Please Hack Me. My Password is 123456

Robert Siciliano Identity Theft Expert


Is this you? Are you a hackers delight? Are you a lazy lima bean begging to be hacked? Recently, there were 32 million passwords stolen last month from a social media site. Upon observation, researchers determined 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

In another breach thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. Researchers parsed the hacked passwords and broke them down into categories based on their level of security. For example some of the passwords were very weak “111111” “123456” “1234567” “12345678” “123456789” made the top list. Many of the stolen passwords were people’s first names which of course could be kids, spouses, etc. Obviously, anyone who uses an insecure password like this is more likely to get hacked due to their laziness and less than sophisticated approach to security. 60% of the passwords contained either all numbers or all lowercase letters.

Beefing up passwords using a password manager is much easier. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases: Full moons on Saturday bring out whackos @12am!: is FmoSbow@12am! That’s a strong password that no sane person will enter manually. But a password manager makes it possible.

I’ve tried every possible password manager on the planet. There is only one that I have found to be incredibly efficient and secure. Roboform. This thing works great. I have it on 5 PCs and the iPhone and they all sync automatically.

Robert Siciliano personal security expert to Home Security Source discussing Hacked email on Fox News

Thieves Stealing Your GPS Can Track You Back Home

Robert Siciliano Identity Theft Expert


GPS is the single greatest invention since the wheel. Well, it is for me. Admittedly, I’m not a great driver. I don’t pay attention as much as I should. I day dream and I miss exits. I’m safe, but I just don’t like to drive. GPS gets me there.

I’ve messed with all kinds of GPS devices to get me from A to B. I’ve used iPhone Apps, Google Maps and the GPS that came built into me vehicles dashboard. My dashboard GPS is frustrating and less than user friendly. So I went out and picked up one of the name brand portable models. I LOVE IT!

Out of the box, it brought me through a set up wizard. The set up wizard prompted me to plug in my home address into a field appropriately called “Home.” This thing is so user friendly it allows you to press this one button from wherever you are at the time and it gets you home!

What a fantastic feature; for a car thief or a burglar!. As soon as I saw this feature I was like, ahhhh NO! I’m not plugging my home address in this thing. If my vehicle was ever stolen, the thief would know where I lived and have the remote control to my garage too! And if you ever valet a car at a restaurant or function, the valet has a buddy who then goes to your home and burgles it! With your keys! So I plugged “Home” as the address where city hall is. Plus I never give my house keys to a valet.

Some of you reading this might be saying “The thief still has your address on your vehicle registration” Ahhhh, NO! Not mine. First, you’re supposed to carry your registration in your wallet and not leave it in the car. I learned this after the cop who I reported my stolen car told me this 20 years ago.  And my registration is listed as a PO Box. I use a PO Box as a corresponding address for almost every transaction that allows it. I have a barrier between my home life and every thing else.

Remember, you have to think like a burglar to prevent a burglary.

Robert Siciliano personal security expert to Home Security Source discussing Tracking on the Tyra Banks Show

Social Media Messages Telling Too Much?

Robert Siciliano Identity Theft Expert

By now you’ve heard about a Web site called PleaseRobMe.com. This site is re-posting people’s messages, and uses a location-sharing technology to post where you are when you’re not at home. The sites motivation is to teach people they are putting themselves at risk.

I’m not a fan. There are better ways to teach and raise awareness.

I had a chance to appear on the CBS Early Show to discuss this site and its impact on personal security. Prior to doing the show I Tweeted, as I always do, to make my contacts aware of the show. What did I Tweet?

I’m on the CBS Early Show at 7:40am discussing PleaseRobMe.com politely suggesting violence. My home is alarmed & my German Shep will bite you!” I figured it was appropriate due to the nature of the segment I was about to do.

Robbery is “Larceny using threats or violence”. Or as PleaseRobMe may say, please take from me and hurt me in the process. This isn’t tongue and cheek, it borders on “inciting violence.”  And that day may come.

For years I’ve been barking about personal security as it relates to social media and the risks involved. I’ve written numerous times about how social media requires a risk vs. reward assessment.  Plain and simple, putting all your life’s details in one place makes it easy for the bad guy to gather intelligence about you.

While I believe the site has the right intentions to bring awareness to the issue, and they’ve certainly made an impact, the site is irresponsible and unethical. It’s entirely inappropriate for them to shine a big bright light on people and say “Please Rob Me”. Because some whacko just may do it. Then what?  Do the sites operators then say “I told you so” If they have a lawyer, he’s probably getting ready to buy a new home from all the money they will have to pay him.

Ending up featured on this site is the new “Scarlet Letter” of stupidity. Please, don’t be stupid.

Robert Siciliano personal security expert to Home Security Source discussing sharing too much in social media on the CBS Early Show

Overcoming Civilized Conditioning

What would you do if confronted by a bad guy? How would you respond? Freeze up? Run? Fight?

You have been taught all of your life not to hurt another human being and that’s a good thing. From birth we are told to be kind to one another and have manners. This is called ‘civilized conditioning.’ Civilized conditioning is why we don’t walk around smacking each other. This cultural conditioning allows us to get along in a civilized society.

However, you know bad things still happens every day. We are all to well aware there are some people out there who are considered un-civilized. These are people who don’t share the same boundaries you and I do.

Civilized conditioning is a double edged sword. On one hand it prevents us from being physical with another person unnecessarily, but on the other hand it prevents us from being physical with another person necessarily to protecting ourselves. Civilized conditioning is also responsible for making a person freeze up, stop breathing and panicking when someone attacks them.

Are you a parent? Ask yourself this, if someone bad was to walk up to your child and put their hands on them, what would you do? Answer? Without hesitation you would respond like a bear protecting her cubs. Why? The parental instinct to protect a child is born within you as an adult and never goes away.  So understand, you do have it in you, you just have to know how to tap into it when it comes to protecting yourself.

Tools to overcome civilized conditioning when necessary:

  1. Recognize that nobody has a right to violate you in any way.
  2. Understand that resistance is often the best way to get out of a dangerous situation.
  3. Ask “What if” questions and prepare your mind and body to respond to danger.
  4. Visualize potential scenarios and act out how you would respond.
  5. Take a self defense class. Learning self defense is a life enhancing experience.
  6. Make sure you have an acute awareness of your environment when you are getting out of your car and walking to your destination. If anything feels wrong seek safety immediately.
  7. When possible always run to safety when attacked. The worse thing you can do is nothing.

Robert Siciliano personal security expert to Home Security Source discussing trusting your intuition.

How to Protect Yourself from Identity Theft During Tax Season

Robert Siciliano Identity Theft Expert

Approximately 155 million tax forms are filed annually.  People need to understand that thieves are inventing new ways to steal identities each and every day.  And since tax time is a key period when we see a spike in identity theft, it’s crucial that we get the word out now and educate people about the latest scams.

File Early. It seems crazy to think that someone would actually file taxes in your name, but it’s being done. Once they get a hold of a few W2’s or other tax related documents that give them an idea of what your tax return will be, they being the process of filing in your name and reap your return. File before they do.

Secure Your Mail. Mail is stolen every day. Tax forms have social security numbers. When mailing your taxes don’t put them in your mail box with the red-flag up. Use a secure mailbox at the post-office or a big blue box.

Tax Preparer Scams. Reports of tax preparers telling clients they must pay back stimulus payments and then pocketing the money is last years scam coming back. Not all professional tax preparers have your best interest at heart. Make sure you do research and choose your tax preparer wisely.

Late Payment Scam. As people fall behind on their taxes, lists are created and available either internally or printed in the local paper as public record. These lists can fall into the wrong hands and thieves call unassuming people to collect.

Internet Phishing Scams. The IRS doesn’t send emails. Phony IRS e-mails that try to lure tax payers into giving out personal information are a common scam. This scam is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card, bank fraud or other forms of identity theft.

Protect your PC. Whether or not you are filing online it is essential that your PC is secured. All the basics include making sure you have updated anti-virus, a two way firewall, spyware removal software run regularly, and be sure to protect your wireless internet connection with a network key.

