Exclusive Coaching Call Webinar Recording
/0 Comments/in Uncategorized /by Robert SicilianoMy interview with CNN has been trending all over the internet, and that makes me so happy because we talked about a very important topic–personal security. I’m so passionate about this subject that I wanted to provide some followup commentary. Use this link to view my most recent discussion, but this is not for the faint of heart…
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.
What it Means to be CSI Protection Certified
/0 Comments/in Uncategorized /by Robert Siciliano“A CSI Protection Certified Agent can help you decrease susceptibility to crime and ensure you are working with a trained, concerned professional. If your real estate professional holds the CSI Protection designation, you can trust that they will provide the skills necessary for a safe and secure transaction.”
If YOU know someone who should get CSI Protection certified, show them this: https://protectnowllc.com/
How Criminals Prey on the Art World and Real Estate
/0 Comments/in Uncategorized /by Robert SicilianoAny industry involving wiring transfers of large sums of money is vulnerable to this new type of hack. Purchasing a car, home or piece of art are large transactions and are not usually done in cash. In well-established industries like real estate, there are some checks and balances, but while one would think it would be very tough to pull off this scam in real estate, it is just as easy. I do not know how many billionaire art collectors follow my blog (they should!), but most of you are regular people like my family and friends.
Although many of us will never experience buying a million-dollar art piece from Italy, we can relate to purchasing a home. How can we make the world Safr? As a Safr.Me community, we need to rely less on industry security parameters and learn how to manually spot email-engineered money-wiring scams; they are not necessarily a common hack.
When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving mortgage closings and real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent. That means scammers are getting more efficient.
Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back.
One Victim’s Story
In my circles, I occasionally brush up against those whose lives are just perfect—or what most of us would consider perfect. They’ve made all the right choices, and with hard work everything lined up wonderfully. Anyway, I met a great husband and wife team, and this awesome guy is a money man. He handles investments not just for companies but for countries. That means big commissions. That means he’s a juicy target.
This level of income also allows one to develop and feed a taste for fine art. I’m not a museum or art aficionado by any stretch, but this persons art collection was amazing. Their art of choice is called Hyperrealism. Google it. It’s paintings that look like photographs, and to us common folk it’s called “Frikin’ Awesome.” When I attended a party at this person’s home with a bunch of others, we got a quick tour. After seeing this household collection, it must have been painfully obvious by all of our jaws dropping and our stupid (but appreciative comments) that we were all out of our league.
Anyway, money man purchased a $200,000 piece of art via email, which apparently isn’t unusual. Long story short, hackers intercepted his email communications via the hacked gallery and he wired $200,000 to a criminal. Remember, he’s in finance; finance guys are conditioned to recognize risk. When he looks back, there were slightly odd requests in the communications, but they made sense. Keep in mind, he was functioning in the security parameters in which this industry exists.
Lucky for him, his bank flagged the transaction because the account to which the wire was being sent was brand new, and a brand new account that’s being wired $200,000 is recognized by this bank’s anomaly detection software as potential fraud.
He called the gallery, and they concurred it was fraud. His heart sank, and he jumped into panic mode as one would when $200,000 is about to vanish. He then made every possible phone call to stop this transaction and got nowhere as 99% of the world’s population who is affected by something like this would suffer the same experience.
His ace in the proverbial hole was because of his role in his company and his professional connection to the particular bank. After losing 10 pounds from nerves, he was able to make a personal phone call to some muckety mucks at the bank and get the whole thing fixed. I’d pull the same strings if I had them. You would too.
How the Hack Works
Although it’s not entirely a new concept, this is the freshest approach hackers are taking; and it targets art galleries, collectors, real estate agents and your clients. You need to put this on your radar! This is a pretty simple hack. Basically, criminals are breaking into the email accounts of the art dealers who manage high-end galleries, and then they monitor the email correspondence. Breaking in, in other words, means “logging in” because millions of email addresses and their associated passwords are in the hands of criminals due to massive data breaches.
So, when the dealer or gallery sends an invoice to the innocent art collector via email, the hacker is triggered and will step in. The bad guy will now impersonate the dealer and warn that the invoice had a mistake on it or change up the instructions. The criminal does this to justify a wire transfer, maybe offering a slight discount, and then asks the buyer to send the money to a different account. Once the hackers have the money, the third-party hacker just disappears.
The Victims of This Scam
Both buyers and sellers are victims here, and in many cases, both are left in the dark because the hacker hijacks the conversation. In other words, they take control of the emails and play both parts. In the art world for example, when the gallery emails the customer, the hacker intercepts the email pretending to be that customer. The same thing happens when the customer emails the gallery. This gives the hacker plenty of time to cover their tracks and get away, and in the meantime, money and time is lost for all parties involved. There have even been some galleries that have had to close altogether due to the financial impact of account wiring and money transferring scams.
Why Art Galleries?
Good question. Interestingly enough, the reality is that hackers are only targeting the art industry because it’s really easy to do so. A wire fraud happening in the finance industry used to be a “thing,” but there are so many security protocols in place within finance making it difficult to pull off a transfer scam within the financial space.
Tips to Keep Email Fraud at Bay
These tips are for buyers, brokers, real estate agents and art galleries.
- All email account passwords should include uppercase, lowercase, numbers and characters. Never use the same password twice—NEVER.
- All email should have two-step authentication. This means after logging in, a one-time password is texted to the user’s mobile for account access.
- Make sure to change all passwords for online accounts, including Wi-Fi, regularly and especially after a data breach.
- Escrow services are your friend. There’s a ton of them. The gallery or broker will, or should, have a relationship with a trusted source.
- Pick up the phone, and confirm every aspect of a transaction until you are blue in the face and annoying everyone involved to the point you are satisfied that the money is safe.
- Update all of your anti-virus software.
- When you send an invoice via email, call or text a trusted number of the recipient to double check that they got it and that they have the correct account number.
- Urge all of your staff to remain vigilant when opening emails, and make sure that they do not click on any links or download attachments unless the correspondence has been verified by phone. If you have doubt, contact the sender by phone.
There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate. Take a look at our eLearning Courses and our S.A.F.E. Certification.
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.
How To Determine a Fake Website
/0 Comments/in cybersecurity, online scams, online security, Uncategorized /by Robert SicilianoThere are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:
How Did I Get Here?
Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.
Are There Grammar or Spelling Issues?
Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.
Are There Endorsements?
Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.
Look at the Website Address
A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com. Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.
Can You Buy With a Credit Card?
Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.
Are the Prices Amazing?
Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.
Check Consumer Reviews
Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.
Murder is a Reminder for Real Estate Agent Safety
/0 Comments/in burglary, Uncategorized /by Robert Siciliano911 calls are always chilling, but the one that came from a model home in Maryland recently was extremely distressing.
Instead of the caller speaking into the phone, all the 911 operator heard was heavy breathing. The operator asked what was wrong but got no response…then, a far-off voice said, “Where is the money? Who are you talking to?” This call, which was just made public, lead police to a man who was shot to death and, eventually, to the man accused of his murder.
The body of Steven B. Wilson, a real estate professional, was found in the home, and the suspect, 18-year-old Dillon Augustyniak, was charged with several crimes including murder, theft, armed robbery and the use of a firearm in a violent crime.
At this time, Timothy J. Altomare, the Anne Arundel Police Chief, says that he believes robbery was the motive and that the suspect had taken the victim’s laptop and cell phone. Though it is not known how Augustyniak entered the model home, police also said that he only lived about a half mile from the scene.
Local authorities believe that Wilson was placed the 911 call after being shot by teenager Dillon Nicholas Augustyniak. When the operator heard the voice from the background, presumably Augustyniak’s, police and an ambulance were dispatched. There was security footage from the scene that shows the suspect holding a long gun. It was also revealed that Augustyniak had not only stolen Wilson’s cellphone but had given it to another person.
Witnesses also say that Augustyniak was trying to sell his gun, which they believe is the same one that he used to shoot Wilson.
Police later found an identical firearm in Augustyniak’s home. They also found Wilson’s laptop and cellphone. Augustyniak was taken into custody and is now off the streets, but this does open the opportunity for discussion about real estate agent safety.
It is imperative that agents remain vigilant at all times although there are no specific threats towards them. Though this crime might have been a crime of opportunity, it is certainly not uncommon for criminals to target open houses and other real estate events.
For agents out there, you might want to start thinking seriously about your surroundings when showing houses, and come up with a plan to protect yourself if necessary. This type of crime isn’t extremely common, but it does happen; since most real estate agents work alone, it is important to know what you are up against.
Don’t Let a Pedophile Larry Nassar Happen to Your Kid
/0 Comments/in Uncategorized /by Robert SicilianoA very recent blog I published titled “15 Year Old’s Naked Photos Spread Like Wild Fire” is now of on the most clicked blogs on my site. It has significantly increased my websites traffic. But, scarily, for all the wrong reasons. The “15 year old naked pictures” part of the title is attracting skeevy pedophiles to my blog. Hi there pedophiles! Go jump off a bridge, your sucking up too much air!
You know Larry Nassar; the sick creep who worked as the doctor for USA Gymnastics. With up to or more than 156 victims, he was convicted of 10 counts of first-degree criminal sexual conduct, and he was ultimately sentenced to 40 to 150 years in prison. 150 years isn’t enough. I hope prison is as horrible as him.
One study says as many as 1 in 35 men could be pedophiles. Some studies suggest that the prevalence of pedophilia may be between 3% and 5% in the general population. That’s the WORLDS population. What this means is pedophilia, while horrible and not right, is “normal” in the sense that it’s an inherent human behavior that people are born with. It always has been, is, and always will be a human trait.
Nassar began working with gymnasts more than 40 years ago when he was an athletic trainer as a student. He graduation from the University of Michigan with a kinesiology degree, and in 1986, he joined USA Gymnastics. He went on and received a degree in osteopathic medicine from Michigan State, and by 1997, he was the team physician for USA Gymnastics and became an assistant professor. He kept both jobs until his evil crimes were revealed.
How can you keep your kids safe from the Larry Nassar’s of the world? Here’s some tips:
Believe them When They Try to Tell You About Abuse
Many parents were told that Nassar was being abusive to their children, but they didn’t believe them at first. Some people still don’t believe that Nassar is guilty, too. People like Nassar are often charming and manipulative and are great at making people believe they are innocent.
Anyone Can Abuse
To most people, Nassar was always caring and kind, and this is what he showed the community and the parents of his victims. Don’t believe it.
Abusers Do Their Best to Win the Trust of Their Victims
Nassar did all that he could to make his victims and their parents trust him. He saw them socially, and even went to their homes.
Reach Out to Police Immediately
If something does happen to your child, reach out to your local police department as soon as you find out. Don’t let this continue happening. The police, unfortunately, don’t always take children seriously, so make sure that you don’t let them push your accusations aside.
Reach Out to Journalists
Consider reaching out to journalists about the case. The first reports of any abuse done by Nassar was actually posted in the Indianapolis Star in 2016. Not only does this help other abused kids from speaking up, it also helps to have the skills of an investigative journalist on your side. If the media hadn’t heard whispers of Nassar’s crimes, he might still be out there abusing kids.
Teach Your Kids to Speak Up
Most kids are taught that they need to treat adults with respect and not to question them. However, when an adult does something bad, it’s important that you also teach your kids to speak up and tell you when something seems weird.
Good and Bad Touches
Finally, but most importantly, teach your kids good and bad touches. I know most parents don’t even begin to know how to start this conversation. But the fact is, there are people in all our lives who seek opportunities with kids. Have uncomfortable conversations that tread lightly on the topic and gradually increase the frequency of this dialog so you know your kids understand. A quick search on Youtube for “Good and Bad Touches will provide you with excellent examples you can use to inform both you and your kids. The nonprofit Barbara Sinatra Children’s Center Foundation in conjunction with Wonder Media has developed a national campaign on a child abuse awareness and prevention. Check them out.
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.
The Equifax 2017 Exposed: What Half of America Needs to Do Right Now
/0 Comments/in Data Breaches, Data Security, Identity Theft, Uncategorized /by Robert SicilianoEquifax has been hacked. As one of the three major credit bureaus in the United States, this is seriously bad. It is considered by many to be the worst security breach in the history of the internet. The extent (about 143 million Americans) and the sensitivity of the data is a rude awakening in a year when cyber has been in the center of the news.
What does this mean for you? It means that your Social Security number, and possibly even your driver’s license information, could be in the hands of hackers. Some are already calling this the worst breach of data in history.
How Did This Happen?
On September 7th, Equifax announced that a security breach occurred that could impact as many as 143 million people. Though this isn’t the largest breach to occur, it could be the most devastating. The data that was accessed included Social Security numbers, address, birth dates, and driver’s license numbers. All of these can be used for identity theft.
Equifax also announced that the credit card numbers of more than 200,000 people were accessed, as were documents containing personal identifying information for more than 180,000 people. With this information, the hackers can commit credit card fraud. This isn’t as bad as identity theft, as credit card fraud is usually simple to fix, but these thieves could still open new credit card accounts in your name with your Social.
According to Equifax, the company discovered the data breach on July 29. Apparently, the hackers accessed the files from around mid-May all the way through July.
Richard F. Smith, the chairman and CEO of Equifax, admits that this is a “disappointing event” and that it “strikes at the heart” of the goals of the company. He also apologized to customers who work with Equifax and consumers. Boo hoo. I cry for you.
Why Did It Take So Long to Announce This?
You might be wondering why it took so long to announce that there was a data breach at Equifax. After all, the company discovered it on July 29, and didn’t announce it until September 7. Their Director of Social Media, has an answer. She said that as soon as the company discovered the breach, they stopped the intrusion. The company also hired a cybersecurity firm, which did a full investigation. This investigation was time consuming, and they wanted to have all of the information available before informing the public. Makes sense.
But Wait…There’s More
To add to this story, Bloomberg News announced that three executives from Equifax sold shares worth about $1.8 million. What’s shocking is that they did this AFTER the company discovered the breach. This will come back to bite them.
You can check to see if you are affected by the breach by using an online tool that Equifax has set up. FYI, I checked out my info, I’m a victim.
You should go there, enter your last name and the last six digits of your Social Security number, and the system will tell you if your information has been compromised. If it has, Equifax is offering a complimentary enrollment into the TrustedID program. However, there is language in the terms of service that may restrict your ability to have your day in court if you were to join a class action and the NY Attorney General is pissed. According to USA Today, a class action lawsuit has already been filed against Equifax. This class action suit seeks to secure all records associated with the breach and fair compensation for those who were affected.
Read the NYT.
You don’t have to have done any type of business with Equifax to be affected by this. If you have ever applied for a mortgage, loan, or credit card, the company likely has your information. The TrustedID program is going to be free for an entire year for anyone affected. It gives consumers the ability to lock and unlock their credit reports. They also get internet scans for their Social Security numbers and identity-theft insurance. You can also call Equifax at 866-447-7559.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
Six Steps for Keeping Your Mobile Secure
/in Uncategorized /by Robert SicilianoMobile phones are a world away in terms of capabilities to what they were 10 years ago. Research from Doilette has found that 72% of people in the UK now own a smartphone device.
Considering all the personal information evidently available on your phone, it’s probably about time that you properly protected it. Read more HERE