaries in which the forbidden young man murdered his girlfriend’s disapproving parents.
  • It’s never too early to teach your children the virtues of delayed gratification.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Should Life Insurance Policies Be Banned?

It’s fair to wonder how many people would still be alive today if there were never any such thing as a life insurance policy. Personally I can’t imagine NOT having a life insurance policy if you have children 17 and under. But the below info might ring true for some of you.

An insurance policy may be the only thing it takes to kick a murder plan into high gear. A woman who isn’t generally capable of murder just because she saw him with another woman might be to get her hands on that $300,000 payout.

Which brings us back to the initial question: How many people would still be with us had they not named their killer as the beneficiary of a life insurance policy?

Who in their right mind keeps an angry, disgruntled family member as the beneficiary anyways?

You’d be stunned to know the answer: Enough to supply the Investigation Discovery channel with one crime documentary after another in which a person was murdered for their life insurance policy.

  • In many cases the killer is a woman – either directly, or she “hires” someone to do the job.
  • Of course, many times the victim is a woman.
  • A third scenario is when a non-family member has been scammed by the killer to name the killer as the sole beneficiary.
  • A fourth scenario is when the killer takes out the policy of the victim without the victim knowing!

This article is about the first two types.

What’s absolutely mind-blowing is why the policyholder keeps these beneficiaries on the payout plan, when any one of the following has occurred:

  • The beneficiary and the policyholder have separated or divorced – and have a very ugly relationship in which the beneficiary has displayed fits of rage.
  • The policyholder is afraid of the beneficiary, though there’s been no violence directed towards him or her.
  • The policyholder has been assaulted by the beneficiary.
  • There are no children (which then begs the question more than ever of why the policyholder would want that ex-spouse or soon-to-be ex-spouse still as a beneficiary).

In short, why on earth would you want someone – whom you’re either afraid of or now hate to the bone – to be your beneficiary?

Even if you have young children with the beneficiary…it still makes zero sense if you believe there’s even a remote chance that your ex is capable of killing you for that money.

Your raging ex or deeply troubled son do NOT need $800,000 if you die in a car accident or from disease. So why do you have the policy and why are they on it?

Bottom Line

  • Nobody whom you fear or who now hates you should be your beneficiary.
  • Remove them at once and inform them promptly.
  • It could save your life.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Apps for Stalkers Disguised as Parental Control Tools

Sell something called “SuperParent” or even the actual FlexiSpy — and all is swell. Frankly, I’m not opposed to monitoring a child’s phone, kids shouldn’t have phones anyways.

But sell something called “iStalk” or “StalkU,” well … this won’t quite go over well with the authorities or the general community.

It’s all in a name (pardon the cliché).

Apps that track users contain Spyware. A wannabe stalker can secretly install such an app on their intended victim’s phone via any of the following:

  • Manual access to the phone
  • Link to a Twitter share
  • Share for LinkedIn or Whatsapp
  • Text a link posing as security update

Sending a “malicious” link works when its clicked. However the stalker will usually need to have access to the victim’s phone to install the tracking software. With the way people leave their phones lying around, this is fairly easy to do – to users who don’t have a password set up for their device or share their password with their “stalker”.

What can some “stalking apps” track?

  • Call logs
  • Contents of text and chat messages
  • Location of phone (and hence, victim if the phone is with them)
  • Listening in to ambient sounds picked up by the phones microphone
  • Listening in to phone calls
  • Access to voicemail

According to a 2014 study by the National Network to End Domestic Violence, 54% of domestic abusers use tracking software, for which its icon can be visibly concealed from the victim.

Though availability of tracking apps has become more limited over time, due to the revelations of how these have been abused, they are still available, such as mSpy, which can be easily downloaded to Android devices.

Downloading stalkware to iPhones is more challenging, but far from impossible. In fact, one technique doesn’t even require physical access to the target’s phone. And even then…this can be breached by a techy stalker.

How do app makers cover their butts?

They include language with their apps, such as citing that consent of the target is required before installation, or that the app company will cooperate with law enforcement should a complaint be reported.

Stalkware isn’t going away anytime soon. Thus, the emphasis needs to be on prevention.

How to Prevent Remote Stalking

  • Heavens, please don’t let your new boyfriend/girlfriend talk you out of having a password with some kind of nonsense like, “If you trusted me you wouldn’t need a password.”
  • Never share passwords.
  • Tell him or her – on the first date – that  your phone is off-limits to them. If they give you flack, it’s over. Only a control freak would mind this.
  • If they keep cool, this could be an act to gain your trust. Never leave your phone alone with that special someone.
  • Keep your phone turned off unless you’re using it.
  • Disable the GPS feature.
  • Never leave your phone unsupervised in the presence of other people, even your new boyfriend’s great-grandmother.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.