84% of Consumers Will Not Buy a Car from a Breached Dealership

Most automotive-dealership owners never think that they are going to be a target in a data breach. However, the reality of this is very different. All dealerships, no matter how big or small, are targets thanks to the information these businesses have. This includes insurance documents, drivers’ licenses, credit card numbers, Social Security numbers, phone numbers, email addresses, credit reports, payment receipts and much more. According to a study done by TDC, about 84% of people said they would never purchase another car from a dealership that allowed their personal information to become compromised.

According to research, identity theft associated with car leases and loans increased 43% in the last year, and it is costing business owners a collective six billion dollars.

Last June, researchers found an online database that contained information about more than 10 million vehicles. It was then noted that cyber criminals had accessed the information, which included VINs and personal information about owners. They then can use this information to make a stolen car seem legal.

On top of this, dealerships are “financial institutions” as they collect and store financial information from their customers. This means that they have a responsibility to follow established guidelines to protect that information from getting out. If this wasn’t enough, dealerships could get steep fines, loss of reputation and the potential to lose revenue and customers.

Checking Compliance

Like most businesses that work with sensitive customer information, dealerships are regulated. Owners must be aware of the regulations and laws (that are designed to protect the identities of their customers) as well as keep privacy and financial data safe. For example, the Gramm-Leach-Billey Act forces dealerships to give customers a description of their privacy practices. Another law, the Disposal Rule, requires dealerships to immediately and securely shred consumer reports when they are no longer needed. If dealers are not doing these things, they could face legal consequences.

Regulations for Third Parties

There is also the fact that dealerships often share information with third parties, such as financial organizations and insurance companies, and it cannot be assumed that these companies have the same security standards as the dealership. To avoid sensitive customer information from getting shared, it is imperative to confirm the security protocols of these third parties.

On top of this, dealerships see people coming in and out all of the time, and visual hacking is rising. So, it is very important that employees of dealerships are watching for unusual acts, such as customers taking photos in office areas. Making sure that all visitors are escorted is the best way to alleviate this.

Shred Everything, and Stay Secure

Shredding documents before throwing them out is one of the best ways to get rid of sensitive information. This type of destruction helps you to eliminate any of those “what ifs,” and it also ensures that car dealerships are securely getting rid of any unwanted devices or papers. On top of this, document disposal is generally legally required in the industry.

Keep in mind that reputation is everything—especially in an industry like the auto industry, as customers have so many options to choose from. By protecting your reputation, you are also protecting your customers’ information.

Threats to Your Automotive Dealership

There is a need for all dealers with staff to understand the electronic threats against them. However, approximately 80% of dealerships don’t have the right type of network protection because they lack the expertise and resources. This causes customer information to be in the open and open to being stolen. There are other ways that dealers can also fall victim to cybercrimes including:

·         Evil Emails – Email is a very easy way for a hacker to spread viruses on computers and networks. All it takes is one person on your network to click on and download an email attachment that has a virus on it. Once this virus is there, a hacker can do almost anything, including access credit card information of customers.

·         Fake Sites – There are also many hackers who create fake websites that look almost identical to the websites of real companies. Again, it just takes one person on your network to log into a fake site and lose money or other valuable information.

·         Wi-Fi – If people are using mobile devices or personal computers on your network during the workday, and then take it home to do more work, the data that is on those devices is not secure.

Preventing Your Dealership from Becoming a Victim

As you can see, there is no limit to how a vehicle dealership can become a victim of hacking. So, you have to become very vigilant and take on a very active role to make sure that you are protecting the information of your customers. Here are some things that you can do to prevent your dealership from falling into this trap:

·         Take a look at your security – One thing you can do is look at where you might have a lapse in security. Fundamentally, it is best that companies conduct yearly intelligence gathering to learn where data might be compromised. This can give a dealer the upper hand in creating ways to predict where breaches can happen and how to avoid them.

