How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //, or //  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Murder is a Reminder for Real Estate Agent Safety

911 calls are always chilling, but the one that came from a model home in Maryland recently was extremely distressing.

Instead of the caller speaking into the phone, all the 911 operator heard was heavy breathing. The operator asked what was wrong but got no response…then, a far-off voice said, “Where is the money? Who are you talking to?” This call, which was just made public, lead police to a man who was shot to death and, eventually, to the man accused of his murder.

The body of Steven B. Wilson, a real estate professional, was found in the home, and the suspect, 18-year-old Dillon Augustyniak, was charged with several crimes including murder, theft, armed robbery and the use of a firearm in a violent crime.

Steven B. Wilson Maryland Agent Death

Steven Wilson,

At this time, Timothy J. Altomare, the Anne Arundel Police Chief, says that he believes robbery was the motive and that the suspect had taken the victim’s laptop and cell phone. Though it is not known how Augustyniak entered the model home, police also said that he only lived about a half mile from the scene.

Local authorities believe that Wilson was placed the 911 call after being shot by teenager Dillon Nicholas Augustyniak. When the operator heard the voice from the background, presumably Augustyniak’s, police and an ambulance were dispatched. There was security footage from the scene that shows the suspect holding a long gun. It was also revealed that Augustyniak had not only stolen Wilson’s cellphone but had given it to another person.

Witnesses also say that Augustyniak was trying to sell his gun, which they believe is the same one that he used to shoot Wilson.

Dillon Nicholas Augustyniak,

Dillon Augustyniak,

Police later found an identical firearm in Augustyniak’s home. They also found Wilson’s laptop and cellphone. Augustyniak was taken into custody and is now off the streets, but this does open the opportunity for discussion about real estate agent safety.

It is imperative that agents remain vigilant at all times although there are no specific threats towards them. Though this crime might have been a crime of opportunity, it is certainly not uncommon for criminals to target open houses and other real estate events.

For agents out there, you might want to start thinking seriously about your surroundings when showing houses, and come up with a plan to protect yourself if necessary. This type of crime isn’t extremely common, but it does happen; since most real estate agents work alone, it is important to know what you are up against.

More information here on protection as a real estate agent.

Don’t Let a Pedophile Larry Nassar Happen to Your Kid

A very recent blog I published titled “15 Year Old’s Naked Photos Spread Like Wild Fire” is now of on the most clicked blogs on my site. It has significantly increased my websites traffic. But, scarily, for all the wrong reasons. The “15 year old naked pictures” part of the title is attracting skeevy pedophiles to my blog. Hi there pedophiles! Go jump off a bridge, your sucking up too much air!

You know Larry Nassar; the sick creep who worked as the doctor for USA Gymnastics. With up to or more than 156 victims, he was convicted of 10 counts of first-degree criminal sexual conduct, and he was ultimately sentenced to 40 to 150 years in prison. 150 years isn’t enough. I hope prison is as horrible as him.

One study says as many as 1 in 35 men could be pedophiles. Some studies suggest that the prevalence of pedophilia may be between 3% and 5% in the general population. That’s the WORLDS population. What this means is pedophilia, while horrible and not right, is “normal” in the sense that it’s an inherent human behavior that people are born with. It always has been, is, and always will be a human trait.

Nassar began working with gymnasts more than 40 years ago when he was an athletic trainer as a student. He graduation from the University of Michigan with a kinesiology degree, and in 1986, he joined USA Gymnastics. He went on and received a degree in osteopathic medicine from Michigan State, and by 1997, he was the team physician for USA Gymnastics and became an assistant professor. He kept both jobs until his evil crimes were revealed.

How can you keep your kids safe from the Larry Nassar’s of the world? Here’s some tips:

Believe them When They Try to Tell You About Abuse

Many parents were told that Nassar was being abusive to their children, but they didn’t believe them at first. Some people still don’t believe that Nassar is guilty, too. People like Nassar are often charming and manipulative and are great at making people believe they are innocent.

Anyone Can Abuse

To most people, Nassar was always caring and kind, and this is what he showed the community and the parents of his victims. Don’t believe it.

Abusers Do Their Best to Win the Trust of Their Victims

Nassar did all that he could to make his victims and their parents trust him. He saw them socially, and even went to their homes.

Reach Out to Police Immediately

If something does happen to your child, reach out to your local police department as soon as you find out. Don’t let this continue happening. The police, unfortunately, don’t always take children seriously, so make sure that you don’t let them push your accusations aside.

Reach Out to Journalists

Consider reaching out to journalists about the case. The first reports of any abuse done by Nassar was actually posted in the Indianapolis Star in 2016. Not only does this help other abused kids from speaking up, it also helps to have the skills of an investigative journalist on your side. If the media hadn’t heard whispers of Nassar’s crimes, he might still be out there abusing kids.

Teach Your Kids to Speak Up

Most kids are taught that they need to treat adults with respect and not to question them. However, when an adult does something bad, it’s important that you also teach your kids to speak up and tell you when something seems weird.

Good and Bad Touches

Finally, but most importantly, teach your kids good and bad touches. I know most parents don’t even begin to know how to start this conversation. But the fact is, there are people in all our lives who seek opportunities with kids. Have uncomfortable conversations that tread lightly on the topic and gradually increase the frequency of this dialog so you know your kids understand. A quick search on Youtube for “Good and Bad Touches will provide you with excellent examples you can use to inform both you and your kids. The nonprofit Barbara Sinatra Children’s Center Foundation in conjunction with Wonder Media has developed a national campaign on a child abuse awareness and prevention. Check them out.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Equifax 2017 Exposed: What Half of America Needs to Do Right Now

Equifax has been hacked. As one of the three major credit bureaus in the United States, this is seriously bad. It is considered by many to be the worst security breach in the history of the internet. The extent (about 143 million Americans) and the sensitivity of the data is a rude awakening in a year when cyber has been in the center of the news.

What does this mean for you? It means that your Social Security number, and possibly even your driver’s license information, could be in the hands of hackers. Some are already calling this the worst breach of data in history.   

How Did This Happen?

On September 7th, Equifax announced that a security breach occurred that could impact as many as 143 million people. Though this isn’t the largest breach to occur, it could be the most devastating. The data that was accessed included Social Security numbers, address, birth dates, and driver’s license numbers. All of these can be used for identity theft.

Equifax also announced that the credit card numbers of more than 200,000 people were accessed, as were documents containing personal identifying information for more than 180,000 people. With this information, the hackers can commit credit card fraud. This isn’t as bad as identity theft, as credit card fraud is usually simple to fix, but these thieves could still open new credit card accounts in your name with your Social.

According to Equifax, the company discovered the data breach on July 29. Apparently, the hackers accessed the files from around mid-May all the way through July.

Richard F. Smith, the chairman and CEO of Equifax, admits that this is a “disappointing event” and that it “strikes at the heart” of the goals of the company. He also apologized to customers who work with Equifax and consumers. Boo hoo. I cry for you.

Why Did It Take So Long to Announce This?

You might be wondering why it took so long to announce that there was a data breach at Equifax. After all, the company discovered it on July 29, and didn’t announce it until September 7. Their Director of Social Media, has an answer. She said that as soon as the company discovered the breach, they stopped the intrusion. The company also hired a cybersecurity firm, which did a full investigation. This investigation was time consuming, and they wanted to have all of the information available before informing the public. Makes sense.

But Wait…There’s More

To add to this story, Bloomberg News announced that three executives from Equifax sold shares worth about $1.8 million. What’s shocking is that they did this AFTER the company discovered the breach. This will come back to bite them.

You can check to see if you are affected by the breach by using an online tool that Equifax has set up. FYI, I checked out my info, I’m a victim.

You should go there, enter your last name and the last six digits of your Social Security number, and the system will tell you if your information has been compromised. If it has, Equifax is offering a complimentary enrollment into the TrustedID program. However, there is language in the terms of service that may restrict your ability to have your day in court if you were to join a class action and the NY Attorney General is pissed. According to USA Today, a class action lawsuit has already been filed against Equifax. This class action suit seeks to secure all records associated with the breach and fair compensation for those who were affected.

Read the NYT.

You don’t have to have done any type of business with Equifax to be affected by this. If you have ever applied for a mortgage, loan, or credit card, the company likely has your information. The TrustedID program is going to be free for an entire year for anyone affected. It gives consumers the ability to lock and unlock their credit reports. They also get internet scans for their Social Security numbers and identity-theft insurance. You can also call Equifax at 866-447-7559.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Six Steps for Keeping Your Mobile Secure

Mobile phones are a world away in terms of capabilities to what they were 10 years ago. Research from Doilette has found that 72% of people in the UK now own a smartphone device.

Considering all the personal information evidently available on your phone, it’s probably about time that you properly protected it. Read more HERE

Technology that verifies MOOC test takers on the spot

8DEver hear of MOOCs? The acronym stands for massive open online courses: the free online courses taught by professors at leading universities.

MOOC business model problems

  • Cheating: Professors can’t tell just how much students rely on Google for help during an exam. A proposed solution has been that students take exams at regional testing centers, but barriers to this include: access to these centers especially in multiple countries, cost and convenience – after all these are free courses.
  • Student identity: Who’s to say the person taking the test isn’t an imposter and not the person who will actually get the grade?
  • Completion rate: Even something as simple as having skin in the game can make students feel more engaged. Most MOOCs are free, so students don’t feel a financial bite if they drop a course or perform poorly.

Many prominent schools, such as MIT, are investing significant resources in MOOCs; however, the viability and success of MOOCs will be ultimately be determined by the legitimacy of the degrees received—and that goes back to the legitimacy of the identities of the people who study the courses and take the final exams.

Remote proctoring

Just like sitting in a classroom under the supervision of a teacher, students need to be monitored as they are sitting in front of their PC, phone or tablet to ensure that they in fact are the ones that took the test.

How does remote proctoring work?

One proctor can monitor via webcams a maximum of six students simultaneously, keeping on the alert for suspicious behaviors such as suddenly wandering eyes.

Human monitors can track students via screen sharing and webcams, even monitoring students’ typing styles to possibly identify test-taking imposters. Newer technologies can remotely track test takers’ mouse clicks and even keystrokes. What these proctors don’t do is verify the identity of the test taker, read on.

Why webcams and keystrokes fail

It’s possible for a test taker to be a different person than the one who enrolled. One technology to nab this problem matches photo IDs to webcam photos.

The obvious flaw here is that if the test-taking imposter resembles (either naturally or artificially) the enrollee, the scam may work. However, a software program analyzes typing rhythm or keystroke dynamics of the enrollee, which is then compared to typing done during a test—but one of the major problems that keystroke dynamics runs into is that a person’s typing varies substantially during a day and between different days. People may get tired, or angry, or have a beer, or switch computers, or move their keyboard tray to a new location, or use a virtual keyboard, or be pasting in information from another source (cut-and-paste), or working with a voice-to-text converter.

Additionally, many tests/exams use multiple choice questions so keystroke analysis is not useful. The student also needs to enroll their typing pattern initially, so this pattern can be compared to subsequent log ins, adding an extra layer of cost. Additionally, any biometric capture of typing rhythm must be independently tested by a third party lab to prove acceptable (NIST) levels of false positives/negatives. At least one study I know suggests that keystroke analysis did not achieve minimum levels of security making this technology un-acceptable as a true means of verifying identity.

Maybe combining photo matching with typing analysis seems like foolproof technology—but webcams are often grainy, not everyone has one, IDs can be forged and things like makeup, hair dye, hairstyles, glasses and facial hair can all obscure the truth.

Technology will continue to be refined, and as it does it will soon get ahead of the imposters; likewise, more educational institutions will implement this technology, which isn’t airtight yet. However with MOOC’s the need to verify student identity exists and may make a large difference in how well they evolve in the marketplace. We need technology that can snuff out cheaters and identity fraudsters, and will work toward verifying the legitimacy of test takers.

Biometric signature IDs (BioSig-ID) argument:

One of the MOOC’s business models is to have students pay for a “verification” certificate that will establish that the student did attend/take exams/complete gradable events or generally was present for other course content. Personal investment in the process seems to work: Research has found that students who pay to be identified and verified to have taken a course and passed are substantially more likely to finish the course.

However, the MOOC’s typical methods of student verification fall short and don’t sit well with security experts. Different methods of verification are needed in order for the business model to succeed. Employers, to consider whether a “verified ID” certificate has any meaning in the workplace need more confidence that the student was “there” and learned the material- not just they signed up for the course.  To be successful, students need to be “identity proofed” at inception and at various times before accessing gradable events like tests, quizzes, interactive chats etc…Throwing up a photo ID and using keystroke analysis with their obvious limitations described above are just not acceptable in todays’ security world.

Some Biometrics like BioSig-ID use gestures such as length, speed, direction angle, and height of each stroke to define one’s unique pattern and can positively identify users as they log in from any PC, mobile or tablet.

These patterns are unique, and BioSig-ID software can distinguish the user from all others. Only a user who has successfully authenticated himself or herself against a previously created enrollment profile can access the device, exam, bank account, health information or other digital asset. What’s more they have created a robust audit trail that captures and compares the IP addresses and other history of behaviors over time. This forensic tool has even been helpful in catching student cheaters.

BioSig-ID’s “Missing Link” creation is patented software-only biometric that complies with the new gold standard for identity verification required by the Reauthorization of the Higher Education Act. It’s the strongest form of identity verification on the market today.

And there’s a twist: No additional hardware is required. This software biometric measures the unique way a user moves his or her mouse, finger or stylus when logging in with a password (consisting of a few simple strokes) created with BioSig-ID.

The BioSig-ID technology already used in over 55 countries for student verification, must have something going for it as it was chosen for the White House based initiative -National Strategy for Trusted Identities in Cyberspace (NSTIC) to create a new solution to verify user identity over the Internet before they can access a digital asset. Check them out at

Robert Siciliano, personal security and identity theft expert and BioSid-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

ATMs and student numbers rise across the UAE

The network of ATMs criss-crossing tourist hot-spots Dubai, Abu Dhabi and other popular destinations in the United Arab Emirates (UAE) is obvious testament to the huge strides taken in recent years by the Gulf country’s dynamic and expanding banking industry. However, there’s another sector that has rapidly grown, too, and it’s a success story that’s almost gone unnoticed. The sector in question is education.

A recent report forecasts that the number of ATMs – let’s call them cash machines – across the world is set to rise over the next few years by some 40 percent, up from 2.6 million last year to and estimated 3.7 million by 2018. Much of the growth will be driven by the Middle East and Africa and Asia Pacific regions, says the report.

Meanwhile, the number of students enrolling in UAE universities and other higher educational institutions has risen by 31 percent in the last five years, according to a report issued earlier this year by Dubai’s Knowledge and Human Development Authority (KHDA). The KHDA says that in Dubai alone, student numbers were up 11 percent in 2012.

And there’s more positive news. The UAE is now the fourth most attractive education destination in the world for students looking to pursue their studies abroad. The claim was made in an article in business magazine Gulf Business which cites the findings of a survey carried out by Dubai International Academic City (DIAC) and Deloitte.

The survey of 2,400 students and a number of companies across the Middle East, Africa and Asia found that the UAE was recognized particularly for its strength in science, finance, economics and management. The students identified Dubai as likely to be their educational destination of choice while the majority of companies described the city’s position as a centre for higher education as good or excellent.

The article says that according to the corporates surveyed within the study, there were 64 skills in high demand across sectors such as tourism and telecoms. There was potential to address some of the skill gaps identified by creating bespoke academic programmes and collaborating with existing academic partners to offer courses within the UAE or in the students’ home countries.

DIAC has been quick to respond to the findings, announcing in August that its universities will be increasing the number of courses on offer by more than 10 percent for the 2013/14 academic year. In direct response to industry demand, universities including Amity, Heriot-Watt and IMT will add an additional 35 degrees in tourism and hospitality, engineering and accounting to their existing portfolio, bringing the total number of degrees to 355. Of the new courses, 11 will be undergraduate, 17 postgraduate and 7 PHD programmes.

News of the new programmes follows a record year at DIAC, which has seen the likes of the University of Wollongong Dubai, Middlesex University and Amity University significantly increase their presence in Dubai – growth that is, in part, due to increased student numbers (20,000) and student enrolment numbers (26%).

DIAC managing director Dr Ayoub Kazim said he was delighted to see the universities expand the number of programmes on offer, particularly in STEM subjects (science, technology, engineering and mathematics), along with tourism and hospitality and accounting. This was a sure sign the higher education sector in the region was responding to the demands of local industry.

Check out the DIAC website here.

Against the Odds — Do’s and Don’ts for Configuring a Secure PIN Number

Against the Odds — Do’s and Don’ts for Configuring a Secure PIN Number

We all know that someone who’s waiting for their ‘numbers to come up’ is hoping for a lottery win. However, to fraudsters your PIN number is the jackpot, and depending on the methods that you use to configure and protect your PIN number, they have a greater or slimmer chance of hitting it than winning the lottery.

Here are some of the mistakes that people make when devising their PIN number, and what you should do instead to create your own and avoid become a victim.

Writing down your PIN number

Some people take the risk of writing their PIN number on their debit and credit cards or keeping it in a compartment of the same wallet or purse as the cards themselves. Keeping both together is never a good idea. Both can fall into the wrong hands easily.

Of course, some people use the same number for every single credit card they own as they’re out and about on their travels. Again, that’s a bad idea. You should use a different one for each card.

If you really must jot it down somewhere, write it in an obscure place such as in the chapter of a book. No one would think to look in page 421 of War and Peace. Don’t tell anyone your PIN number, either— not even to your best friend (some do!).

Consecutive numbers or words

123456 is a common PIN that can be cracked with a “dictionary attack” program. Princess and Password are common too. It’s always best to mix things up, use phrases  combine letters, words and numbers and use upper and lower case.

Using a date with words

A popular way to remember one’s PIN number is to choose a date (or dates) that’s easy to remember. For most people, of course, that’s their birthday or wedding anniversary. But in the age of social media, this is risky, even with good antivirus protection. Many people publish their date of birth in their Facebook profile, unaware that they’re exposing themselves to potential fraud should (identity) thieves visit their profile.

A better use of the date method is to combine years (like when you and your spouse were born) or months (like when two of your kids were born) that you remember easily but which are obscure to others. Then choose a code word or phrase that links the two and will remind you of both dates. Like BrattyKiDs200708 or HappyMarried196566. Toss some upper case in there and your pretty secure.