How are Guns Affecting Americans? The Stats Give Us Some Insight

/in , , /by

Whether you are a gun enthusiast or hate guns, guns are here to stay. And while the Second Amendment pretty much guarantees guns will remain in America in perpetuity, it is unlikely the founding fathers would agree with the mayhem that is going on today.

All of this violence is happening at a time when many states are loosening gun restrictions with something called constitutional carry also known as a permit-less carry of a firearm. For those of us who are responsible, that’s great. This of course is a double edge sword for those who have significant mental health issues and the potential victims at the end of their barrel.

As reported in the Washington Post and elsewhere, “of course, semiautomatic firearms technology didn’t exist in any meaningful sense in the era of the founding fathers. They had something much different in mind when they drafted the Second Amendment. The typical firearms of the day were muskets and flintlock pistols. They could hold a single round at a time, and a skilled shooter could hope to get off three or possibly four rounds in a minute of firing. By all accounts, they were not particularly accurate either.”

Let’s take a look at some basic gun statistics in America:

  • There are 393 million guns out there
  • In 2020, 40 million guns were purchased – the highest number ever
  • 45,222 people died in the US from gun injuries in 2020
  • Between 2000 and 2020, there was a 40% increase in active shooter incidents
  • From 1998-2019 the USA had 109 Mass Shootings. Second in place for “wealthy nations” was France with 8 Mass Shootings.
  • Guns are now the leading cause of death for American children. 4,368 children and adolescents up to the age of 19 died from firearms in 2020, there were 4,036 deaths linked to motor vehicles.
  • From the New York Times “Where there are more guns, there are more gun deaths. Studies have found this to be true at the state and national level. It is true for homicides, suicides, mass shootings and even police shootings.
  • And: Stricter gun laws appear to help. They are associated with fewer gun deaths, in both a domestic and global context, while looser gun laws are linked with more gun deaths.
  • And: Over the past decade, the Anti-Defamation League has counted about 450 U.S. murders committed by political extremists.
  • And: As this data shows, the American political right has a violence problem that has no equivalent on the left. And the 10 victims in Buffalo this past weekend are now part of this toll. “Right-wing extremist violence is our biggest threat,” Jonathan Greenblatt, the head of the ADL, has written. “The numbers don’t lie.””

Many believe that people are becoming numb to the instances of gun violence, and it’s interesting to consider if there is a mass shooting in small town, would it affect a person in a high-rise in a big city. A group of researchers at Evolv and Equation Research surveyed over 2000 Americans to find out the answers.

 Gun Violence is Everywhere

 One of the most shocking things the researchers found…or perhaps not so shocking…is the fact that guns and shootings are truly everywhere.

According to the researchers and Security Magazine, 29% of people who responded said that they were in a location where a person unexpectedly shot off a gun. About 38% of those who replied also reported that they knew someone else who had experienced gunfire unexpectedly.

In both of these scenarios, the gunfire occurred either at a large gathering of people or in a nightclub/bar.

Why is this type of violence on the rise? There could be a few explanations. First, we have the COVID-19 pandemic and the lockdowns, which disrupted all of our lives. This includes the social services that people have access to that can lower violence and crime. The next could be the high-profile police killings in 2020, which spurred protests and put a damper on police-community relationship. Finally, of course, we have the rise in gun purchases.

However, there is also a growing feeling of distrust and discord, and Americans have greatly lost faith in the American institution. The country is deeply divided politically, and it is believed that all of this has led to an increased murder rate, more mental health issues, and even problems with more confrontations between strangers.

Americans are Nervous 

The American Psychological Association has reported that Americans, overall, have a lot of anxiety and stress since March of 2020. Research shows that people are anxious about things like terrorism, shootings, and other forms of gun violence. In fact, about 81% of the people who replied to the study are anxious specifically about guns and 62% feel anxiety about going to a public place, especially a movie theater, nightclub/bar, or large gatherings.

For those who have plans to go to a live event in the next six months, around 46.2% of people reported that they were feelings anxiety about COVID-19, but 31% of them also say they have anxiety about shootings and 21% have concerns about terrorism.

The Threat of Gun Violence is Also Impacting Business

 In addition to general anxiety about gun violence, this research has shown that businesses are also impacted by gun violence.

 Almost 40% of people who were studied report that they have not gone somewhere because they had a fear or anxiety about guns. A lot of people also report that they have a plan in place or look for a way out when they go to a place where a mass shooting could occur. For instance, almost 63% of people report that they have a mental escape plan and check exits when they go to a movie theater. Almost 50% report that they do the same thing in a grocery store. More than 60% report that they have anxiety about going to a public place.