·         Train staff on what to look out for – It is very easy to open emails or download attachments. Security awareness training is as important as sales training. Dealerships can train anyone to never open emails from people they don’t know or to confirm that they are only putting information into authentic websites.

·         Get cyber liability insurance – Another thing that you can consider is getting cyber liability insurance. This can cover the costs associated with any potential data breach.

·         Restrict information from becoming accessed – Finally, consider restricting access to things like your dealership’s Wi-Fi network. You also might have to create a policy that limits the devices that are connected to the network. This will help to limit the instances of data theft.

These are just a few of the ways that a dealership can create a better sense of security for their digital information. Customers will feel as if their personal information is safe, and that will keep customers coming back for cars time and time again.

FTC Brings Office Depot Fines and a Strong Warning to Other Companies

The Federal Trade Commission (FTC) announced that Office Depot, along with a tech support firm, must come up with $35 million to settle a lawsuit over claims that both organizations were part of a computer repair service scam, which involved a fake malware scan.

In the FTC complaint, it was stated that Office Depot, OfficeMax, and Support.com ran a program called PC Health Check. This program is designed to search for malware on a customer’s computer. However, it actually doesn’t quite do that. Instead, it gives the customer a questionnaire, and then it uses the answers given by the respondent to flag some malware…even though malware might not have even been on the computer.

Some of the questions asked by the PC Health Check program included asking if the computer was slow, if it had a lot of pop-up ads, or if it crashed a lot. When the person clicked “yes,” to these questions, the software prompted them to buy fixes for the issues, which could cost hundreds of dollars.

Additionally, the complaint alleges that Office Depot and OfficeMax told their store employees to run PC Health Check on every computer that was brought into the store. In total, it is estimated that there were tens of millions of dollars lost in this scam.

On top of this, it is alleged that this scheme went on from 2009 until late 2016. It was only stopped when KIRO 7, a CBS-affiliate, began looking into it after viewers started reporting complaints about the program. Employees were also upset, and the FTC shared an incident from 2012 in its report. It said that an employee complained to upper management and said that they could not keep “lying to a customer” or be subject to being “tricked into lying” just so their store could “make a few extra dollars.”

If all of this wasn’t enough, the complaint also alleges that Office Depot advised its stores to never run a PC Health Check on any computer that had been repaired, because the program would still report malware, even though there was none on the machine. In other words, Office Depot knew that the program would flag malware even if there wasn’t malware on the computer.

Because of this scam, Office Depot will have to pay $25 million and Support.com must pay $10 million to settle with the FTC. The agency says that it will use the money to repay people who were victims of this scheme. Joe Simons, FTC Chairman, said in a statement that this should “send a strong message” to any other companies that might be considering this type of deception to trick people into buying services that they might not really need.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

“Troncast” Podcast with Tron Jordheim

I recently had the opportunity to join Tron Jordheim on his podcast hosted on stitcher.com. We talked about digital security and how to watch out for yourself in our digital landscape. I was able to share advice on privacy, information security and why it is so important to take control of your own security, and ultimately your life. Thanks again to Tron, stitcher.com and the sponsors of this “Troncast!”

Facebook in the Spotlight Once Again for a Massive Data Breach

It’s a new day, so you should expect news about another data breach—again, with Facebook. According to research, tons of Facebook user data was recently exposed on cloud computing servers owned by Amazon.

safr.me

According to UpGuard, a cybersecurity firm, it is believed that Facebook app developers store the data on the servers, but they did so in a way that allowed the public to download it. One of these groups stored more than 500 million records on the servers, but it’s not yet clear how many people might have been affected. Another developer stored Facebook passwords for more than 20,000 people.

According to “the powers that be” at UpGuard, it is believed that the data was gathered through some type of Facebook integration. Basically, Facebook allows its developers to integrate these websites, apps and other info with its platform, which allows people to sign into another account by using their Facebook account.