Robert Siciliano personal security expert to Home Security Source discussing Tax Scams on Fox News

Safety and Security on College Campuses

Robert Siciliano Identity Theft Expert

You’re in high-school and you’ve been having numerous discussions with friends and family about what colleges you want to go to. Maybe you’ve even applied to a few and have been accepted and in some cases rejected. Your search for schools generally involves the type of education you will receive, costs, location and the notoriety of the school. Choices like this weigh heavily on the student and the parent.

One of the most overlooked aspects of selecting a school is consideration for its safety and security on campus. When you or your child heads off into the real world, their safety needs to be the most important part of your decision making.

College is a mish-mash of people from all over the place from different cultures, backgrounds and ages. This melting pot can be a great learning experience. But things can go wrong too.

The stresses of college life can lead to violence at times. Additionally, college students are sometimes targeted by locals who know the students are in an unfamiliar environment. Then there’s dating violence, stalking, and way too much alcohol and sometimes drugs involved.

Another security issue here is that learning institutions are generally “open” and inviting opposed to locked down and secure.  Not doing your security homework can turn a student’s life for the worst if they don’t put systems in place to protect themselves.

The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (20 USC § 1092(f)) is the landmark federal law, originally known as the Campus Security Act, that requires colleges and universities across the United States to disclose information about crime on and around their campuses.

Do your research into the crime climate of the learning institution you plan on attending. Don’t sit idly back and hope everything will be OK. Educational institutions aren’t meant to be secure fortresses. They are meant to be open learning institutions. While many districts are beefing up security, others are doing less than their share of making it difficult for a predator to gain access.

  1. Directly call the institutions security office and get statistics for on and off campus crimes. You want to know exactly what has taken place in the last 3-5 years.
  2. If you go to the campus have an onsite meeting with the security office. It is in the best interest, and required by law for colleges to offer personal security training for their students.
  3. Determine what systems are in place to head off danger in regards to campus security personnel and technology.
  4. Ask if they have “threat management teams” (TMT) in place.  The sole purpose of TMT is to predict and prevent violence by having reporting systems in place that identify students and their behaviors who have the potential for acting out. Threat management teams intervene and provide those students with the necessary help they need.
  5. If they have a rape counseling center or any type of victim’s advocacy on campus talk to them too.
  6. Find someone on campus who has been there for at least a year. Ask around how people feel in general.
  7. Whether living on or off campus invest in your personal security. Wireless home alarms and portable home security systems are cost effective and an additional layer of protection. Security cameras are inexpensive and can greatly enhance your security too.

Robert Siciliano personal security expert to Home Security Source discussing Self Defense on Fox Boston

How to Begin the Child Abduction Prevention Conversation

Robert Siciliano Identity Theft Expert

In the past decade we have witnessed child abductions like never before. One would be led to believe that “times have changed” and abductions are a new phenomena. The reality is child abductions have been going on since the beginning of time. In the 30’s, Charles Lindbergh Jr.’s 20 month old son was abducted and it made huge US media coverage.

The media since, especially over the last decade, has deemed this a hot button and seems to have picked up on it.  At any given time one can turn the channel and see live coverage of the next kid absconded. The old-school training, I and many others received early on was “don’t talk to strangers” as if strangers were the dangerous ones. Actually, most abductions occur when a family member takes the child as a result of a custody battle.

When a true stranger steals a child, they often don’t survive beyond 3 hours.

No matter what the statistics are, child abductions are real and they happen far too often.

Protecting yourself and children begins with understanding basic security.

As simple as it sounds, do not engage in behavior that creates an opportunity for the bad guy. Today most helicopter parents won’t take their eyes off their kids, and I don’t see that as a bad thing. I know many will argue that point, but I don’t care.

Always have recent pictures and video of your child for police if they go missing. If you are inclined to invest in a fingerprint of DNA kit that certainly doesn’t hurt.

