The Signs to Look for When Looking at a Possible Phishing Attack

/0 Comments/in , /by

One of the common ways that hackers can trick their victims is through a phishing attack. They can do this by writing and sending an email that looks like it comes from a real source. This email might ask you for things like your username or password for a certain account, or it might have an attachment or link, which downloads malicious software to your network or computer. Some of these attacks even look like they are coming from a client, an employee, or your boss.

phishingHere are some signs that you might be the potential victim of a phishing attack.

You are Asked for Personal Info

 One of the signs that an email is a phishing email is if you are asked for personal info. Most of these emails look extremely real, and they seem like they are being sent from a trusted source, like your bank, a local hospital, or a site like PayPal. But they are scams. Think of it this way; your bank won’t ask for your bank account information. It already knows your account info, so if something seems weird, it’s probably a scam.

You are Asked for Money

 If you get an email asking for money, even if it looks legit, it is probably a scam. For instance, if a client emails you and asks for a wire transfer, call them up and ask if it’s real. What makes this such a good scam is that in most cases, the scammer has logged into the person’s account because they steal the credentials. So, you may actually be getting an email from the account of your company’s CEO…but it’s not the CEO who is writing the email.

You Sense Urgency

 If you get an email that has a sense of urgency, like an urgent transfer, it is probably a scam. As soon as you see that something is “urgent,” bells and whistles should go off in your head. Hackers like to cause panic because they know people are more likely to rush to do as asked. Let’s look at this example: you might get an email from your back saying that your bank account has been compromised, and it’s urgent that you go to a certain site, enter your account details, and confirm your account number. Well, guess what? If you do this, the scammer now has access to your bank account information.

The Website or Email Address Look Weird

 You might also get an email that has a weird looking address or website. In general, hackers try to put the name of a company you might recognize in the email address. But that doesn’t mean it’s real. For example, you might bank with Chase Bank. You get an email from @chasebank1.com but guess what? That’s not really Chase. All Chase emails will simply be from @chase.com.

Think About Your Relationship with the Company

 You also should think about the relationship you have with the company you are getting an email from. For example, any email you get from your bank or your health insurance company should come from the company’s system, not from a weird looking email address. Also, if you don’t even have an account with a company you are getting emails from, it’s certainly a scam.

You Get an Email from Yourself

Look at the email closely. Is it coming from…you? Technically, of course, it isn’t, but scammers do this trick a lot.

There are Many Emails in the “To:” Area of the Email

You also want to look at who the email is going to. If there are a lot of email addresses in the “To:” section, it is likely a scam.

Keep an Eye Out for Links

One of the ways that people fall for scams is because they click on the links that are found in emails. Some of these links will download malicious software to your computer and others might take you to a page where someone will try to trick you into giving personal information. Before clicking on a link, hover over it and take a look. If the address is weird, don’t click it.

Spelling or Grammar Errors

Most of these emails that are trying to scam you come from overseas, so it’s very common to see spelling or grammar errors in the email. If you see this, it’s very likely a scam.

Look for Attachments

Finally, if the email has an odd-looking attachment like a Zip file, a PDF, or Word doc, don’t ever open it. It is very likely that there is malware, or a virus, attached. If you believe the attachment could be real, scan it with your antivirus software to be safe.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Is Your Privacy a Concern with Biometrics?

/0 Comments/in , /by

When people started using biometric identifiers, many believed that it was all of the security that we needed. However, that was around 15 years ago, and we are still having security and privacy issues. As biometrics become even more common, the chances of hacks are becoming even more common!

Years ago, biometrics was used primarily to fingerprint criminals. Government agencies then started using biometrics to identify federal and state employees, and corporations soon followed. Now, everywhere we look, we can see the use of biometrics in action.

One of the ways that we commonly use biometrics is to access electronic devices, and many of us use biometrics to clock in at work. With all of this use, however, do we have something to worry about?

How Biometrics Have Grown

We are definitely expecting the use of biometrics to skyrocket over the next decade. In fact, estimates are that we could see more than 500 million new scanners being installed. Everywhere we look, there is some type of camera or scanner, but most consumers don’t seem concerned. In fact, a recent survey shows that around 80% of people are more confident in biometrics than they are with passwords…but this is a false sense of security that could pose a big problem.

You Are Not as Secure as You Might Think

 Think about this for a minute; if your password gets stolen, you get a notification that you need to change it. This can be done over and over again with a new password. However, with biometrics, if a hacker accesses your information, there is nothing you can do. They have it forever, and you can’t change your eye scan nor your fingerprint.

Attacks are Here

 Hackers are continuing to get smarter, and they are finding more ways to steal your info. There are more and more attacks that include biometric information, too. Just a couple of years ago, a report from the Office of Personnel Management showed something quite frightening.It reported that millions of government employees had their fingerprint scans stolen. I was actually a victim of that crime as a member of the US Coast Guard Auxiliary.  It is believed that the Chinese government was behind this, and it wasn’t a simple little attack. Many of these people had all 10 of their scans taken, and all of them are still vulnerable, today. Remember; you can’t just change your fingerprints! With this type of a hack, identity theft protection will not help here. But, it’s still good to have that type of protection.

How to Fight Back

Though there are plenty of people who don’t feel very secure with this, it is very important for those who choose to use a biometric scan to know that companies and government agencies must be held responsible with their biometric information. These organizations must do all they can to ensure that these scans remain secure.

Let’s look at Touch ID from Apple. Most people think that the image of your fingerprint is actually stored on your phone. This isn’t the case, though. Instead, it only stores a mathematical representation of your fingerprint. This means that it is totally impossible for someone to create a copy of your fingerprint from this representation. On top of this, there is a chip in these devices that include Secure Enclave, which is an advanced security concept, which protects fingerprint data and passcodes.

This is what companies and the government needs to do when using biometrics, too.

When there is any technology that requires biometrics, consumers must be sure that they are insisting that their information and scans are safe. You don’t have to be afraid, but you do need to be safe, just like you would be if you were doing online banking.

Now that you know all of this, do your loved ones a favor and share it with them. The more people who know, the more we, as a population, are educated and prepared.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Is Your Uber Driver a Criminal?

/0 Comments/in , , /by

Do you ever Uber? If you do, you probably feel relatively safe when getting into a stranger’s car. However, you might not be as safe as it seems.

Most people believe that Uber does thorough background checks on its drivers, but that’s not totally the case. Recently, there have been a number of cases where Uber drivers, who have been accused of crimes when on the job, actually have a record and several run-ins with the cops.

Simply doing a quick Google search for “rideshare assault” provides way too many search results of recent stories of sexual assaults and otherwise, perpetrated by drivers. There’s simply no shortage of predators behind the wheel.

In South Carolina a college student got into a car she thought was her Uber, police say. She was found dead in a field. I was asked to discuss this on CNN. When you watch the video on rideshare murder, you will clearly see how upset I was, and frankly, still am.

CNN took a look at Uber, and its competitor, Lyft, and the report found that both of these companies approved the hire of thousands of drivers who have records. Uber did respond to this report, and it says that it knows that there were some hiring mistakes previously, but the company has worked hard to improve the way it hires. In 2017, the company claims, it rejected over 200,000 applicants because of issues found during a background check.

A number of state and local law enforcement organizations have pushed the ride-sharing companies to put more of a focus on who they are hiring. Right now, for example, they don’t fingerprint applicants, nor do they do any type of Federal background checks. Instead, Lyft and Uber both use third-party background check companies. It uses the Social Security number and name of potential drivers to check the national sex offender database, terrorist databases, and local court records. The goal is to get people on the road quickly, so not a ton of time is spent on this.

At this point in time, there are over 40 states that require screening for ridesharing services. But these laws don’t require the companies to screen in a certain way or to use a specific company. Instead, 42 states allow rideshare companies to take this on by themselves. Massachusetts is one state the requires an additional check in addition to the regular background check, and New York City requires that all drivers for ridesharing companies get their fingerprints taken.

It is also important to mention that just because a company does finger printing along with background checks, this isn’t foolproof. The FBI system that is accessed actually has an incomplete record system, and it really isn’t meant to be used like this.

If you use Uber, keep all of this on your mind before you take your next ride. Yes, there is a simple background check that is done, but that doesn’t mean your Uber driver isn’t a criminal.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

If Your Social Security Card is Stolen, This is What You Should Do

/0 Comments/in , /by

Back in the 1930s when Social Security numbers were first introduced, they were not meant to be used as we use them today. However, if you are like most people, you use your SS number constantly; it might be at the bank, the doctor’s office, or somewhere else. You need to use a SS number to get a job, to open a credit or bank account, and even to get married. Since we use this number so often, what happens if your card is stolen or lost? This is what to do:

Put a Fraud Alert on your Credit Report

First, you want to put a fraud alert on your credit report by contacting all three major credit bureaus. When you do this, lenders and creditors use very strict guidelines when they screen any application with your information on it. These alerts last for a year, but you can get an extension when that year has passed.

Freeze Your Credit

If you want to get even more secure, think about freezing your credit. When doing so, you cannot use your credit for things like refinancing or opening a new credit line until you lift the freeze, which is good, because neither can a criminal.

Consider ID Theft Protection

If you can afford a couple of hundred dollars a year, you should consider ID theft protection. This ensures that your credit is monitored 24/7 by a team of experts who can also help to restore your credit if someone steals it.

Watch Your Credit Report

Even if you freeze your credit or get a fraud alert, that doesn’t mean that you are all in the clear. Thieves can definitely steal your identity in alternative ways. So, it is very important that you watch your credit closely. You can get a free report online at AnnualCreditReport.com or with some identity theft protection plans you can get access to credit reports once a month.

Be Smart When Online

Finally, there are some tips and tricks out there that cybercriminals use that people fall for all of the time:

  • Don’t click on any link in email, even if you think it’s from someone you know. At least call them to see if the link is legit.
  • Don’t open emails that look sensational or have a subject with a sense of urgency.
  • Don’t go in and click around on emails in your spam folder.
  • If you can use two-factor authentication, do it.
  • Use an antivirus program on all of your computers.
  • Shred personal documents before you throw them out. This is especially the case if they have personal information like a Social Security number or account number.
  • Only use long-hard-to-guess passwords for all of your accounts.
  • Don’t give out your Social Security number unless it is totally necessary.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.