Parents legally can spy on their Kids

Just because something is legal, does that mean you should do it? In the case of spying on your kids’ phone activities, some say yes. Though the very same mode of operation is illegal in most states when the eavesdropper is your boss or anyone else and you’re the “eavesdropee,” this same mechanism is legal and encouraged for parents to their kids.

12DYou’re probably envisioning a parent listening in on their boy-crazy teen daughter’s phone conversation. But it’s more than that.

According to a nydailynews.com article, the Court of Appeals in New York ruled that secretly listening in on and even recording a cellphone conversation is legal—after a man recorded a cellphone conversation involving his five-year-old son. The child’s mother’s boyfriend, over the phone, threatened to beat him.

Dad acted in good faith when he wired the phone, and the slime who made the threat, was convicted on three counts. But his attorney claimed that the eavesdropping was illegal and thus, the conversation was not admissible.

The judge in this case pointed out that not all cases come in template form inside a black box. But can a parent eavesdrop on an older child who’s cognizant enough to rationally protest? Again, we can’t apply a cookie cutter to this concept. But in New York, it’s legal to conduct this practice, with the assumption that the parent is acting in the best interest of the minor.

In another case, points out the article, a woman inserted a tape recorder in her autistic son’s backpack to pick up the suspected verbal abuse from the boy’s bus matron.

The line can be very fuzzy over just when it’s ethical for a parent to tap a child’s phone conversations and when it’s done for more self-serving reasons, such as in divorce cases. Again, it’s legal in New York, because it was determined that the potential benefits far outweigh the potential grievances.

At least 12 other states, though, are on board with this doctrine of vicarious consent, including New Jersey, Texas, Arizona, Maine and the Carolinas. Hopefully, not too many parents will abuse this legal right and end up eavesdropping for the fun of it or to show off their “power” as the adult in charge.

But that fact is, kids can get into lots of trouble with their physical and digital lives if their parents are unaware of what’s going on.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Beware of the CEO E-mail Scam

Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.

emailThe hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.

The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.

Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.

This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:

  • Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.
  • Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.

Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.

Next, the victim should file a complaint with the IC3.

How can businesses protect themselves from these scam e-mails?

  • Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.
  • Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Before you die, do This

“Nobody likes to do it, but it has to be done.” You’ve heard that before. This time, it applies to 26 documents that you should have all bundled up in a folder that trusted family members have access to (someplace where fire and water won’t damage them). But first let’s go over some details about what should be in that bundle.

1PEssential Documents

  • Your will: Some say not a copy, but the original, accompanied by instructions. Supplying everyone in your will a copy is also advised by others.
  • A completed power of attorney form that your benefactors have access to, should you become rendered impaired.
  • Complete list of loans you’ve made to others, and debts.
  • Proof of ownership of the following if you have them: owned property/housing, vehicles, cemetery plots, savings bonds, stock certificates, brokerage/escrow mortgage accounts and partnership/corporate operating agreements.
  • Last three years’ of tax returns might seem excessive, but if you can, do it.

Bank Accounts

  • Name of bank and phone number, account numbers, online login information
  • Register a family member or spouse’s name with the bank; have them sign the registration document to allow them access to your accounts.
  • A list of safe deposit boxes if you have them

Retirement List

  • Pensions
  • Annuities
  • IRAs
  • 401ks

Medical

  • Power of attorney form. If you become incapacited, who will make medical care decisions for you? This should also be IN your will.
  • Choose your POA attorney while you’re of sound mind.
  • Have it spelled out how you’d like to be treated in the event of incapacitation (and this includes what should be done if you end up in a persistent vegetative state). Who pulls the plug?

Marriage & Divorce

  • Does your spouse know where your marriage license is?
  • If you’re divorced, make sure there are documents spelling out child support, alimony and any property settlements and financial divisions. To avoid disputes, include bank account numbers for the appropriate settlements.
  • Keep copies of life insurance documents.
  • Last but not least is the qualified domestic-relations order, that can prove your spouse got a share of your retirement accounts.

Life Insurance

  • Family members should have copies of life insurance documents and contact information for the carrier.

In a Nutshell, the Top 26

  1. Marriage license
  2. Divorce papers
  3. Living will (what should be done if you’re alive but incapacitated)
  4. Personal/family medical history
  5. Authorization to release medical care information
  6. Durable healthcare POA
  7. Do-not-resuscitate (DNR) order
  8. Tax returns
  9. Housing, land and cemetery deeds
  10. Escrow mortgage accounts
  11. Proof of loans made and owed debts
  12. Titles for vehicles
  13. Stock certificates, savings bonds and brokerage accounts
  14. Partnerships and corporate operating agreements
  15. Life insurance policies
  16. IRAs
  17. 401ks
  18. Pension documents
  19. Annuity contracts
  20. Bank account list
  21. List of bank usernames and passwords
  22. Safe-deposit box list
  23. Will
  24. Letter of instruction for the will
  25. Trust documents
  26. Updated passwords document for all your critical accounts.

Do you have docs you think should be on this list? Please provide in the comments.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Posting Kids’ Photos online is illegal?

In France, anything is possible. Like getting tossed in jail for posting your children’s photos on Facebook.

12DYes indeed, it’s true. People in France might be put behind bars for putting their kids’ pictures on Facebook. Or, they may face heavy fines. This is because the French authorities deem posting kids’ photos online threatens their security.

Parents are being warned about the consequences of this violation. The authorities believe that posting images of one’s kids online can lead to some pretty nasty things:

  • Photo-napping, particularly by pedophiles
  • Stealing the images and posting them on adoption sites
  • Kids, when grown, suing their parents for emotional damage that they think resulted from photos of their younger selves being posted online
  • Parents may even sue each other if photos of their kids go up after a divorce.

France’s privacy laws are a force to be reckoned with. How does a year in prison and a fine of almost $50,000 sound for posting children’s photos? Wow, French parents really better watch out when posting that photo of the family reunion or company picnic with kids in the background.

If you’re poo-pooing France right now, save your poo-poos for Germany as well. German police are urging parents to stop posting their kids’ images—especially because a lot of people are putting up images of their kids naked in the context of water activities.

Maybe if fewer parents got off on posting pictures of their naked toddlers and even older children (one can only guess what these parents are hoping to accomplish), the police wouldn’t be so rigid.

Still think the police are over-reacting? And maybe they are, but consider this: According to The Parent Zone, the average person posts nearly 1,000 images of their child online by the time that child blows on five birthday candles. Now maybe The Parent Zone isn’t the gospel, but we all know people who seem to have 8,000 pictures up of their children on social media.

What’s even more staggering, says The Parent Zone, is that 17 percent of these parents have never bothered to set their Facebook privacy settings. And 46 percent checked the settings only one or two times. This all means that these parents absolutely are in denial that some weirdo isn’t drooling over their naked preschooler in the backyard baby pool.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect Yourself from Online Dating Scams

$200 million: The amount people were ripped off by online dating scams in a year.

1FDUI: dating while under the influence…of the quest for love…is costly to countless people.

A nytimes.com article notes that this quest impairs judgment, making it easy for con artists to bilk lonely people. Or are some people just plain stupid? But many victims are highly educated.

It all begins with a phony profile that grabs the victim’s attention. The nytimes.com report points out that the scamster uses attractive photos stolen off of other sites.

INTERRUPTION: If he/she is too gorgeous to be true, right-click the image to see where else it appears online! Is “Emilene McKenna” whom she says she is?

These scammers come from anywhere on the globe.

  • They prey upon loneliness, greed and desire.
  • Overseas scam rings
  • Solitary scammers working at home late at night
  • Women, not just men
  • They almost always profess to be in a glamorous or exciting line of work, though occasionally, they’ll pose as a more common person (perhaps to appear less suspicious).
  • People of all ages and walks of life, plus sexual orientations, are targeted.
  • The common denominator is a request for money.
  • Reasons for money requests run the gamut but usually focus on medical bills, legal fees or fees relating to a planned trip to meet the victim (which never occurs).

The nytimes.com article quotes victim specialist Debbie Deem that these con artists are skilled at mirroring the victim’s needs and creating “a sense of intimacy very quickly.” The victim soon becomes convinced that this is their soulmate—and thinks nothing of sending them the requested money.

However, the scammer may reveal their true colors after luring the victim into posing for raunchy photos or videos: The crook threatens to expose these unless the victim sends them money.

Other Facts

  • Being offered a spouse is a growing ruse.
  • Some victims have lost over $400,000.
  • Significant contact from the scammer lauding the victim.

How to Protect Yourself

  • If you haven’t already figured that out after reading this article…I’m very worried.
  • In addition to right-clicking the photo, copy and paste the profile’s narrative into a search engine and see if it shows up anywhere else like on an unrelated person’s blog or another dating profile under a different name.
  • NEVER SEND MONEY! Think: They’ve gotten this far in life without your financial help; they’ll survive without it.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Products to keep Kids safe online

Some people believe that monitoring your kids’ online activities crosses the line of privacy or trust. But monitoring and controlling online activities is, essentially, no different than controlling access to the cookie jar or TV or even locking a liquor cabinet.

Which brings me to a way that parents can always know exactly what their kids are doing in cyberspace. And control when, too. This is possible due to a type of software known as “parental control” that monitors the goings-on of any connected device in the home network, in concert with a mobile app.

Parental control software is very important to most parents, and they’re always looking for the latest technology. The Pew Research Center’s recent report says that 95% and 93% of U.S. parents have spoken to their teenager about sharing-safety and appropriate online behavior, respectively.

Gadgets like this include Circle and KoalaSafe (easy setup, $99 each). With these, you can even set certain activities to be off limits when you apply filters. When you see your teen daughter’s activity going to a “pro-ana” site, you can bar her from getting on.

Circle

  • Scans all traffic on your home’s network.
  • Traffic data is not stored on Circle’s servers.

KoalaSafe

  • Provides a Wi-Fi just for kids and tracks only that.
  • Uses cloud servers for monitoring.

From your mobile you can watch what your kids are up to in cyberspace, but these gadgets can’t monitor or control 100% their activities (such as Snapchat)—but will do enough for you to know that the cookie jar, figuratively speaking, is bolted shut with a good lock.

Even if your child is a goody two shoes, they may still accidentally get on a site you’d never want to show your grandmother. Circle and KoalaSafe will help control this scenario. This software can also track how much time kids spend with certain activities such as being on Facebook, and you can set time limits.

But remember, parental control software, no matter how good it is, should be seen as an adjunct to one-on-one communication with your kids, not the replacement of it. Parental software isn’t just for “bad” kids, but serves as an extra tool for parents that keeps up with today’s technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Can the cloud be trusted?

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

4HA cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

  • How often do you clean out dormant accounts?
  • What type of authentication is used?
  • Who can access and see my data?
  • Where is the data physically kept?
  • What level of encryption is in place?
  • How is the data backed up?
  • What’s in place for physical security?
  • Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

  • All data, even if old or irrelevant, should be backed up.
  • Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
  • Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

11 Ways to Mitigate Insider Security Threats

Companies are constantly attacked by hackers, but what if those attacks come from the inside? More companies than ever before are dealing with insider security threats.Here are 11 steps that all organizations should take to mitigate these threats and protect important company data:11D

