Typosquatting for Fun and Profit

/in , , /by

Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter or criminal hacker.

Typosquatters often create spoofed sites that may have the look and feel of the intended site. Operations like these may actually sell products and services that are in direct competition with the site you wanted to go to or they may be a front to steal your credentials including credit cards or social security numbers. Examples from Veralab might be “leson vs. lesson” or extra double characters such as “yahhoo vs. yahoo” or wrong character sequencies such as “IMB vs. IBM”, or a wrong key pressed such as “fesex vs. fedex.”

In some cases the typosquatters employ phishing to get you to visit the site. Phishing of course is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Typosquatting and phishing go hand in hand.

SC Magazine reports “in most cybersquatting cases, the web address can be similar in appearance to the actual corporate site, but will instead contain pay-per-click advertisements, according to a 2007 McAfee report, which studied 1.9 million typographical variations of 2,771 of the most trafficked websites.”

Last year Scammers created a website imitating Twitter.com called tvvitter that’s t-v-v-itter, cute huh? They sent phishing emails to millions of users, many of whom clicked on the link contained within the emails, which sends them to the phishing site, where they enter their user names and passwords in order to log in.

When doing a search online look carefully at any links you click.

When typing in a browser, before hitting “enter” look at the address bar to confirm you spelled it properly.

Do business with e-tailers you are familiar with and carefully spell their domain.

Set up your favorites menu with your most visited sites.

So heads up, be careful out there and don’t get hooked.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

5 Ways to Prevent Check Fraud Scams

/in , , /by

Check fraud is a billion dollar problem. Check fraud victims include banks, businesses and consumers. Our current system for cashing checks is somewhat flawed. Checks can be cashed and merchandise can be purchased even when there is no money in the checking account.

There are 5 main forms of check fraud to watch out for:

Forged signatures are the easiest form of check fraud. These are legitimate checks with a forged signature. This can occur when a checkbook is lost or stolen, or when a home or business is burglarized. An individual who is invited into your home or business can rip a single check from your checkbook and pay themselves as much as they like. Banks don’t often verify signatures until a problem arises that requires them to assign liability.

Forged endorsements generally occur when someone steals a check written to someone else, forges and endorsement and cashes or deposits it.

Counterfeit checks can be created by anyone with a desktop scanner and printer. They simply create a check and make it out to themselves.

Check kiting or check floating usually involves two bank accounts, where money is transferred back and forth, so that they appear to contain a balance which can then be withdrawn. A check is deposited in one account, then cash is withdrawn despite the lack of sufficient funds to cover the check.

Check washing involves altering a legitimate check, changing the name of the payee and often increasing the amount. This is the sneakiest form of check fraud. When checks or tax-related documents are stolen, either from the mail or by other means, the ink can be erased using common household chemicals such as nail polish remover. This allows the thieves to endorse checks to themselves.

Uni-ball pens contain specially formulated gel ink that is absorbed into the paper’s fibers and can never be washed out. The pen costs two bucks and is available at any office supply store.

Consider a locked mailbox so nobody can access your bank statements.

Using online banking and discontinuing paper statements.

Never toss old checks in the rubbish, always shred them.

Have checks delivered to the bank for pick up opposed to your home.

Guard your checks in your home or office, lock them up.

Go over your bank statements carefully.
Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

11 Ways To Prevent Home Invasions

/in , , , , , /by

Strangers and posers: You tell your children not to talk to strangers, so why do you open the door to a total stranger? And never talk to strangers via an open or screen door. Home-invaders pose as delivery people, law enforcement or  public workers.

Distress: If someone is in distress tell him or her you will call the police for them. Don’t open the door for them.

Make a call: Under no circumstances do you open the door unless you get phone numbers to call their superiors. Even if that means making them wait outside while you call 411.

Money, jewels and drugs : One simple reason your house is chosen is someone tipped off the home-invader that you have valuables. You may have done it via social media or your friends or children or baby sitter might have unintentionally bragged. In states where medical marijuana is legal that may be an additional consideration.

Peephole: Install peepholes, talk through the door.

Do not call the police!: If you live in a high crime area where law enforcement takes a while to respond, and if someone is trying to break into your house while you are in it, calling the fire department will sometimes get help to the scene quicker. Do this only if you are desperate. Firefighters are not equipped to handle violence. However squealing sirens can deter a criminal. And call the police!

Get armed: Having a non-lethal weapon in the form of a Taser or a Pepper spray in close proximity to your bed or front door can debilitate your attacker before they gain control. But realize these can be used against you.

Have your mobile handy: Consider a second line or a cell phone in your bedroom. Burglars sometimes cut phone lines and often remove a telephone from the receiver when they enter a home.