In the event that a child was to be approached, the best defense is a good offense. Resistance has often been a proven tactic for removing oneself from a dangerous situation. Running, screaming, biting, hitting and kicking feel unnatural to teach your kids, but are certainly natural traits they possess. I say if they are good at it now, train them to do it better!

As soon as your child is at an age where they can comprehend this issue it’s time to discuss it. Age 4 they have a pretty good grasp, but age five they seem to be on solid footing.

Role play with your kids. This is a delicate balance of awareness and play. Intellectually introduce scenarios for them to respond to. See how they articulate a response. Let them figure it out on their own. Then if they don’t give you the answer you were looking for, work with them to understand the nature of their choice and its negative impact.

Be specific, but be careful how you associate your analogies. Example: “if a white van pulled up next to you” will freak your kid out every time they see a white van and only make them wary of vans opposed to those in cars or on foot.

Make sure to discuss the Internet and online predators. This is an entire future post. But in the meantime, do your research and know what risks they face. Take control of their access to PC’s and monitor everything they do.

Most importantly, this kind of education is about empowerment. It’s about taking control. It’s a gentle awareness that can very well save their lives. Don’t guilt them into making the right decisions and make them feel bad about not understanding the issue. If they aren’t ready to comprehend the issue then back off.

And because they spend the majority of their time at home, do all the necessary things to strengthen your fort. Yes, I call my home my fort. Invest in home alarms systems. Install home security cameras inside and outside the home. Install proper fencing that keeps them in and others out. Always keep an eye on people who look out of place. Don’t take your eyes off the ones who belong either. Question authority. And live in peace and harmony. The chances that something like this can happen are very very slim. But there is a chance. So these are your options.  Here’s more from PsychologyToday

Robert Siciliano personal security expert to Home Security Source discussing child security on CNBC

We Love Them Dumb Criminals

Robert Siciliano Identity Theft Expert

Dumb criminals are often just ignorant people who do stupid things for a number of idiotic reasons. But one thing’s for sure, they sure are fun to watch.

This kid in Florida used his index or “pointer” finger to hold up a convenient store. The store manager at first thought it was a joke, which in a sense it was, but the kid was serious, and when the cashier confronted the cocked finger, the dude fled.

A poor unfortunate lost soul whose drug addiction overtook him, didn’t trust his crack dealers and went to the local police to see if they could check the quality of his crack. That didn’t go over to well.

A car gets pulled over by the police for a moving violation. The driver already had a prior record and didn’t want to get into any more trouble. So he provided the cop with someone else’s name. Turned out that name was for someone who was wanted for homicide. Karma man, karma.

Two guys walk into a bar…..to rob it. They had machetes. The bar was full of burly bikers who use machetes to butter their bread. The two guys leave bar on stretchers.

Guy is convicted of receiving stolen goods. Gets home detention and has to wear a GPS ankle bracelet. Guy leaves his home to break into other homes to get more stolen goods. They call this man a “recidivist”. Cops get the alarm that ankle boy is not where he should be. They track him to his car full of loot. That’s one dumb criminal.

Lawyers say that people get into trouble for 2 reasons, 1: they do illegal things and 2: they tell police what they did. Bank robber is arrested suspected of bank robbery. Cop says it’s for robbing four banks. Robber gets belligerent, and says I only did 3!

Bubble head tries to get a date with the cashier in a liquor store. He gives her his digits. Then he steals a bottle of vodka. She calls the cops, he gets a court date.

More from Readers Digest here

Not all criminals are dumb. But unfortunately many homeowners aren’t too smart either. And it doesn’t take a rocket scientist to secure your home and valuables.

  1. Install a safe in your home and bolt it to the floor. A safe prevents theft of jewelry, cash and other smaller easily lifted items. Many insurance companies won’t even insure without a safe on premises.
  1. Install a security camera system. Even the dumbest of criminals don’t get caught, but they will think twice if you have a camera on their dumb mug.
  1. Keep that home security alarm on all day, every day. You’d have to be a complete tool to break into a home that is alarmed. And frankly in today’s crime climate, you’d have to be dumb not to have one.

