Android Viruses are the Real Deal

Smartphones now make up half of all activated mobile phones. And as we know, smartphones are small computers, capable of performing most of the same functions as a PC, primarily through the use of mobile applications.

Some claim that mobile malware threats are still too scarce to worry about. But while PCs definitely remain the bigger targets, smartphones are quickly capturing criminal hackers’ attention, with instances of mobile malware increasing by 600% from 2010 to 2011.

CIO.com’s Al Sacco, “a security-conscious mobile beat reporter,” reported on his experience dealing with his first smartphone infection. His McAfee Mobile Security app identified the Android virus on his Motorola Atrix 4G. “Security expert, I am not, and I’m the first to admit it,” Sacco defers. “But I do know a thing or two about smartphones and the mobile landscape, and I can say without a doubt that the Android threat is very real… It’s better to be paranoid about real threats than to shake them off as nonexistent. And that’s a fact.”

“Paranoid” is a strong word, implying mental illness. And I know that isn’t really what Sacco meant. But maintaining an acute awareness of potential threats to your smartphone and taking action to prevent them isn’t mentally ill, it’s just smart.

What’s really crazy is using an Android device without mobile security, because it’s only a matter of time before that device is infected.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Cloud Computing Security: Small Business Data in the Cloud

Over the last decade many computing tasks that were developed to be performed locally on and office PC have now moved to the cloud such as contact managers, office documents, media editing programs, you name it: if there is a software version, there is probably a cloud-based version, and often for free. Just search for the name of the software you use plus “free online.”

“The cloud,” as it relates to technology, refers to millions of internet connected servers, which may be owned and operated by either corporations or private individuals, sitting in homes and offices.

These servers may be used to back-up your small business data, host email, documents, files, and offer up software as a service.

Cloud-based data, just like local PC-based data, is vulnerable to physical theft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering.

Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict data security policies, military-grade encryption, and world-class data centers for optimal data protection of your business’ computers and servers.”

The cloud computing security guide from Intel provides practical steps to help IT managers plan cloud computing security, with recommendations for strengthening cloud platform and data center infrastructure implementations.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Identity Theft Tops 2011 Consumer Complaints

The Federal Trade Commission today released its list of top consumer complaints received by the agency in 2011. For the 12th year in a row, identity theft complaints topped the list. Of more than 1.8 million complaints filed in 2011, 279,156 or 15 percent, were identity theft complaints. Nearly 25 percent of the identity theft complaints related to tax- or wage-related fraud.

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted.

The next nine complaint categories are:

Debt Collection Complaints

Prizes, Sweepstakes, and Lotteries

Shop-at-Home and Catalog Sales

Banks and Lenders

Internet Services

Auto Related Complaints

Imposter Scams

Telephone and Mobile Services

Advance-Fee Loans and Credit Protection/Repair

All of these scams can be avoided when the consumer does their necessary homework and puts systems in place to protect themselves. Some scam can be avoided just by knowing they exist and not falling for them. Others may require some form of a protection service while others simply require a little legwork and research to know your options. Always do searches on companies you do business with, check licenses and IDs, get second opinions and if it seems to good to be true, then you know the story.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

Dirty Dozen Tax Scams for 2012

The Internal Revenue Service today issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud. Here are 4:

Identity Theft

Topping this year’s list Dirty Dozen list is identity theft. In response to growing identity theft concerns, the IRS has embarked on a comprehensive strategy that is focused on preventing, detecting and resolving identity theft cases as soon as possible. In addition to the law-enforcement crackdown, the IRS has stepped up its internal reviews to spot false tax returns before tax refunds are issued as well as working to help victims of the identity theft refund schemes.

Phishing

Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.

Return Preparer Fraud

About 60 percent of taxpayers will use tax professionals this year to prepare and file their tax returns. Most return preparers provide honest service to their clients. But as in any other business, there are also some who prey on unsuspecting taxpayers.

False Form 1099 Refund Claims

In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.

Protect yourself!

Protect your information. Secure all data from the moment it arrives in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

Social Media Security Tips for Small Business

Corporations know there are long-term marketing benefits of social media and they also know the security issues with employees continue to be a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

Follow these social media security tips for small business to prevent security issues:

#1 Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

#2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder.

#3 Limit social networks. In my own research about social media security, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.

#4 Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.

#5 Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure your business network is up to date.

#6 Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

#7 Companies who eliminate access to social media open themselves up to other business security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

What Are the Latest Identity Theft Statistics?

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research, reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010. Countering this rise is the successful effort to combat identity fraud coupled with greater consumer awareness of the issue. While the number of fraud incidents increased, the total amount lost remained steady.

One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.

According to the survey the three most common items exposed during a data breach are:

— Credit card number

— Debit card number

— Social Security number

What Are the Latest Identity Theft Statistics?

Here are some eye-opening statistics:

•           500 million—the number of consumers from 2005 to 2009 whose personal and financial data has been exposed as a result of corporate data breaches—events the victims cannot control despite taking personal safety measures

•           400%—victims who found out about their identity theft more than six months after it happened incurred costs four times higher than the average

•           165 hours—the average amount of time victims spent repairing the damage done by creation of new fraudulent accounts

•           58 hours—the average amount of time victims spent repairing the damage done to existing accounts

•           43%—the percentage of identity theft occurring from stolen wallets, check-books, credit cards, billing statements, or other physical documents

•           1 in 4—number of American adults who have been notified by a business or checkbooks, credit cards, billing statements, or other physical documents

•           Once every three seconds—how often an identity is stolen

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

Computer Failure – Top Warning Signs Your PC is dying

Computers are like humans in that in some ways they can tell you when they are sick or they don’t feel good. But computers are also like pets who may not be able to speak, but if you are paying attention, they begin to behave in ways that alert you to problems. There are numerous built in warning signs that alert you to their failings. As business PC’s age they start to express themselves in ways telling you they are approaching their end of life and it’s time to check your back-up strategies.