Facebook has stated that it prohibits its developers from storing Facebook information in any public database. It said that once it was alerted to the breach, it began working with Amazon. The company also says that it is committed to working with its app developers to protect its users’ data.

This is only the latest incident that shines a bright light on Facebook’s struggle to keep its users’ data safe. With more than two billion users, this is extremely important, and it is surely going to put the social media giant under increased scrutiny.

Just about a year ago, Cambridge Analytica, which is a data firm that has connections to the Trump presidential campaign, was able to access information from almost 90 million Facebook users without their consent.

Facebook has stated that the data was first collected by a professor, who was doing it for academic reasons, which is or was actually allowed according to Facebook’s policies. The information was then transferred to a number of third party companies, including Cambridge Analytica, which is in direct violation of Facebook’s policies.

Since the Cambridge Analytica scandal, Facebook has been under scrutiny for offering its users’ data to more companies than it had admitted previously. In the last year, the company also admitted that hackers had exploited some type of bug in the Facebook platform, which ultimately exposed the information of almost 50 million people.

People from all over the world have criticized the way Facebook stores data, and the U.S. Federal Trade Commission is thought to be looking into a fine against Facebook for violating a data privacy agreement. Facebook was fined £500,000 ($653,000) over the issue with Cambridge Analytica.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Exclusive Coaching Call Webinar Recording

My interview with CNN has been trending all over the internet, and that makes me so happy because we talked about a very important topic–personal security. I’m so passionate about this subject that I wanted to provide some followup commentary. Use this link to view my most recent discussion, but this is not for the faint of heart…

How to Phish Google and Facebook and Make Millions

Evaldas Rimasauskas, a Lithuanian man, became very rich. How? He is a criminal who used his lying skills to get more than $100 million from companies such as Facebook and Google between 2013 and 2015.

He’s now in jail, but during his trial, Rimasauskas admitted that he was guilty of several crimes including money laundering, wire fraud and identity theft. According to court records, Rimasauskas created a Latvian company called Quanta Computer Incorporated, which was the same name as a computer hardware company. He then opened several bank accounts in five different countries, which enabled him to keep the scheme up for so long.

How Did He Do It?

He basically used his skills to forge contracts, invoices and letters from existing companies, which he then submitted to banks for wire transfers. By doing things like spoofing email addresses and using the same name as a well-known hardware company, he was easily able to do this without being caught—at least for a couple of years. So, fake invoices along with phishing, and various forms of social engineering, made the victim companies think they were getting bills from a legitimate vendor. Once he got the money, he could distribute the cash to his other accounts, which was an attempt to cover his tracks.

Rimasauskas is certainly not the only person out there trying these schemes. Fake invoices are not at all a new scam. Criminals bombard businesses every day with invoices for products and services they’ve never consumed, and when accounts receivable receives an invoice and demand for payment, they often just write a check or wire the money.

The Internet Crime Complaint Center, which is part of the FBI, has said that these schemes have cost organizations more than three billion dollars in a little over three years. This was a whopping 1,300% increase when compared to the previous years. Before any invoice is ever paid, there needs to be an inquiry into the source of the invoice, a discussion of who the vendor is and if a payment is actually due.

The Maximum Jail Sentence Is…Since Rimasauskas plead guilty, there is no doubt that he is heading to jail for a longtime, and he faces a max sentence of 30 years. He has also agreed to pay back almost $50 million, which is the amount that the U.S. government was able to track as well as the amount listed in the indictment for the wire fraud charge that he faced.

If he is found guilty of every charge, he could see as much as three decades in prison. What about the companies that have been victims of Rimasauskas? According to reports, the money has been recouped, at least in the case of Google. Facebook and other companies have not yet shared if the money Rimasauskas took has been taken back.

There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate. Take a look at our eLearning Courses and our S.A.F.E. Certification.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

What it Means to be CSI Protection Certified

“A CSI Protection Certified Agent can help you decrease susceptibility to crime and ensure you are working with a trained, concerned professional. If your real estate professional holds the CSI Protection designation, you can trust that they will provide the skills necessary for a safe and secure transaction.”

If YOU know someone who should get CSI Protection certified, show them this: https://protectnowllc.com/

10 Tips to Not Ending Up A Dead Real Estate Agent

Yes that title is awful and yes you should be offended. Real estate agents often find themselves in dangerous situations. And for 20 years, I’ve been screaming this, doing something about it, and it keeps happening. And the real estate agents and industries response?

Thots and prayers. Thots and prayers. Thots and prayers. Thots and prayers.

How’s that workin’ for ya?

Sometimes you have to visit unsafe neighborhoods, you might have to come face to face with a vicious dog, or even have an unsavory character walk right into an open house.

In 2016, approximately 3% of all real estate agents reported that they were physically attacked when on the clock. Though this might seem like a small number, you have to consider that only about 2% of the entire population of the country are physically attacked each year. This means, of course, that if you are a real estate agent, your odds of assault are higher than the average person.

Remember, no one is immune to this. Here’s a brief first person account posted to Facebook about a real estate agents experience…and it could even be you:

Another reason why I like running my real estate business by referral: Went to meet a female seller today who contacted me on-line. She told me she would meet me at her property as it is an occupied rental. She was there and so were about four guys. Small, cramped house. She told me the tenant would take me around as he knew the house better than her…. immediately I knew something was off.

He takes me around the first floor then he’s showing me upstairs and another guy who wasn’t one of the four downstairs appears out of nowhere and stands behind me. I’m now seriously freaking out as instinct told me something was about to happen. I made my excuses quick and went back downstairs. I put aside my manners and took out my phone and while chatting briefly with the seller, I text my location to my team. Then I left.

My 5ft 100lb self would have been no match for them.

I realized mid-way through that 10 minute tour that no-one knew where I was, I had no idea who these people were and if this woman actually was who she said she was.

Point of the story: realtors please be extra vigilant when being in homes of strangers. I know it sounds obvious yet it’s not as we are simply doing ‘our job’ and we can’t do that if we don’t visit other people’s homes. This ended well yet it could have been a very different story for me today. Stay safe and trust your instinct.”

The seller was a female, and the seller said that she would meet the agent at the property, as it was a rental and currently occupied. When the agent arrived, she saw the seller along with four men in a small, cramped house. The seller, herself, would not give the agent a tour of this home; instead, she said one of the tenants would take her.

REG FLAG.

Almost instantly, the agent knew something was weird about this. One of the men took the agent to the second floor, and before she knew it, there was another man directly behind her…and this man was NOT one of the men she had seen downstairs.

This was a very scary situation, and though this story did not end in disaster, plenty of these situations, do. Be smart, stay vigilant, and trust your instincts when something seems off.

Here are 10 tips that you can use to keep yourself from ending up a dead real estate agent:

  1. Research – Before you meet with a potential buyer, make sure to do a little research. This might be as simple as doing a Google search on them, or you can create a questionnaire to get information from them.
  2. Get an ID – Ask for the ID of any potential buyer/seller before showing the home. You should be able to get a photo of their ID and keep it on your phone and text it to a colleague just in case. If they refuse, this is a red flag.
  3. Show During Daylight Hours – Only show a home during daylight hours.
  4. Bring a Buddy – Do you have an assistant, friend, or family member who wants to keep you safe? Bring them along. When showing a home, try to bring a buddy. Make sure the buyer/seller knows that this other person is coming.
  5. Know What You are Going Into – Do your best to get a lay of the land when going into a home for the first time. Ask if there is anyone else in the home, too.
  6. Stay Near Exits – Make sure when you are showing a home, or being shown and home, that you always have an eye on the exit. Also, don’t go into any area, such as a basement, where someone couldn’t hear you if you had to yell for help. Unless you bring a buddy, and allow the buyer to take a look on their own, if necessary.
  7. Don’t Let Your Guard Down – Any person who walks into a home is a potential “bad guy/gal.” Don’t let your guard down, even if they seem like they are an upstanding citizen.
  8. Advertise Smartly – When advertising, make sure to do so smartly. Make sure that people know that viewing the home is by appointment only and that you will be checking their ID before showing the home.
  9. Dress Appropriately – Don’t wear any expensive jewelry when showing a home, and make sure to dress in a professional manner. Wearing clothing that is revealing, for instance, can send the wrong message.
  10. Trust Your Gut – Finally, trust your gut. If something seems wrong, it probably is.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How Smart Speakers Are Exposing Cheaters!