Get alarmed: An alarm system activated while you are sleeping will prevent a burglar from getting to far. And keep it on 24/7/365. With a home alarm system on, when someone knocks on the door, a conscious decision has to be made to turn off the alarm. Most people will keep it on.

Locks: Call a qualified locksmith to take a physical security survey to help you determine the most efficient way to lock up. Many products on the market are a false sense of security. A qualified locksmith should be a professional associated with well known manufacturers.

Cameras: Install a 24-hour camera surveillance system. Cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Triple Murder Home Invasion Testimony Ends

/in , , , , , , /by

This is just a bad, bad story with no happy ending.

There are home invasions, then there is this home invasion. Just when you think humans can’t get any meaner towards each other there is Steven Hayes and Joshua Komisarjevsky, the 2 men accused of a home invasion in Connecticut in 2007. Hayes and his lowlife accomplice allegedly met at a halfway house. They saw the mother (who was eventually murdered) in a parking lot one day and followed her home. A total random act.

The home was invaded at 3am. The father was immediately beaten and tied up in the basement. The father was held captive for a time but he escaped alive. The kids were tied to their beds and the mother was forced to go to the bank and withdraw money.

While at the bank the mother told a bank representative what was happening. The bank called the police who sent cruisers to the scene.

The police were outside for over 30 minutes to prevent the murderers from escaping. At one point the home invaders assaulted one of the children then killed the mother. They set the home on fire and the 2 kids died from smoke inhalation.

The NY Times reported that the state’s attorney John A. Connelly had “described the case as the ‘most horrendous murder in the state of Connecticut in the last 30 years,’ adding, ‘There are about five ways you could charge capital felony.'”

These guys might get the death penalty. But will justice be done? No. There is no justifying the death of a woman and two children and no justice in the prosecution or even death of the accused. And the father of the deceased, he will only mourn his loss, while he might crack a smile if they are prosecuted, he will never celebrate.

I can tell you right now my home security system will be on when I go to bed tonight. And then some.
Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

Situational Awareness; Spotting a Terrorist

/in , /by

We are all in this together. Whether it’s a home burglar or a home grown terrorist, preserving the sanctity of everyday life is everyone’s responsibility.

“The attempted bombing in Times Square on 1 May 2010 highlights the need to identify Homegrown Violent Extremists before they carry out a terrorist act.”

The Department of Homeland Security encourages all citizens to report anything or anyone who is suspicious to your local authorities.

I was in Time Square that day. At one point I was in range of where the vehicle that had the rigged explosives was parked. If that bomb had gone off, this blog wouldn’t be written or read. I did a segment on Fox News in Manhattan the next morning and had breakfast on the same street the car was towed from.

The people in the restaurant were all a-buzz about what happened and all felt lucky they were spared from tragedy.

“The ability of the bomber to operate under the radar demonstrates the difficulties associated with identifying terrorist activity and reinforces the need for law enforcement, at all levels, to be vigilant and identify individuals who are planning violence or other illegal activities in support of terrorism.”

Law enforcement cannot do this alone. They need our help, as was the case in Time Square. It was a pushcart vendor who spotted the vehicle and notified the police.  In this situation the vendor noticed smoke coming from the vehicle and heard a popping sound. He notified a local cop who called in for the bomb squad. Fortunately for everyone the bomb malfunctioned.

The FBI released a document highlighting some serious red flags citizens should be aware of if someone they know may defect to the bad side :

  • New or increased advocacy of violence including providing material support or recruiting others to commit criminal acts.
  • Adoption of new life styles and segregation from normal peer and family groups in association with advocating criminal or terrorist activity.
  • The adoption of a new name.
  • Behavior that could indicate participation in surveillance of potential targets.
  • Acquisition of excessive quantities of weapons or materials that could be used to produce explosives such as ammonium nitrate-based fertilizers or hydrogen peroxide.
  • Travel to or interest in traveling overseas to attend violent extremist institutions or paramilitary training camps.
  • New or increased interest in Websites and reading materials that advocate violence and then initiating action in support of this activity.
  • New or increased interest in critical infrastructure locations and landmarks, including obtaining aerial views of these locations.

While this may all seem “extreme” it is, and these are the characteristics of the home grown terrorist. My dad always said to me, be good, behave, be careful and be aware. Take Dads advice.

Robert Siciliano personal security expert to Home Security Source discussing terrorists and burglars on CNN . Disclosures.

Personal Safety When Selling a Home

/in , , /by

Two real estate agents were killed in separate incidents in Ohio in the past two weeks.

“Police have confirmed the suspects in this week’s murder of a Youngstown OH realtor are not connected with the murder of a realtor in Ravenna OH the day after.”

“Meeting new clients, showing properties, holding open houses, letting strangers get into your car, and even your marketing may be jeopardizing your personal safety.

The root of the issue is that you have real estate agents with no formal security training who are then meeting with complete strangers at odd times of the day and in vacant homes. Real estate professionals put themselves at risk at so many points. The industry opens itself up to predators.”

Here are a few tips to protect you when selling a property.

Be suspect of everyone. There isn’t any benefit in being paranoid; however, being a little guarded can keep you from getting into a vulnerable situation. Don’t just be wary of a man showing up unaccompanied. Expect them to show up in a nice car, well dressed, maybe with a wife and kids tagging along. They might have a business card saying they are a doctor or a lawyer. Don’t let your guard down.

Appointment Only. When placing ads, all advertisements should state “Appointment only” “Drivers license required” and “Pre Approval Documentation Required.” These are all hoops the bad guy may not want to jump through and you vetting out those who are “just looking” at the same time.

Use the Buddy System. When you set appointments always schedule around a spouse or friends availability so they can join you. There is always strength in numbers. If you have to go it solo, when someone walks in, say, “I’d be happy to show you the benefits of this home! In a few minutes my friend Rocco will be along to assist me,” creating the illusion of the buddy system.

ID and pre-qualify at your first meeting. When you are meeting at your property, get some form of identification. Also, it is to your benefit that a potential client buying a home is pre-qualified. Someone who is pre-qualified by a lender is less likely to be a predator.

Safe open houses. Spend a few minutes considering all the vulnerable points within the home and how you would escape if necessary.

Dress for safety and success. Don’t wear expensive jewelry. A $3-5 thousand-dollar diamond buys a lot of drugs. Dress professionally instead of provocatively.

Robert Siciliano personal security expert to Home Security Source discussing Real estate Agent safety on Inside Edition . Disclosures.

$50 Million Van Gogh Stolen, No Alarm System

/in /by

“A prized Vincent van Gogh still life was stolen from a Cairo museum  leading to a massive art hunt, conflicting reports about the details of the crime, and plenty of finger-pointing. Five people, meanwhile, have been arrested for “negligence” in relation to the embarrassing theft, which seems to have been carried out in the absence of rudimentary security measures, according to the Agence France-Presse.”

Let us “Hypothesize”: defined as a proposal intended to explain certain facts or phenomena – for a moment.

Lets say you’re flipping burgers at your job and you head home after a long greasy day. On the way home you stop off at your local convenient store for a bag of chips, soda and a crack at the numbers game. That night at the bottom of the hour you watch the lady spin the ball thing and your numbers all get sucked into that number sucking thing. Walla, you just won 50 million clams!! Woohoo!!!

But there is a hitch. In order for you to collect the money you have to agree to allow other people to see it as a pile of 50 million dollars in your house at designated times.

However, knowing that people steal, you can go ahead and do things to secure the money, but you have to keep it in the house.

Remember, you have $50 million, so dropping a few bucks on home security shouldn’t be a big deal. Rap artists do it all day long.

Would you:

a.      Hire a security service like Men In Black with those wrap around the ear thingys and dark glasses?

b.      Get off duty Navy Seals with big guns to stand guard?

c.      Get a bunch of trained Rottweiler’s, Pitt Bulls, Doberman Pincers, and German Shepherds and put raw meat all around the money?

d.       Fill your house with lots of rotting dead skunks so it smells so bad nobody would come?

e.      Invest in a functional security system that has security cameras, beware of dog signs, and security alarm monitoring at a dollar a day?

Hmmmmmm?

“Prosecutor general Abdel Meguid Mahmud acknowledged that security measures at the museum were “inadequate,” branding them “a facade.”

“There are 43 security cameras but only seven are working. Each painting is protected by an alarm but again, none are working,” he told reporters.”

Even the rotting skunks would have done a better job.

Robert Siciliano personal security expert to Home Security Source discussing terrorists and burglars on CNN . Disclosures.

Subdivsion Residents Fighting for Security Camera

/in , , , , /by

Condominium Association, Subdivision Association, or Neighborhood Association, whatever the name is, if you live in one and pay dues and have a board of directors that makes decisions for the community in regards to what you can and can’t do on a property, you probably feel my pain.

I like that bush, I hate that bush, no swing-sets, I want a swing-set, no pets, I want a cat BLAH BLAH BLAH!!

In Atlanta in what the residents of the subdivision considered a “safe neighborhood” a group of men climbed into a basement window of a woman’s home and stole every piece of jewelry, cash and electronics. She now has double deadlocks and door jams. She lives in fear and her home is not the same.

She was quoted saying “As a result, now I literally live like a hermit, with the lights off. I have security cameras up, bars on my windows. I have to go, literally, with a key room to room in my house, because they continue to affect my neighborhood.”

The neighborhood has had 2 burglaries in the past month. One neighbor took a bullet during a breaking.  If this is a “safe neighborhood” then my neighborhood is Fort Knox safe.

“Some residents said that they want home security cameras, but the president of the homeowners association says that’s not going to happen. In a lot of ways, the battle is over what is more important, personal safety or personal privacy.”

Privacy does you no good when you are shot dead by an intruder.

“The camera won’t be any, any good for the security, as far as safety for the community, just one camera,” said the association president.

One home security camera is better than zero cameras. It’s all about layers of security. The more proactive layers in place the more secure you will be. Wake up Mr. President.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Top 5 Credit/Debit Card Skimming Attacks

/in , , , /by

Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

Wedge Skimming

The most common skim is when a store clerk/waiter etc. takes your card and runs it through a card reader device that copies the information from the magnetic strip. Once the thief has the credit or debit card data he downloads it to his PC then he can burn the data to a gift card or blank “white card” or place orders over the phone or online.

POS Swaps

EFTPOS (electronic funds transfers at the point of sale) skimming occurs when the point of sale terminal is replaced with a skimming device. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. This is what happened to Stop and Shop. In Australia, fast food chains, convenience stores, and specialty clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

ATM Skimmers

Criminals can also place a card reader device on the face of an ATM, which appears to be a part of the machine. The device may have wireless Bluetooth or cellular technology built to obtain the data remotely.   It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder, light bar, mirror or car stereo looking speaker on the face of the ATM in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

Data Interceptors

Another type of gas pump skim is pulled off due to a common set of keys that will open almost any gas pump. Criminals pose as fuel pump technicians and access the terminal with the master keys. Once inside they access the wires that connect the key pad/card reader and piggyback a device inside the pump that reads all the unencrypted card data.

Dummy ATMs

In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read/copy data. The machine might be powered by car batteries or plugged in the nearest outlet. I bought one off Craigslist for $750 from a guy named Bob at a bar. How you like them apples.

When credit card information is skimmed, hackers can copy the data on blank cards, gift cards, hotel keys, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils to look like a legitimate credit card, as seen in this video.

To help combat ATM Skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

Consumers must check their statements online weekly or at least their papers ones monthly. Refute unauthorized charges immediately. Federal law allows up to 60 days to dispute a charge. After that you may be paying for an identity thief’s Vegas bender. Whenever entering a PIN always cover the keypad with your other hand.

Robert Siciliano personal security expert to Home Security Source discussing ATM skimming on Fox Boston. Disclosures.

Criminal Hackers Steal Victims Home

/in , , /by

A sophisticated scam left an Australian business man with a half million dollars stolen when criminals sold 2 properties and almost a 3rd using his stolen credentials. This kind of scam is happening in the U.S. too.

The business man had been overseas for a while and his neighbor contacted him at one point because his home was on the market and being sold. When the business man started investigating the non-permissioned sale, that’s when he realized the other properties had been sold and were no longer his.

The thieves, were believed to be Nigerian, and had enough information on the man to allow the real estate transactions to go through.  It is believed the criminal hackers got into his email account and obtained his personal identifying information along with his property documents which enabled the criminals to sell the houses.

Reports state the transactions were made virtually via email, telephone and fax, without any physical contact between the owner and anyone else. In this scam the owner, the real estate agent, banks, and various government agencies were all duped.

The system of checking and verifying identities in this case and in others often fails.

Advice to prevent this type of crime is often directed towards real estate agents who are used as the pawn in the transaction and do the dirty deed for the scammer.

In the very least agents should request a photocopy of a driver’s license or passport before listing a home for sale when doing business virtually. Other suggestions might be verify signatures using a notary or checking existing documentation and compare signatures. Look at deeds for alterations and get them from the title company.

More importantly it is essential that the homeowner meet the real estate agent for a face to face meeting. Airfare can’t cost more than a few thousand dollars and when doing a half million dollar transaction it makes sense for everyone involved to make this a priority.

But the best thing and probably the most effective solution when doing a full blown virtual transaction is to contact a lawyer wherever the seller may be and require the seller to verify themselves through a competent lawyer or other professional who can review and certify the sellers credentials.

Homeowners have a different set of responsibilities.

First and foremost make sure to invest in title insurance. Title insurance should cover legal bills associated with this type of scam. Check the policy.

If you plan on leaving your home or investment property vacant for any period of time get friendly with your neighbors and request they alert you in case your property goes on sale.

Do the same with local real estate agents and request they do an occasional drive by. Have that same real estate agent check the MLS listing occasionally looking for your property to show up on the market.

Invest in technology. A home security camera solution that alerts you to any activity on the home can give you a sense of there is any mischief. Motion sensitive cameras can alert you to any activity via text or email and can be viewed remotely via a mobile phone or internet connection.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.