The following computer failures indicate your computer may be close to death:

A blue screen is often a sign of a driver conflict or hardware issue. When your formerly fully functional PC displays a blue screen informing you that a serious error has occurred, it could mean total failure, or require a simple reboot.

Lengthy start up or shut down times may mean that your computer is overwhelmed by too much software, or particular programs are not shutting down properly. Or it could mean that motherboards or hard drives are not long for this world.

If you hear strange noises, like beeping, whirling, or grinding, during startup or when computing, this may be a sign of hardware failure.

Error messages as pop ups or in the device manager pointing out hardware of software failure or conflicts.

Computer data logging is the process of recording events, with an automated computer program, in a certain scope in order to provide an audit trail that can be used to understand the activity of the system and to diagnose problems.

Logs are essential to understand the activities of complex systems particularly in the case of applications with little user interaction (such as server applications).

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

9 Warning Signs Your Identity Has Been Stolen

The Federal Trade Commission (FTC) provides the following list of warning signs that your identity may have been stolen:

  1. Accounts you didn’t open and debts on your accounts that you can’t explain
  2. Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your Social Security Number, address, name or initials, or employer
  3. Failing to receive bills or other mail (this could indicate that an identity thief has taken over your account and changed your billing address—follow up with creditors if your bills don’t arrive on time)
  4. Receiving credit cards that you didn’t apply for
  5. Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason
  6. Getting calls or letters from debt collec­tors or businesses about merchandise or services you didn’t buy.
  7. You may find out when bill collection agencies contact you for overdue debts debts you never incurred.
  8. You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan.
  9. You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

P2P Security Concerns for Small Business

Peer to peer file sharing is a great technology used to share data over peer networks.  It’s also great software to get hacked. This is the same P2P software that allows users to download pirated music, movies and software.

In my own P2P security research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Installing P2P software allows anyone, including criminal hackers, to access your client’s data. This can result in business securitybreaches, credit card fraud and identity theft. This is the easiest form of hacking. There have been numerous reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

Blueprints for President Obama’s private helicopters were recently compromised because a Maryland-based defense contractor’s P2P software had leaked them to the wild, wild web.

#1 HaveP2P security policies in place not allowing the installation of P2P software on your workplace computers or employee laptops.

#2 A quick look at the “All Programs Menu” will show nearly every program on your computers. If you find an unfamiliar program, do an online search to see what it is you’ve found.

#3 Set administrative privileges prevent the installation of new software without your knowledge.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Small Business Tax Scams

The Internal Revenue Service issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of that aren’t necessarily always perpetrated by an outsider trying to scam the business or individual, but sometimes these are inside jobs that put the company in hot water.

Hiding Income Offshore

Over the years, numerous individuals have been identified as evading U.S. taxes by hiding income in offshore banks, brokerage accounts or nominee entities, using debit cards, credit cards or wire transfers to access the funds. Others have employed foreign trusts, employee-leasing schemes, private annuities or insurance plans for the same purpose.

“Free Money” from the IRS & Tax Scams Involving Social Security

Flyers and advertisements for free money from the IRS, suggesting that the taxpayer can file a tax return with little or no documentation, have been appearing in community churches around the country. These tax fraud schemes are also often spread by word of mouth as unsuspecting and well-intentioned people tell their friends and relatives.

False/Inflated Income and Expenses

Including income that was never earned, either as wages or as self-employment income in order to maximize refundable credits, is another popular tax scam. Claiming income you did not earn or expenses you did not pay in order to secure larger refundable credits such as the Earned Income Tax Credit could have serious repercussions.  This could result in repaying the erroneous refunds, including interest and penalties, and in some cases, even prosecution.

False Form 1099 Tax Refund Claims

In this ongoing tax scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.

Frivolous Tax Arguments

Promoters of frivolous tax fraud schemes encourage taxpayers to make unreasonable and outlandish claims to avoid paying the taxes they owe. The IRS has a list of frivolous tax arguments that taxpayers should avoid. These arguments are false and have been thrown out of court. While taxpayers have the right to contest their tax liabilities in court, no one has the right to disobey the law.

Abuse of Charitable Organizations and Tax Deductions

IRS examiners continue to uncover the intentional tax deduction abuse of 501(c)(3) organizations, including arrangements that improperly shield income or assets from taxation and attempts by donors to maintain control over donated assets or the income from donated property. The IRS is investigating tax fraud schemes that involve the donation of non-cash assets –– including situations in which several organizations claim the full value of the same non-cash contribution.

Disguised Corporate Ownership

Third parties are improperly used to request employer identification numbers and form corporations that obscure the true ownership of the business.

Misuse of Trusts

For years, unscrupulous promoters have urged taxpayers to transfer assets into trusts. While there are legitimate uses of trusts in tax and estate planning, some highly questionable transactions promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures