Facebook Photos bust Bank Robber

Do these bank robbers have bricks for brains? They actually posted photos of themselves with wads of the stolen cash on Facebook, says a story on thesmokinggun.com.

The alleged bank robers are John Mogan, 28 and Ashley Duboe, 24, and they’ve been charged with robbing a bank in Ohio. Mogan has already served time for a previous bank robbery conviction and was out on parole.

It all started when Mogan apparently sauntered into the bank and demanded money with a note. It’s not clear from the article whether or not Mogan brandished a weapon. At any rate, the teller handed over the money.

A video camera shows a thief in a hoodie exiting the bank with cash in his hands. Mogan has a distinct appearance in that both cheeks are tattooed.

Authorities believe that Duboe covered up the facial (and neck) tattoos with makeup prior to the robbery. Four days later, both geniuses posted their images to the Facebook page that they share, with Mogan pretending to bite into a thick wad of bills—which he refers to as a “McStack.” In another incriminating image, Mogan is pretending that the wad of cash is a phone.

A relative spotted the images, and from that point, things went sour for these Bonnie and Clyde wannabes. Both are currently behind bars, and the bond has been set at $250,000. Let’s see Mogan try to make a “McStack” with that amount and put his mouth around it.

Not surprisingly, neither of these two look too smug in their mug shots.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

LinkedIn targeted by Scammers

LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.

14DA report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.

With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.

Signs of Fraudulence

  • Profile photos appear on other, unrelated sites.
  • Duplicate summary profiles, some duplicated from other sites.
  • “Supporter persona” profiles use same basic template and have other similarities.

Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.

Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.

TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.

It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.

For Legitimate LinkedIn Users

  • If you suspect a profile is fake, cyber-run for the hills.
  • Link up with profiles of only people you know.
  • Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
  • If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
  • For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Burglars Use Social to target Victims

So you think it’s really a far-out left-field idea: a burglar studying Facebook and other social media to select homes to rob. Well think again.

14DA survey, conducted by home security expert Friedland, found:

  • 78 percent of burglars use social media to select targets.
  • 74 percent touted the virtues of Google Street View.
  • 54 percent pointed out how risky it is for social media users to reveal their whereabouts and status.
  • 80 percent said a home alarm system would scare them away.

So with everyone and his brother on social media, why wouldn’t burglars also jump on this bandwagon?

Why Burglars Love Social Media

  • People share every detail of their vacation—while on vacation. If there’s a photo of you sipping a margarita in Cancun, a burglar knows he has plenty of time to break into your house. Can’t you wait till you’re home to post all the photos?
  • Apps may have location-sharing features. Find out if yours do and review the privacy features. Did you know that these features can synchronize with other social media and reveal your whereabouts to strangers?
  • Do you know just who can see what you post on Facebook? Check the privacy settings and make sure you understand just who can see your posts.
  • Applications on your phone may be using your GPS without your knowledge. If you have an Android, go to Settings, then Location Services, then turn off the GPS. For the iPhone go to Settings, Privacy, Location Services and System Services. Turn on Status Bar to see which apps know your every move. For the Windows phone go to Settings, then Location.
  • Did you know that a photo is worth a thousand words when posted online? Words that burglars love, too. Crooks could extract “EXIF” data from photos that reveal where and when they were taken—including your home address. Though Facebook strips out this data, many sites don’t. EXIF data can be removed.
  • In theory, a burglar can do a reverse image search and learn too much about you. He may do a search on one of your images to learn everywhere else it appears in cyberspace, leading to your social media accounts and hence, username/s. If your username is your actual name, and it’s not too common like Patricia Adams, and your social media accounts reveal your city, he can find your address via a people-search directory.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Stay Safe While Traveling this Summer

So, when you think about summer travel safety, what comes to mind? Which beach you’ll be lounging on? Sunburns? Shark attacks? While sunburns and vacation plans are rational concerns most have when traveling during the summer, shark attacks are a new one.

4WWith all of the news of recent shark attacks, people are now anxious about wading into the waters, despite the fact that the chances of getting mauled by a shark are a whopping one in 3.7 million. No guarantees, of course, but your odds are looking pretty good.

Conversely, the odds of getting your identity stolen or your other valuable information compromised while on or planning for these fun summer trips with the family are much higher. So instead of worrying about sharks this summer, let’s worry about the real predators out there —online hackers and phishing scammers.

In order to ensure you and your family’s online safety while on vacation, you first have to find an ideal and preferably well-rated vacation spot to travel. The Web is replete with scam sites touting glorious vacation spots for bargain prices. Be wary because a lot of these locations are fictitious or are actual pictures of someone’s home “stolen” from, for instance, someone’s family blog or social media profile. The thief will then put up a fraudulent ad for renters and will request a wired upfront payment.

Book travel plans only via legitimate, reputable sites. McAfee® WebAdvisor is a tool you can use that will help to warn you of most unsafe web pages. Make sure to check reviews of any private lodgings and use legitimate, well-known travel review sites.

We all love to share what we’re doing on social media, especially kids, but avoid using location services when possible. According to the recent Intel Security study : Realities of Cyber Parenting , one in three children who are active on social media turn on location services for some or all of their social media accounts which can alert thieves that you are not home, making you vulnerable to break-ins.

Many users are unaware of these features, but the service is available, and probably enabled on almost all of your most used apps, such as Facebook, Twitter, Instagram, etc. In order to fully protect your online data, when your computer devices are not in use, the Wi-Fi, location services and Bluetooth all should be turned off. Educate your kids to disable these services and not to download apps that request this information to run.

Additional Safety Measures You Can Take:

  • Lock your luggage
  • Do not post your travel plans online
  • If you’re taking any computer devices along, back up all their data first
  • Power down, password-protect, and lock these devices prior to travel
  • The person next to you on the plane can visually eavesdrop while you type in login information—beware. Better yet, avoid computer use while on the plane, and watch movies instead
  • Never use public Wi-Fi, at least for important transactions including purchases. Not only can thieves snatch data out of the air, but cybercriminals can also install public computers with data-stealing gadgets. If you must use public Wi-Fi for sensitive communications, use a virtual private network (VPN), which will scramble your data

Even after taking all of these precautions before and during your trip, your job is not done! Once you return home from your trip, it is vital that you make sure all of your information and charges are accurate. Make sure to immediately check your online credit card statements for unauthorized charges—before you invest time posting all about your trip on social media. Credit card fraud or identity theft can occur in well under 24 hours, so don’t put off checking your card status when you come home.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Social Media Scams on the rise

Social media is a conduit for thieves to get personal data (they can use it, for instance, to open up a credit line in the victim’s name). Though many people are concerned their personal information will get in the wrong hands, the funny thing is that they continue posting personal information—way too personal.

14DThe FBI’s Internet Crime Complaint Center says that social media is a fertile area for criminals to scam people.

Phishing

You are lured to a phony website that masquerades as your bank or some other important account. The lure might be a warning that you’ll lose your account unless you click the link to reactivate it. Once on the site, you’re then lured into typing in your login information—that the scammer will then use to gain access to your account.

  • Never click these links!
  • Use antivirus/malware protection!

Clickjacking

You’re lured into clicking on a link. Once you do this, trouble begins, either with a download of malware or you being suckered into revealing account information—to the thief on the other end.

Recently I was perusing the FB page of a person I knew from school, and a recent post was what appeared to be a video in still format, ready to be clicked for viewing.

And what was the lure? A man’s head and torso on a road, his severed legs nearby, with the caption saying that this motorcyclist’s cam had recorded his fatal accident. This was surely a scam because the photo has been around for quite some time with only scant information. Now suddenly there’s a video of the accident? Yeah, right.

  • Don’t click on any videos purporting to show something like “Footage Shows Shark Biting Man in Half” or “Top 20 Blondes of All Time—Naked!”
  • Even the “Share” and “Like” buttons could be malicious. Skip these. These days you can’t be too careful, what with all the foaming cyber criminals out there.

Doxing

Doxing is that of leaking someone’s personal identifying data into cyberspace without their permission, potentially leading to ID theft, among other problems.

  • Think twice before you post personal details on social media. Enough seemingly trivial details could add up to something significant to a savvy fraudster.

Make sure your privacy settings are at their highest, but this is only an adjunct to being very judicious about what you post.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Question: Should You worry about Kids on Social Media?

With all the increased news coverage of kids running off with adults they met online, and kids dying by suicide supposedly due to online bullying, many parents are wondering if their worries about their kids being online are justified.

14DWe hardly hear about how social media has benefited kids. There’s nothing inherent about electronic communications or electronic media that makes it bad for kids. There will always be bad people out there—online and offline.

An article on commonsensemedia.org lists multiple ways good things can come to kids who use social media.

  • Makes friendships stronger. The site did a study called Social Media, Social Life: How Teens View Their Digital Lives. More than half the participants said that social media has benefited their friendships. Only four percent said it hurt them. And 29 percent reported social media made them feel more extroverted, while just five percent said it made them feel more introverted.
  • Creates a sense of belonging. The article points out a study from Griffith University and the University of Queensland in Australia that concluded that teens today are less lonely than they were in past decades. The ease of being connected makes kids less isolated.
  • Online community support. Online communities exist for just about everything, so that even the most geekiest, nerdiest outcast can find a group who accepts him or her. This includes support groups for kids whose parents are divorced and kids who are cutters.
  • Expressing themselves. And this doesn’t just mean venting, but social media allows kids to put up their creative work and learn how to become more skilled.

Being helpful. Instead of thinking that social media is bad for kids, consider that kids can be good for social media. Think of how many opportunities exist for kids to do something good, to help a person out—by posting uplifting messages and artwork, to name a few ways.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

6 Tips for Protecting Your Social Media Accounts

10 years ago, many of us were hearing about social media for the first time. Now, social media plays a giant role in our lives, allowing us to share pictures, connect with family and friends, and get updated news. Through social media, we can express ourselves to our inner circle and the world.

14DSo how devastating would it be if someone got a hold of your social media accounts?

They could really wreak some havoc, like sending dirty links to all of your followers on Twitter. Or worse, take personal information in order to steal your identity, which could take years to fix. Sadly, breaking into your social media account can be easy—just one wrong click on a phishing scam or using a weak password that is easy to guess

Luckily, there are a few things you can do to protect your social media accounts from hackers. Here are my tips:

  1. Discard unused applications. Take inventory of your social media accounts to see if there are any third-party applications that have access to your personal social data. Delete the ones you don’t use or don’t need. And make sure you are ok with what information they are accessing from your social profile/account as these can be gateways to your account for hackers.
  2. Be careful who you friend online. Only accept friend requests from people you know in real life. Often hackers will send requests so they can see the information you are sharing to help them take advantage of
  3. Sharing is not always caring. Double check your privacy settings to control who sees your posts. Also, be careful what you share online—think of what you post online as being there forever, even if you have privacy setting enabled. For example, sharing that you’re away on vacation could inform a thief that you’re not home and indicate to them it’s a good time to rob you.
  4. Use strong passwords. Using “password” as a password isn’t going to cut it. The strongest passwords are at least eight characters in length, preferably 12; contain a combination of upper and lower case letters, symbols and numbers, and are unique to each account. For more information on how to create strong passwords, go to passwordday.org. And don’t forget to join us to celebrate World Password Day on May 7th. If you have trouble remembering and keeping track of all your user names and passwords, a safe option is to use a password manager. I like, which allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.
  5. Multi-factor authentication. Imagine a hacker has your password, username and email and even knows the answer to your secret question. He can get into your account. But if you’ve enabled multi-factor authentication, the hacker will need another factor to truly access your account. So without your phone, fingerprint, face or whatever factor you’ve set up, the game’s over for him. With True Key, you have to keep you safe online.
  6. Use security software. Of course, keep all your devices updated with comprehensive security software like McAfee LiveSafe™ service.

Don’t let hackers hack into your digital life! For other tips, check out @IntelSec_Home on Twitter or like them on Facebook!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

The Security Costs of being too Social

One of the arguments against being very virtually social is that nobody is SO important that everyone wants to know, for instance, that this person is going to be at the local sports bar watching the Super Bowl (or almost nobody; sad to say, some celebrities have half the world following them).

14DAnother argument, however, against tweeting and posting your every move is that this tells burglars when you’ll be away from your house.

So, you’re important enough to post every detail of your life on Facebook…but NOT important enough to be the victim of crime, right?

WRONG.

Maybe you’re not so virtually chatty, but other people actually tweet and post from the sports bar to keep followers updated about their emotions regarding the big game. At the same time, these folks are letting burglars know they’re away from home and not returning too soon.

Why You Should Curb Cyber Socializing

  • It’s true: People have been burglarized because the thieves found out they were on vacation or away via their social media posts.
  • Because posting your whereabouts in social media could lead to a burglary, you’ll have to pay for the natural fallout of the crimes, such as a homeowner’s insurance deductible and a higher premium rate due to multiple claims.
  • You could even lose any claim-free discount on your policy.
  • Though carriers won’t deny coverage if your car was stolen as a result of something you tweeted, the carriers want you to know how potentially risky it is to make personal posts, such as, “Hey, the whole gang’s going to my Uncle’s lake house to watch the Super Bowl on his monster flat screen!”
  • Save the mundane updates for after the event, when you get back home: “Hey y’all, just got back from watching the game at Uncle Budd’s…I’m gonna call in sick tomorrow ‘cause I’m so upset that we lost!” Which as you can see, is just as stupid, because you’ll get fired.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

8 Ways to bullet proof your Social Accounts

There are ways to keep the hackers at bay—for the most part, anyways, since no protection is 100 percent efficient.

14D#1 Password protect.

A device lost or stolen puts all your accounts at risk. Even simply placing your devices on your desk, they can be accessed by a nosy spouse, contractor or baby sitter, putting your accounts at risk. All of your devices should be protected by a password or some kind of passcode, and set to lock up or hibernate after a certain period of inactivity. The lock can be a fingerprint or even a picture password.

Even if you’re the only person who uses your device, having a password is very important because you never know when someone may be able to abscond with your device, then pose as you in your Facebook account.

#2 Log out.

Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out.

#3 Remove apps you don’t use.

If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock out the ones you don’t use.

Each third-party app has the potential to act as a portal to hackers. In fact, every so often, go through these to weed out ones you don’t need anymore. Even legitimate applications can open doors of opportunity to hackers because their databases can become infiltrated.

#4 Two-step Verification.

With this, the login process has an extra step if you sign in on a different device. This means that crooks can’t get on with only your password and username. They need the extra code of two-step.

For instructions on how to set this up for social media, here are some common sites that provide them: Facebook, Twitter, Google, Gmail, Tumblr, Dropbox

#5 Don’t get reeled in.

Don’t blindly click on links in e-mails or instant messenger programs! Even if the link comes from a sender you know, that “sender” could actually be a fake sender line generated by a hacker.

Contact the person separately in a new e-mail and ask if they sent you a link. If the link is from a business, go to the business’s site rather than clicking its alleged link in your e-mail.

Though Web browsers and e-mail programs can spot these “phishing” attacks, they miss some; just don’t click on links inside an e-mail.

#6 Encrypt internet connections.

Whenever connecting to any critical account make sure the page you are connecting to is HTTPS, which the “S” makes it a “secure” page. Otherwise on open unsecured, unencrypted wireless, connect only using security software such as Hotspot Shield which encrypts all your wired and wireless communications.

#7 Easy Passwords.

The easier a password is for you to handle and remember, the easier it is for a hacker to crack. Stop using “princess” and 123456 as your passwords. Use a gibberish of characters that have no pattern and do not use words that can be found in a dictionary.

A password manager can help you manage a ton of passwords. Use different passwords for all of your accounts and include upper and lower case letters.

#8 Beef up password resets.

Review the social network’s password reset procedure. See if there are other measures they offer for restoring a hacked account, and get those activated. An example would be Facebook’s Trusted Contacts feature.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

15 Small-Business Social Network Nightmares

You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense.

11DCan you think of five social network nightmares you hope never happen to your business? How about 10?

Well, I can top that, because there are at least 15 social network mishaps that can haunt a business owner. Here’s a closer look at 15 types of trouble you can encounter on Facebook, Twitter and other popular social media platforms. Once you’re aware of all these potential dangers, you should take the necessary steps to prevent them from damaging your company.

1. Posting about illegal or questionable activities. Can you think of an illegal activity your employees might engage in that could get your company into trouble if they posted it on Facebook? How about underage drinking? If you employ teens under the age of 18 and any of them posted a photo of themselves drinking at your place of business, you could be in trouble with the law. And even if all your employees are adults, they can still post something unflattering (though not illegal) that could smear your reputation.

2. Account hijacking. Remember when the Dow dropped 150 points last April after someone hacked the Associated Press’ Twitter account and sent out a tweet that fraudulently claimed the White House had been attacked and President Obama had been injured? Don’t shrug it off—account hijacking can happen closer to home. Fraudsters may send your employees Twitter messages on their workplace computers that are designed to fake the recipients into thinking they’re receiving authentic messages when, in fact, the fraudster’s motive is to get money or sensitive data.

3. Bullying on Facebook. Bullying doesn’t just happen among kids; workplace bullying also exists, and what better place than on social media? Sometimes employees who manage a company’s social media get frustrated with the public’s comments and fight back with below-the-belt comments.

4. Online reputation management. Make sure you and your employees never post anything on Facebook that you wouldn’t show your grandmother or wouldn’t want going viral and damaging your brand.

5. Social media identity theft. Ever considered the possibility that someone could take your business’s name and use it for nefarious purposes? Someone could crack your password, take over an account and cause a trail of destruction. Or they could create a new account using your business’s name and post all sorts of alarming, but false, things about your company. Make sure your business name is protected by constantly navigating the Web, seeking out spoofed sites and your likeness or logo.

6. Financial identity theft. Does your company’s Facebook page include personal information about employees, such as the names of their pets or children? What about their birthdays? Hackers can take this information and use it to crack passwords to online business accounts. Be sure to use privacy settings, and make sure your company’s Facebook page isn’t full of personal details.

7. Burglaries. Never post information about vacation or travel dates on your social pages. Do you want the whole world (which includes crafty burglars) to know when you’ll be away?

8. Geo-stalking. Don’t use location-based GPS technology unless you absolutely need to (for instance, if you and your employees are on a “team building” trek in the wilderness and get lost). While search-and-rescue teams need to find you, stalkers who want your identity do not.

9. Corporate spying. Yes, it’s possible: A crook could pose as one of your employees, set up a Facebook group and invite all your employees to join. This enables the bad guy to gather sensitive data from your business and use it against you.

10. Harassment. Someone who’s disgruntled could stalk your brand and make false accusations. They could set up blogs and social sites, post videos and continually tweet their angry thoughts.

11. Government spying. It’s 10 p.m.: Do you know who it is you just friended on your Facebook page? The Associated Press says, “U.S. law enforcement agents are following the rest of the Internet world into popular social networking services, going undercover with false online profiles to communicate with suspects. Just don’t be a ‘suspect.’”

12. Sex offenders. Sex offenders have been known to pose as someone other than themselves—younger, a different sex, etc.—so they can gain the trust of their victims. You might connect with them online as a business only to discover down the road that they’re a predator.

13. Scams. A bad guy could set up a phony Facebook page and then create phony contests to slurp sensitive customer data such as names, addresses, emails, phones, account numbers and credit card numbers.

14. Legal liabilities. Privacy settings on Facebook can hide posts, but that doesn’t matter to a judge in New York who recently ruled that items posted on Facebook (as well as other social networking sites) can be used as evidence in court—even if the posts were concealed by the privacy settings.

15. Zero privacy. And speaking of privacy, don’t assume you actually have any, because thieves have already figured out how to yank data from the innards of Facebook that’s supposedly just for you and your closest colleagues to see. So be very careful what you put up on Facebook, privacy settings or not.

Robert Siciliano is the author of four books, including The 99 Things You Wish You Knew Before Your Identity Was Stolen. He is also a corporate media consultant and speaker on personal security and identity theft. Find out more at www.RobertSiciliano.com.