 People are Willing to Change Their Habits 

Just as it is important for people to understand how Americans feel about the rates of gun violence rising, it is also so important to understand what steps they may take in order to feel safe. Around 78% of people said that they would be okay to take extra steps at places where there is potential for gun violence. For instance, 57% of people said they would comply with weapons detection screening. Around 46% of people say they would be willing to have their bags checked, and 44% would be fine to check their guns at the door. It’s also important to note that 22% of respondents say they would not be willing to do anything.

 Businesses across the board have to keep all of this in mind and take some steps to create a plan to keep their patrons safe. This is a unique time in history, and as people around the world start to come back from the pandemic and enjoy life again, there is a lot of anxiety around what will happen as we go “back to normal.” The best thing to do is to make some new plans and protocols in order to keep up with any threats.

There are many solutions on the table geared toward preventing gun violence. Is it more rules and regulations? Stricter access to firearms? Will background checks solve the problem or only just a small part of it? Is the solution for every single person to have a gun? Smaller magazine capacities? The list goes on and on. At this point, the worst thing we can do, is nothing.

Peter Warmka, my cohost and retired CIA Spy and I discuss all of this in our podcast The Security Guy and CIA Spy.

What do you think? And whatever you put in the comment section, please be respectful.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Hackers are Targeting LinkedIn with Phishing Scams – How to Protect Yourself

/in , /by

Retail, shipping, and tech companies are no longer the most common brands that hackers use to hide their attempts at phishing. These days, social media platforms are the main choice, and hackers are using sites like LinkedIn to dupe victims into giving them information. In fact, when we look at global phishing attacks during the first three months of 2022, more than half were from LinkedIn brands.

Phishing scams on LinkedIn generally revolve on stealing credentials, financial scams, espionage, and impersonations design to facilitate all of the above.

The research company, Check Point, released a report that shows LinkedIn and associated brands have been used 44% more by hackers when compared to the previous quarter, the final three months of 2021. At that point, these brands were used in only about 8% of all phishing attempts.

In this report, it shows that LinkedIn is the most targeted brand, but other brands, like WhatsApp, are also being used for these dastardly deeds. WhatsApp is in the top 10 of all brands being used for phishing scams, and it accounts for about 1 in 20 phishing attacks worldwide. Shipping companies, too, like DHL, are also popular options for hackers, too. The top five are LinkedIn, DHL, Google, Microsoft, and FedEx. WhatsApp, Amazon, Maersk, AliExpress, and Apple round out the top 10.

Detecting LinkedIn Phishing Scams and Fake Profiles 

It can be difficult to detect LinkedIn phishing scams because many of these emails look extremely convincing. So, how can you determine what is real and what is fake? Here are some tips:

  • Take a look at the information on the sender. It should come from an address from LinkedIn.com. However, even if it does, there is still a chance it is fake.
  • Look at the content – if it has a lot of misspellings, grammar issues, or typos, it is likely a scam.
  • If there is a link that you are asked to click, hover over it first to see where it’s leading. If it is not from a LinkedIn.com domain, do not click on it
  • If there is an attached file, don’t open it. This is a fake email. LinkedIn would never send a file, and if you open it, you could infect your computer.
  • In any case, if something looks strange or suspicious, do not click anything or open any files.

There also might be fake profiles on LinkedIn that are focused on phishing attempts. Here are some tips to help identify them.

  • Check the entire profile for anything weird or odd. Things like inconsistencies may stand out.
  • Take a look at the number of contacts the person has – if it is low, it could be a profile that is newly created just to fraud others.
  • Is there an easy way to see why the person contacted you? Like are you in the same industry?
  • Is the person trying to share a file with you? Don’t accept it, and don’t fall for any type of sense of urgency.

If you have any doubts, or you are curious about what is said in the message, if it’s that important to you, don’t hesitate to contact LinkedIn. Ask to speak to that person. The person who answers will confirm or deny that the individual in question works for the company, and if they are legitimate, they can confirm or deny if they sent the message. You can also report LinkedIn scams as well.

Remember, cybercriminals can easily compromise LinkedIn accounts that are legitimate, so it’s very important to confirm via another communication channel, like a phone, if you are getting strange LinkedIn messages.

Proactively, engage your team in phishing simulation training to make them aware of what to look out for. This type of security awareness training is a cost-effective form of risk management.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Here’s How You Can… Almost…Delete Yourself Off of the Internet

/in , /by

Whether you like it or not, companies like Facebook, Google, and Amazon all have a ton of data about you, including social connections, health information, and things you like or dislike. These companies usually use this information for advertising and marketing purposes, other companies out there also are collecting information on you to influence you politically, and you probably don’t want them to have it.

Here’s How You Can... Almost...Delete Yourself Off of the Internet

The bad news is, that it is next to impossible to totally delete yourself from the internet. Keep in mind that if your data has been hacked, such as usernames and passcodes on sites that were breached, that data will live on the dark web forever. Check if your email, as a username was compromised on my site here: https://protectnowllc.com/hacked-checker/ The good news, however, is that you can remove a lot of your data if you put a little time and effort into it. Here are some steps to follow:

Opt-Out When You Can

You probably wouldn’t be surprised to know that collecting and selling consumer data is a big industry. In 2019, Vermont passed a law that required any company doing business in the state and buying and selling third-party info to register. More than 120 companies went through the process, and they collect information such as names, DOBs, addresses, education level, buying habits, and yes…. even Social Security numbers.

Some of these companies might be familiar to you — Oracle, Equifax, Experian, Acxiom, and Epsilon are some of them. There are data brokers that allow people to opt-out of this type of data collection, but it can be difficult to figure out how to do it. You may have to fill out a form online, send them an email, or even send in other identifying information.

There is an organization that can help – it’s called the Privacy Rights Clearinghouse. Here, you can access a database of more than 200 different data brokers, and you can see information on whether or not you can opt-out. You can also take a look at YourDigitalRights to get opt-out forms for the top 10 biggest data brokers.

Ask Google to Remove Your Personal Info

Another thing that you can do is to ask Google to remove your personal contact info from search results. You can remove your home address, your phone number, and your email address.

You can get started with this by going to this Google Support site to begin the process. Here, you can submit up to 1,000 URL’s that include information about you, and it will be removed from Google search results.

This doesn’t happen automatically. The company will review the request, and then contact you if more information was necessary. Once everything is in place, Google will let you know if it will approve the request. Some things, like public record or news articles, will not be removed, and people can still find this information by searching a name.

Also, keep in mind that just because your information is removed from Google, there are other search engines out there.

Get Rid of Old Accounts 

If you really want to minimize your online presence, deleting any accounts that you no longer use can be a real help. Did you have an account on MySpace? Try to delete it. Did you blog on Tumblr during high school? Scrap it.

Though it’s easy to delete a lot of these old accounts, it’s also pretty time-consuming. Start by making a list of any old accounts you can remember, and then go through them one by one. You will have to go to each site, and then figure out how to log in and then delete the account. To make things easier, you can use a site called Justdelete.me, which will point you to the page where you can start the process.

You also might want to search for your name, email address, or other information to see what comes up. If you see posts that come up, you may be able to contact the site administrator to remove the information.

Clean Up Your Online History 

If you don’t want to delete old accounts, that’s totally fine. However, you can still clean up some of the old data that may be stored online. For instance, your Twitter or Facebook timelines may have old messages on them that you don’t want to get out in public. You can also do similar with your email account.

Data that is posted publicly, like text or photos, is much more easily found than other information, but make sure prior to deleting, that you are backing these things up if you may want to ever access it. Almost all social media platforms have a backup option in settings that you can use to do this.

For those who want to get rid of old tweets in bulk, Twitter doesn’t let you do that. However, other programs like TweetDelete and Tweet Deleter will get rid of it. It’s not free, however, but once you do it once, at $5.99 a month for Tweet Deleter, you can cancel after that first month. Also, remember, that when you give third-party service access to your account, they can access information that is within those accounts, like direct messages. Alternatively, if you don’t use your Twitter account, just delete it.

Facebook posts are a bit different. Google, for instance, won’t post information from individual Facebook posts online, but if you want to do the most possible to remove your history, you can go into your account and delete them. You can make it a bit easier by checking out the Activity Log, and then choosing what you want to delete. Alternatively, if you no longer use your Facebook account, you can delete it.

Pay Someone to Do It 

Of course, there is a market for anything, and if you don’t want to spend the time to do all of this yourself, you can definitely hire a company to do it for you. These third-party data removal companies will do the time-consuming job of removing your data from the internet. Some, like DeleteMe, can attempt to remove the data from brokers who are selling your info. Others, like Jumbo, can give you an alert when there are data breaches that your accounts might be a part of, or it can be set to delete social media posts after a certain period of time.

Preparing for the Future 

As you can see, it’s probably possible to remove some of your information, but once a lot of it is out there, it’s nearly impossible to remove it all. However, the future is yet to be written, so there are some things that you can do to protect yourself in the years to come.

First, consider what type of information you really want to put online. When you sign up for a new account, consider what type of information you are comfortable sharing, and if you can, consider using a burner email account. This is an account that you can use to sign up for new accounts that are different from your actual email account. That way, when you start getting all of the spam, it goes to this account, and not your main account. Additionally, if this account gets compromised, it’s not a huge deal, assuming there is no identifying information kept in it.

You also might consider not using the “big guys” for your online browsing. For instance, you can choose a web browser that is not Chrome or Safari-like Brave, or a search engine that isn’t Google, like Duck Duck Go. You also should truly understand what type of information is shared by the apps or programs you are using.

Finally, you need to talk to your family and friends. If you really want to be invisible online, then you should make sure everyone knows. Most people will be considerate of your request. It’s a respect issue these days, and there could be many reasons why you don’t want your current location or photos of yourself posted to social media sites. Tagging you in things should also be avoided.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Are You Addicted to or Distracted by Your Phone? Here’s How to Stop It

/in /by

I love my phone. I HATE MY PHONE. No really, I love my phone. Actually, I HATE my phone.

Phone addiction and what you can do about it

This post might be a bit off-topic from my usual security stuff, but dealing with one’s phone addiction does help with your security and privacy as well. All of these pop-ups, bells – whistles, and distractions emanating from our devices make it hard to tell what’s legitimate and what’s attempted fraud. Turning off all of the unnecessary alerts we get, will facilitate our ability to focus on what’s real and fake. Read on.

Phone addiction and how to quit

Most of the people out there know about the tricks that an advertiser or app developer might play when they try to get the attention of a consumer. What you don’t realize, however, is that our phones and digital devices are doing things like this automatically, even insidiously and you are probably engaging with them more than you want to, and definitely more than you should.

It’s distracting, it affects our attention to others, relationships, connecting to others, our sex life, our sleep, our job performance, and even our wallets. Frankly, upon understanding what’s happening, this should upset you.

One of the things that phone designers do is use certain colors for notifications: like red or blue. Why? Because certain colors are known to create an emotional response, and this makes us want to click or swipe. This emotional response also can make us feel like we suffer from phone addiction, or feel like we are attached to what our phones give us.

Don’t get caught up here, though. Here are some tips on how to quit phone addiction:

Turn Off Notifications

There is no doubt that notifications can be helpful, and in some cases, they can actually be very important. However, the majority of notifications are not. These are all designed to get people to interact with the app. For example, many people notice that when they get a Facebook notification that someone has posted to their wall, they immediately want to check it. But you could be interrupting something important. So, turn off notifications and check the apps when you have the time.

I suggest turning off everything. And slowly turn on notifications only when you believe you really, absolutely, positively need them.

Unsubscribe and Delete

Delete every app you don’t need. Unsubscribe from every email coming in that is not a necessity. Be ruthless. All of these apps and unwanted emails are another reason to turn your head left or right, up or down requiring the use of your hands and fingers to do something that you shouldn’t be doing. Your focus is sacked every time these communications come in.

Look at Screen Time

This will definitely upset you. You can look at your settings and see how much time you are spending on certain apps. You can easily set this up to be notified. Now, this is an additional distraction, but it’s also going to tell you what activities you do on your phone are helpful and which are not.

Change Colors

We have mentioned that color can play tricks on our minds, and app developers know this. So, think about removing the colors from your phone and changing it to grayscale. You can do this, for instance, on the iPhone, in the settings app.

Clean Off Your Home Screens Apps

You also might want to think about cleaning up your home screen. The only apps you might want to keep on your home screen are things that you really need, like your map app, your email, your banking app, and your calendar. Everything else (even email) should be put on another screen.

Stop Tapping and Type Instead

Try this. Try to get into the habit of typing what you are looking for in the search box of your phone. It is easy to simply tap an app to open it; it is much more difficult to type in the name of the app…and this gives you a second to really think about if you want to open the app or not.

Take Social Media Apps Off of the Device

You also might want to delete the social media apps off of your phone if you have a problem there. You might be shocked if you look at how many hours per week, or even day, you are spending on these apps. DELETE FACEBOOK AND TIKTOK. NOW! In my PodBroadcast “The Security Guy and CIA Spy” Peter and I discuss how social media is messing with our mental health. Social media and phone addiction are no joke.

Charge Your Phone Away from the Nightstand

Finally, utilize the “focus” settings on the iPhone, a.k.a. “Do Not Disturb”. For you android users figure it out HERE. Most of us charge our phones at night, and in general, they sit on our nightstands. This makes it very easy to grab it at any time, especially when you wake up in the morning. So, consider charging it somewhere else.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Movers and Shakers: Watch Out for These Scammy Conference Invitation Traps

/in /by

Finally we are back to booking a ton of live-in-person security awareness training at conferences! It’s about time! Business is getting back to pre-Covid days here in the States and any non-in-person training is being supplemented with live-online and e-learning. It’s all good! However, we are also seeing more of one of the weirdest scams out there: Conference Invitation Scams.

Conference Invitation Scams are on the rise

This is when a scammer sends out invitations to an event, like a conference, with the sole intention of scamming the people they are inviting to attend or to speak at that event. These events might be real, or they could be totally made up. The targets of these scams include CEOs, business owners, lecturers, philanthropists, researchers, and more. The goal of these scammers is to steal the identities of their targets and ultimately get Credit card numbers, checks or money wire transfers by scamming the victims.