  1. Always encrypt your data If you want to minimize the impact of an insider threat, always encrypt data. Not all employees need access to all data and encryption adds another layer of protection.
  2. Know the different types of insider threatsThere are different types of insider threats. Some are malicious, and some are simply due to negligence. Malicious threats may be identified by employee behavior, such as attempting to hoard data. In this case, additional security controls can be an effective solution.
  3. Do background checks before hiringBefore you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior.
  4. Educate your staffEducating your staff on best practices for network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior.
  5. Use monitoring solutionsThere are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack.
  6. Use proper termination practicesJust as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave.
  7. Go beyond the IT departmentThough your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats.
  8. Consider access controlsAccess controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data.
  9. Have checks and balances for all staff and systemsIt is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords.
  10. Analyze network logsYou should collect, store and regularly analyze all of your network logs, and make sure it’s known that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack.
  11. Back up your data Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. See him discussing identity theft prevention.Disclosures.

How to recycle Old Devices

When it comes to tossing into the rubbish your old computer device, out of sight means out of mind, right? Well yeah, maybe to the user. But let’s tack something onto that well-known mantra: Out of site, out of mind, into criminal’s hands.

7WYour discarded smartphone, laptop or what-have-you contains a goldmine for thieves—because the device’s memory card and hard drive contain valuable information about you.

Maybe your Social Security number is in there somewhere, along with credit card information, checking account numbers, passwords…the whole kit and caboodle. And thieves know how to extract this sensitive data.

Even if you sell your device, don’t assume that the information stored on it will get wiped. The buyer may use it for fraudulent purposes, or, he may resell to a fraudster.

Only 25 states have e-waste recycling laws. And only some e-waste recyclers protect customer data. And this gets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device.

Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless.

To verify this widespread lack of insight, I collected 30 used devices like smartphones, laptops and desktops, getting them off of Craigslist and eBay. They came with assurance they were cleared of the previous user’s data.

I then gave them to a friend who’s skilled in data forensics, and he uncovered a boatload of personal data from the previous users of 17 of these devices. It was enough data to create identity theft. I’m talking Social Security numbers, passwords, usernames, home addresses, the works. People don’t know what “clear data” really means.

The delete button makes a file disappear and go into the recycle bin, where you can delete it again. Out of sight, out of mind…but not out of existence.

What to Do

  • If you want to resell, then wipe the data off the hard drive—and make sure you know how to do this right. There are a few ways of accomplishing this:

Search the name of your device and terms such as “factory reset”, “completely wipe data”, reinstall operating system” etc and look for various device specific tutorials and in some cases 3rd party software to accomplish this.

  • If you want to junk it, then you must physically destroy it. Remove the drive, thate are numerous online tutorials here too. Get some safety glasses, put a hammer to it or find an industrial shredder.
  • Or send it to a reputable recycling service for purging.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Protect Your Family Online With WOT

The web is a dangerous place. Malware, scams and privacy dangers are around every corner, and children can easily find themselves face to face with sites that are not suitable. What can a parent do? One option is to try WOT, Web of Trust, a free browser add-on.

WOT rates each site on the Internet for reliability, privacy, trustworthiness and child safety. When searching a website with WOT, you will see a colored icon, red for bad and green for good, which indicates if a user should proceed. You can also use the WOT rating for every site and read reviews from those who have been on the site.

wot1

WOT offers other features, too. For instance, when visiting a “red site” a large warning appears on the screen. This allows people to choose if they go through or surf away. Additionally, you can also click the WOT button in the browser, and you can see information about the rating of the site, too.

When performing an Internet search and you come across a link that looks fishy, WOT places a red icon next to it. You may also see a yellow icon, which indicates the site may or may not be safe, and gray icons indicate the site is unrated. Hovering over each icon will give you more details about the website, as well as ratings and reviews from users.

WOT2

The latest version of WOT has four levels of safety included. Lite, the lowest level, only shows icons for dangerous websites. The highest level, Parental Control, not only blocks dangerous websites, it also blocks any sites that are not suitable for kids.

Web of Trust is available as a browser add-in for Firefox, Google Chrome, Opera, Internet Explorer and Safari.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. This is a review opportunity via BlogsRelease. Disclosures.