Robert Siciliano personal security expert to Home Security Source discussing home security and scams on TBS Movie and a Makeover

How to Prevent Home Contractor Fraud

Robert Siciliano Identity Theft Expert

It’s a scenario played out every day. Harry Homeowner needs a new roof, home security system, or kitchen installed. He does his due diligence searching out reputable contractors who offer fair pricing. He may look in the classified section of the local paper, do a search online, look on Craigslist or make some calls to friends and family who recently had a new roof installed.

And in every single scenario Harry can get burnt. Each resource provides their own set of pros and cons, and every resource is used by scammers.

The biggest issue consumers face is the fact they don’t do their homework. People fall into 2 categories, 1: they are naïve and have no clue that someone may be looking to scam them or 2: they think they are so smart that nobody can scam them. But if you are smart enough to know that this can happen to you, and do your best to prevent it, you reduce the risks associated with contractor fraud.

Before embarking on hiring any contractor, do your homework. Read up on what the processes are to do the job at hand. While a new roof or home alarm may not be something you want to learn how to do, there are plenty of “do it yourself” or DIY websites that can teach you. Spending 2 minutes searching and 20 minutes reading can save you money and make you sound intelligent to the contractor when asking the right questions.

The best resource is always doing business with someone you know like and trust.  Well known brands often vet out contractors and have zero tolerance policies for shoddy work. But you may not know a roofer or alarm installer. So, find a friend or other trusted source who does know a contractor and higher them. But that doesn’t mean you automatically trust. The Better Business Bureau is a great resource for consumers looking to deal with reputable companies. This is your best resource.

Rule of thumb is to always get 3 contractors to bid the job. Be cognizant of how they handle themselves, their level of understanding of the work at hand, and whether or not they voluntarily offer up references. Don’t just automatically trust the guy with the whitest teeth and lowest price. Pay attention to your gut.

Always check references thoroughly. If it makes sense for the job at hand, drive by the house that was referenced and actually look to see the quality of the work that was done. Often construction jobs costs thousands and taking the time to check work is worth your time.

Get everything in legible writing that is laid out in a contract that clearly spells it all out.

Many contractors will request money up front to do the job. Often they need that money as a “commitment” to do the job and motivate them to fill their trucks up with the tools and stock to do the job. This is where I get nervous. I recommend requesting you go with them to whatever supplier they get their stock from and paying for it directly. If they charge a markup on the stock (it’s usually 15%) tell them you’ll gladly give that to them.

It’s best to break the payment down in 3 parts. You’ve already paid for the stock so now all you have to do is pay for labor.  One third upon showing up to do the work, one third halfway through the job and one third when they are done.

Robert Siciliano personal security expert to Home Security Source discussing scam prevention on The Big Idea with Donny Deutsch on CNBC

Search Engines Link to Malware in Social Media Search

Robert Siciliano Identity Theft Expert

Now that the 3 major search engines Google, Bing and Yahoo index real-time search for Twitter and other social networks, consumers must be aware that not all relevant search is a safe click. Scammers and identity thieves see this as real-time free advertising for their malware.

When news breaks, the social media is now considered a trusted source for cutting edge information. The search engines trust that data and place those keyword search results on page one.

A criminal hacker seeing news break begins to multiply that message and embed malware in the links that lead to fraud.

Tainted Twitter and Facebook updates are riddled with spam and viruses in status posts where links are often disguised in short URLs that go to spoofed sites or include a downloadable virus.

The blind trust the search engines have in these results puts the user in jeopardy.

While all 3 search engines have automatic and manual processes for detecting such links, the sheer volume of hackers using this strategy creates a cat and mouse scenario that is far from fool proof.

While I certainly use social media to inform the world on current events, I don’t recommend you click on links from those who you aren’t familiar with. I never click links in the body of an email from those I’m not familiar with and I don’t do it on social media either.

If you are compelled follow the link, use a short URL decoder that provides a glimpse into where the link goes. Otherwise make sure you have the most updated browser that informs you of entry to spoofed sites. And make sure your antivirus is fully up to date.

Robert Siciliano personal security expert to Home Security Source discussing criminals using social media to commit fraud on Fox Boston