And that’s not all, these same scams are usually piggybacked with “conference attendee lists for sale” scams. That means companies that might exhibit or market their products and services to attendees of specific conferences are targeted to buy lists that are either lame or simply don’t exist. Conference managers have their backs up against the wall fielding communications from victims who accuse the legitimate conference hosts of bad service and of course worse, fraud.

Identifying a Scam

There are a few signs that you should look out for when you get an invitation to a conference or an event. They include:

  • The invitation is random or a surprise
  • The invitation is filled with bad grammar or typos
  • The invitation asks that you pay a premium price to attend, which includes both transportation and accommodations
  • The name of the conference sounds like one that is real, such as Tech Crunch, but spelled like TecKrunch
  • You cannot pay by credit card, they might require a check, wire transfer, peer to peer payment, or cryptocurrency.
  • The invitation is extremely flattering
  • The greeting on the invitation sounds strange, like “Salutations”
  • The invitation creates a sense of urgency about getting your personal information
  • The conference is in a different country
  • The invitation seems too good to be true
  • The invitation asks for personal information and covers your accommodation, transportation, or conference cost
  • The landing page of the site doesn’t have a phone number or address listed
  • Or none of the above. The invitation or list for sale email is perfect. There are the absolutely nothing wrong with it.

Beware of the Conference Invitation Scam targeting speakers

Generally, the scam works like this: the scammer starts the scam by sending an email to the victim, which invites them to speak or attend a conference. The scammer often uses the victims’ social media pages in order to get info about them. This helps the invitation seem more personalized.

The victim is then asked to register for the conference, which gives the scammer even more personal information. On top of this, the scammer could ask the victim to pay a fee in order to attend the conference, and pay it fast, because they also create a sense of urgency to attend the conference, such as saying “spots are limited.”

If the victim that is targeted falls for the scam and sends their info, the scammer could have enough to steal the person’s identity. To add more, the scammer can even add the name of the victim, if they are well-known in the industry, to promote the conference.

When the victim goes through all of this, they will soon find that they have been the victim of a scammer. You even have to be careful when attending a conference that is legitimate, because a scammer will send out fake invites to real conferences, too. Since a victim knows about these conferences already, they are usually more willing to give up their information.

How to Protect Yourself from a Conference Invitation Scams

There are a few tricks and tips that you can start using if you commonly attend conferences. The include:

It’s entirely likely your email address as a username, has been part of not just one, but multiple data breaches. And because of this, you are likely

  • to be targeted in scams related to that organizations product or service. Right now, check if your email address has been part of any specific breaches by utilizing our “Hacked email Checker” and then change your password for those accounts.
  • Do your research about the event and try to match up the information you find with the invitation you received.
  • Contact the event organizers directly. While a website can be created from scratch or spoofed, there is still value to looking up the event and the contact info of the organizer, report your findings and find out if it’s legit.
  • If you see an email that is similar to what is described above, don’t even respond.
  • If you get an invitation that seems strange, look into it more.
  • Don’t give any personal info, including your Social Security Number. There is no reason a conference organizer would need that.
  • Copy and paste the full email into Google to see if others have reported it as a scam. You are likely not the only person to be solicited in this way.

If You are a Victim, What Should You Do?

Do you think you have become a victim of a conference invitation scam? If yes, there are some steps that you should take right now.

  • First, get contact with your credit card companies and banks, and make sure they know about it. Refute the fraudulent charges.
  • Next, you should contact your local police and file a report which might be needed to get your money back.
  • Consider contacting the police in the area where the conference was supposed to be held.
  • If you are inclined to do so, you may want to get in touch with the Better Business Bureau and report it.
  • You can also report this online by using the BBB Scam Tracker on the BBB website, to the FBI at the Internet Crime Complaint Center, or the FTC’s Online Complaint Assistant.

The most important thing is to pay attention. We’ve never seen more scams or more variations on existing scams in our entire lives. It’s funny to us, we here experts saying “criminal hackers are more sophisticated than ever” and they are not. What they are, is organized, more than ever. Scammers treat fraud as a business, they have a hierarchy, they punch a clock, they have employees, and it is that “structure” that results in a sophisticated profitable business that leads to huge profits.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Be Aware of These Safe Travel Security Tips

/in , , , /by

Covid seems to be on the downswing (hopefully). Airlines are reporting record-breaking bookings. There are a number of travel security considerations to be made when traveling domestically and even more when internationally.

Rental Cars

Be Aware of These Safe Travel Security TipsIf you are planning an upcoming vacation or a business trip, you might be thinking about renting a car. “Smart Cars” are all the rage, and they connect to the internet. You get Bluetooth, navigation, hands-free calling, live-streaming, and much more. In fact, if you have a fairly new car, yourself, you probably already have some access to these features. You probably connect your devices to your car, too, so that you can stream music, text, make phone calls, etc. This is no issue because it’s your own car, and only you and your family are using it.

Now, think of this. You have your devices, you are on vacation, and you have a rental car. So, you connect, just as you do at home. But what you don’t realize is that your personal information is now on the car, and the next person who rents it might be able to access it.

I travel a lot, and I rent a lot of cars. There has not been one car that I can think of that hasn’t had information about previous renters in it, and that’s pretty scary. I could even access their address book information in some cases.

Even if all you want to do is listen to Pandora or something, connecting to the rental car might still store data onto the car, including where you are driving. This might not seem like a huge deal if you are on vacation, but what if you have a rental car at home? The person who rents the car next can access your home address, your workplace, where you shop, etc.

The vehicle can also store your phone number and your text logs, too. Again, this can get into the hands of the wrong people unless you know how to delete them.

As you can see, there is more to auto safety than simply putting on your seat belt and refraining from texting and driving. If you are connecting to a smart car, the person who drives it next could learn so much from you; information that you certainly don’t want people to know.

Do This, Not That 

Here are some tips you can use the next time you rent a car:

  • Don’t use the USB port on a rental car to charge your phone. It can transfer data to the car. Instead, buy a cheap adapter and use the cigarette lighter.
  • Check up on the permission settings of your devices. If the infotainment system allows you to choose what is sent, only give access to things that are necessary.
  • Before you turn the car on, make sure to delete your phone from the car’s system.

Will your identity get stolen as soon as you connect your phone to a smart rental car? Probably not, but by connecting it and not deleting the data, you could run into some security and privacy issues down the road, including identity theft. Be smart, and don’t put yourself in a situation where someone else might get access to your personal information.

Everything Else

Some thieves specialize in hanging around tourist spots to spot the tourists and make them victims of hands-on crimes such as purse snatching or a mugging. But don’t wait till you’re aimlessly wandering the piazza with your face buried in a huge map to take precautions against less violent forms of crime.

  1. Before traveling, make copies of your driver’s license, medical insurance card, etc., and give these to a trusted adult. Have another set of copies in your home. Scan them and email them to yourself.
  2. Never post your travel plans on social media until you return. You never know who’s reading about you.
  3. Before departing from home, make sure your credit card company and bank know of your travel plans.
  4. Clear your smartphone or other devices of personal data that’s not essential for your trip.
  5. Travel on a light wallet. Take two credit cards with you in case one is lost or stolen. Have with you the phone numbers for your bank and credit card company, just in case.
  6. Avoid using Wi-Fi in coffee houses, airports, and other public areas other than just catching up on the news. Use a VPN. Google it.
  7. When traveling internationally, read up on the safety of food and water and get whatever shots you may need.
  8. Never give your credit card number to the hotel staff (or at least, anyone identifying themselves as hotel staff) over the phone in your hotel room. The call could be coming from a thief posing as hotel staff telling you they need your number again.
  9. Never leave anything out in your hotel room that reveals personal information, such as a credit card receipt, passport, checkbook, medical insurance card, etc. If the room does not have a safe, then have these items on you at all times.
  10. Use only an ATM that’s inside a bank, never a free-standing one outdoors somewhere. Cover the keypad with your other hand as you enter the PIN to thwart ATM skimmers.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Russian Hackers: 14 Ways to Protect Yourself and Your Business

/in /by

What’s happening in the Ukraine is an example of the worst that humanity has to offer. Millions of people being displaced, and thousands being killed. Our collective governments are walking a fine line in order to help prevent loss of life there and here. In addition, Ukrainians, prior dodging bombs and bullets, dealt with cyberattacks and Russian Hackers on a wide scale.

Unsurprisingly, the White House and CISA published a directive “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.” To those in the security community, this is nothing new, we know this is been going on forever.

These attacks would be designed to cripple critical infrastructures wherever they are successful. That means going after the Internet itself, the electrical grid, water supplies, and the financial systems. All of this will have a significant impact on the supply chain, including the food supply.

If you haven’t already been, do these things NOW to Protect Yourself and Your Business from Russian

  1. Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
  2. Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
  3. Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
  4. Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  5. Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  6. Encrypt your data so it cannot be used if it is stolen;
  7. Provide security awareness training. Educate your employees to common tactics that Russian Hackers and other attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
  8. Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.