Did you know your home’s smart speaker can land you a divorce? And quickly.

The nation’s top security consultants, including myself, agree that smart devices now contain enough of your personal information to know if you’re participating in a secret relationship.

Americans are becoming more concerned with the lack of privacy associated with “smart” devices (i.e. speakers, bulbs, locks, TVs…etc.). Data advisers employed by the U.S. government have recently warned that certain data (such as taped conversations, location data…etc.) could be used against owners by uncovering unfaithful behavior.

The popular “Amazon Echo”, “Apple HomePod” and “Google Home” speakers can all pick up steamy dirty-talk among the culprits of an affair. Also, they can show when lovers commingle in the same bedroom via features such as “Alexa Guard.”

Safr.me

Duke Professor Dr. Machanavajjhala was recently interviewed clarifying that “Smart meters can tell you whether an individual is at home and what appliances are used. Smart light bulbs and Wi-Fi access points can reveal occupancy. Social relationships between building occupants can be inferred by analyzing sensor logs. Smart TVs and voice assistants can pick up living room chatter, some of which may be shared with third parties.”

Smart speaker adoption is beginning to become a global norm just like smart phones – making home assistants a hot industry for the biggest companies like Google, Amazon, Apple and Facebook who all produce their own versions.

But despite these devices selling rapidly, the mass public is not clear on what tech companies do with the data they collect. Companies trying to creep their way into your data is nothing new; recorded chats and locations will inevitably be used for research, stored in the cloud and used to help sell to you.

Dr. Machanavajjhala was open in admitting that he does not own a smart speaker because he is scared of them. He strongly feels speakers are a threat to his privacy.  “I am waiting for privacy protections to come in. We need to know what is being collected about us, whether or not we have anything to hide,” he said.

According to TheSun.co.uk, when they asked the major companies about losing privacy with recorded conversations, Amazon was the only company who replied stating, “At Amazon customer trust is of the utmost importance, and we take privacy seriously. By default, Echo devices are designed to only capture audio after it detects the wake word. Only after the wake word is detected does audio get streamed to the cloud, and the stream closes immediately after Alexa processes a customer request. No audio is stored or saved on the device. Customers can also review and delete voice recordings in the Alexa App or by visiting www.Amazon.co.uk/privacy.” Google, Facebook and Apple did not comment.

One of the largest mysteries still today is who are they sharing our data with once it’s in the cloud? Dr. Machanavajjhala added, “Smart devices move data to the cloud so they can be analyzed using sophisticated algorithms. Once data is on the cloud, users lose control over it. There is little transparency about who it is shared with.

One thing is for sure, you must stay up to date and informed because these companies are not slowing down.

The Alexa service is always getting smarter, whether you’re using the Echo you bought three years ago or an Echo Show you buy tomorrow. We have thousands of engineers and scientists inventing on behalf of customers, and today we’re excited to introduce even more features…” – Tom Taylor, Senior Vice President, Amazon Alexa.

There will continue to be issues that we will face as a society when it comes to smart devices. For example, Amazon Echo had problems over holidays due to users accidentally logging into the smart phones of the individuals who gave the speakers as gifts. For the past 30 years, I have been warning that in the hands of the bad guy, your information can be used to steal money from your bank account or unlock smart locks to enter your home.

To learn more, please visit my education page complete with both paid and free content designed to help you stay safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.