9. Focus on bolstering America’s cybersecurity over the long term.

We encourage technology and software companies to:

  1. Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
  2. Develop software only on a system that is highly secure and accessible only to those actually working on a particular project. This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.
  3. Use modern tools to check for known and potential vulnerabilities. (Use Protect Now’s Hacked Email Checking Tool) Developers can fix most software vulnerabilities — if they know about them. There are automated tools that can review code and find most coding errors before software ships, and before a malicious actor takes advantage of them.
  4. Software developers are responsible for all code used in their products, including open source code. Most software is built using many different components and libraries, much of which is open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it.
  5. Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built and deployed. We encourage you to follow those practices more broadly.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Wi-Fi Hackers Snoop on Your Phone and Laptop: Here’s How They Do It

/in , , , , , /by

Wi-Fi is inherently flawed. Wi-Fi was born convenient, not secure. It is likely that you have heard about how dangerous it is to use an unsecured public Wi-Fi connection, and one reason is because a scammer can easily snoop. It is easier than you might think for a person to hack into your device when it is connected to a public Wi-Fi connection. In some cases they may be able to read your emails and messages, access your passwords, or even get personal information like your bank account number.

wiIt’s possible that your router or any router you connect to has been hacked and you won’t know it. A known tactic called DNS (Domain Name Server) hacking or hijacking, skilled hackers, (both black-hat and white-hat) can crack the security of a business or your home Wi‑Fi resulting in a breach. From there, if they are savvy, they’d set up a spoofed website (like a bank, or ecommerce site) and redirect you there.  From here the goal is to collect login credentials or even monitor or spy on your transaction’s on any website.

Think about this too; you are sitting in a local coffee shop working on your laptop while connected to the shops Wi-Fi. Someone sitting near you could easily download a free wireless network analyzer, and with some inexpensive hardware and software (google “Wifi Pineapple”), they can see exactly what you are doing online…unless your device is protected. They can read emails that you are sending and receiving, and they can do the same with texts.

Using a Wi-Fi Hotspot Safely: Tips

 Knowing what can happen when you are connecting to a public Wi-Fi spot, you want to know how to use them securely. Here are some ideas:

  • Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. For example, if your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device may connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.
  • When setting up a wireless router, there are a few different security protocol options. The basics are WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP), was introduced in 1997.
  • Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Or “ATT WIFI” might be real, but a hacker might have “Free ATT WIFI” as a fake network. Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device. If you don’t know if a network is safe or not, feel free to ask.
  • This is a bit 101, but when you log into any website, make sure the connection is encrypted. The URL should start with HTTPS, not HTTP. Most sites today encrypt your session automatically.
  • Use a VPN when you connect to a public Wi-Fi connection. A VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a scammer can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account. VPNs are free to a monthly/annual fee or a lifetime license.
  • If you are using a private network, make sure that you understand that they, too, are vulnerable. Anyone who has some knowledge can use these networks for evil. Always use a secure connection, and seriously, consider a VPN.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Are Password Managers Safe? Should You Use One?

/in /by

Do you think password managers are safe? You probably do, or at least hope they are if you are using them. Keep in mind, there is no such thing as 100% safe or 100% secure. Password managers, the companies that create host and deploy them, have one job and that is to keep your passwords secure.

From my experience, they’ve done a pretty good job of that thus far. To this day I am unaware of a password manager that has been breached in such a way where all of the user data was unencrypted and exposed. In general, these companies engage in full on application security and have bank level or military grade encryption. What is so bizzare to me is last I read, less than 10% of computer users use a password manager. I think a password manager is the best use of my time and money in regards to computer security.

If a password manager was to get hacked, the path of least resistance would be targeting an individual user, compromising their device, and logging into their password manager itself.

Although researchers had shown that they might not be as safe as you think they are. Before we go further, though, just know that I’m not too worried about this.

First, let’s take a look at this study. Generally, it looked at how often passwords were leaking from host computers, and then focused on if the password managers that were installed were leaving passwords on the memory of the computers.

What the study found was that all of the password managers did a good job at keeping passwords safe when it was “not running.” So, it means that a hacker wouldn’t be able to force the software into giving away a password. However, it also found that all of the password managers that were tested made an attempt to remove the password from the memory of the computer…but in a couple of cases, the passwords were still found.

Some of the software tested, left the master password and the secret key on the computer. What this means is that it could be possible now for a hacker to access information from the program. But, you have to realize that these programs are trying to remove the information…but due to situational incidents, it isn’t always possible.

Another software that was tested, caused some concerns with the researchers. Essentially, the program takes passwords when the user types them, and scrambles them, but they are decrypted when put into the computer’s memory.

Yet another password manager was examined. Here, the software removed the master password from the memory of the computer, and it was not able to be found.

Is this something to worry about? It depends. How a password manager behaves on a device and whether or not it stores entered password in memory etc. shouldn’t be that big of a deal. In reality, if the device has spyware on it, or a malware that allows for full recording of every keystroke, then that device in that user is essentially screwed.

Since researchers had pointed out these issues, all of the programs had been updated and changed. That’s why I’m not worried. Plus, the real issue doesn’t have much to do with the password managers’ security in regards to its memory or cloud access or its application security, but with the security of the devices that they are on.

 

In every security awareness training I do, I expound upon the benefits of using a password manager. Inevitably, in every discussion, the question comes up “what if the password manager gets hacked?” The pure naïveté of that question comes from most computer users belief that hacking or penetrating hardware software or networks etc. is as easy as snapping one’s fingers. It is not. There are generally a number of scenarios that need to come together in order for a device to be compromised.

But there is one single solitary scenario that makes data on a device vulnerable and that is “password re-use” leading to credential stuffing. Credential stuffing is such a weird term. Anyways, OWASP defines Credential stuffing as “the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts. Since many users will re-use the same password and username/email, when those credentials are exposed (by a database breach or phishing attack, for example) submitting those sets of stolen credentials into dozens or hundreds of other sites can allow an attacker to compromise those accounts too.”

When you look at the danger of using one password over and over again, you are much safer when using a password manager. Meanwhile head over to my

website homepage and scroll down until you see our Password Checker and click “Check if your password has been breached”. Don’t worry about entering your password on the site. We don’t store anything and what can we possibly do with the password? It’s just a password. How can we possibly track that back to any specific account? At a minimum we would need an additional user name. If you’re so concerned, do it from a private browser and or use VPN. It just doesn’t matter. Relax. Just get a password manager.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Threats to Be Aware of If You Use a Gmail Account

/in , /by

If you have a Gmail account, you should be concerned. Why? Because there are millions of malicious emails that are sent to users of Gmail every day.

gmailNow while Google upsets many people for many reasons, they do a pretty good job at keeping your email account secure. And they provide a number of tools to accomplish that task. The problem is not usually Google, the problem is usually in the “seat” and that’s you buddy. All of you fools using the same password across multiple accounts are potential victims of “credential stuffing” and those of you using the same pass code across multiple accounts are just, well dumb. No offense. But really, it’s just stupid.

If you want to know if your email address and it’s associated password have been included in any of the 12+ billion stolen records we have access to, head over to my company’s website ProtectNowLLC.com and plug your email address and any associated passwords in to see if you have been breached. And don’t worry, we don’t have access to any of your data nor do we store your information.

If you want to engage in best practices regarding your Google account, head over to Googles Security Checkup and run through your security settings. You’re crazy (or lazy) if you don’t.

Google is pretty secure, though, and many of these scammy emails are stopped right in their tracks. However, not all of them are, and if you use a corporate Gmail account, you could be more at risk than others. Here are some statistics for you to take a look at:

  • Scammers send more than 4 times the number of malware emails to corporate Gmail accounts than they do to personal Gmail accounts.
  • Scammers send more than 6 times the number of phishing emails to corporate Gmail accounts than they do to personal Gmail accounts.
  • Scammers send more than 4 times the number of spam emails to corporate Gmail accounts than they do to personal Gmail accounts.

Focusing on Threats to Corporate Gmail Accounts

You may be shocked to know that scammers like to focus on certain Gmail corporate accounts than others. For instance, when you think of all the corporate email addresses out there, educational entities and non-profits are more than two times more likely to be attacked with malware than others.

Google is Doing Its Best to Stop the Scammers

Google is well aware of these threats, and it has taken some big steps to stop the hacks. First, the company has installed an email classifier, which has an almost 100 percent accuracy rate when detecting scammy emails. Google also can send alerts to people who want to visit websites that are known for phishing or malware.

On top of that, Google offers two-step verification when users want to access their accounts, and the company also uses a hosted S/MIME feature, which

is helping to ensure that content of any email is secure and safe when it’s sent.

Finally, Google uses a TLS encryption indicator, which, when used, means that only the person you send the email to can read it.

Identifying a Phishing Email

Though Google has done a great job at stopping these threats, you may still find them getting into your email box. Here are some tips:

  • Expect the Unexpected – Most of the phishing emails out there look remarkably like legitimate emails. Thoroughly examine any email before you download files or click on links.
  • See Who Sent It – If you don’t know the sender’s name, be cautious, especially if the email asks for account information, including passwords.
  • Don’t Click on Links – Additionally, you should make sure that you are not clicking on links that appear in emails. If you must go to the site, type the address into the browser manually.
  • Look at Grammar – You also want to take a look at the grammar in emails. A lot of typos or bad grammar is a sure sign of a scam.
  • Notice Threatening Language – Finally, if you notice any threats in the email, it is probably a scam. A great example of this is “your account has been compromised.”

This is definitely not a full list of scams, but it does give you a good idea of what you might be up against. If something looks like a scam, it probably is.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.