Craigslist Robbery By Appointment

/in , /by

It’s springtime. You put an ad on Craigslist to get rid of some things, clean out your garage and make a few bucks while you are at it. Maybe you have an old diamond ring to sell. Or that truck you are driving isn’t what it used to be, so you decide it’s time to sell. 
The ad goes out, people call and you make the appointments. But, unfortunately, things don’t always go as planned, do they?

The Spec reports, The odds of being physically harmed from using an online classified service are not high, but a blend of cybercrime and physical crime is common enough in the U.S. that one police force there has offered consumers the opportunity to conduct online transactions in person at their police station.

“People believe that because it’s there online, and that someone is reaching out, that it must be legitimate … There’s a reason your mom always told you not to talk to strangers.”

Use Craigslist with caution. Don’t think for one second you can’t be robbed, burglarized, scammed or killed. Some people’s homes have been invaded, and it can happen to you too. Be very careful who you contact; you never know who the person is or what his motivation may be.

Get identification details pre-meeting. Make sure to get the full contact details of the other person and call back to verify. A little white lie like, “My brother is a cop and will be here” will make the person you’re dealing think twice about harming you.

Meet at a public location. Coffee shops, malls, police stations—anywhere but your home that involves lots of other people. The more eyeballs, the better.

Trust your instincts. Don’t discount any weird feelings you might have about meeting with this person. If something seems wrong, then it IS wrong. Cancel if you don’t feel right about it.

Enlist a buddy. Strength in numbers makes predators think twice. Predators thrive on isolation. By pairing up, you reduce the chances of being attacked.

Be street smart. Expensive jewelry and provocative clothing can invite an attack. Scarves around your neck give attackers something to grab and choke you with. Wear sneakers that you can run and fight in.

Be on guard. Just like Mom said, there is risk in meeting strangers. Being on guard can keep you from getting into a compromised position.

Stay in communication. Let your spouse, friends, family or coworkers know where you are going, who you will be meeting and when you will be back. Stay in contact on your mobile while you are meeting.

Use your panic alarm. If you are crazy enough to meet the other party at your home, have someone stand guard at your home security alarm’s panic button to summon the police if things go wrong.

Robert Siciliano, personal and home security specialist to BestHomeSecurityCompanys.com, discussing burglar-proofing your home on Fox Boston. Disclosures.

Graduates: 10 Stupid Things You Don’t on Facebook

/in /by

You’ve done it. You’ve graduated at last. Your whole life is in front of you. Now is the time to make plans, embrace the world, take responsibility, make a statement, do some good and make this place better than how you found it.

And this should go without saying, but please don’t be stupid.

I’m not preaching here; the fact is I am fully qualified to discuss this topic because every day when I wake up, I tell myself, “Today I’m not going to say something stupid.” But, being human, I often do or say stupid stuff. However, rarely do I make it public online.

Listen. I know it’s hard. I know you can’t help yourself. I know you think you know everything and I know you are telling me to shut up. But in the words of the lovely and talented Fire Marshal Bill: “LET ME TELL YA SOMETHING!”

What you say, do, post, like and even whom you friend on social networks will affect every moment of your life going forward. Social is the new norm, and even adults are guilty of the stupidity of putting something online that gets them busted.

With graduation coming and millions of you getting ready to enter the workforce, you need to be aware of what is and isn’t appropriate in the professional world. While many employers expect that their employees will maintain social media profiles and even support work initiatives via those channels, as a new grad, you need to be aware that your missteps in social media could taint your employer’s image and damage your professional reputation. When people do not use good judgment when posting and share the wrong content with the wrong people, they can jeopardize their careers.

According to McAfee’s Love, Relationships and Technology study, 13.7% of millenials (18-24 year olds) know someone who was fired because of personal images or messages that had been publicly posted and 13% of adults have had their personal content leaked to others without their permission

 GradGraphic_LRT1

It’s time to face the facts.

  1. Don’t deny this fact: YOU ARE BEING JUDGED EVERY SECOND OF THE DAY BY PEOPLE WHO ARE IN A POSITION TO HIRE AND FIRE YOU.
  2. Don’t do that! Learn from other people’s mistakes. When you see someone get in trouble, fired or arrested, DON’T DO THAT.
  3. Don’t friend people you don’t know. You have 3ooo friends? Seriously?
  4. Don’t take or allow others to photograph/video you with alcohol in your hands, drinking, smoking, doing anything illegal, scantily clad (or less) or making those stupid selfie fishy faces. You are an adult now.
  5. Don’t like, share or retweet racist, homophobic or off-color media or comments that make you look like a jerk.
  6. Don’t swear. EVER. It’s OK to say flippin’, freakin’, heck, maybe even effing, and shite. But once you start dropping F bombs, you look like an angry, uncouth juvenile delinquent. And seriously, I swear like cage match fighter—but not online. And I don’t care what your privacy settings are.
  7. Don’t log on while amorous or inebriated. Nothing good can come of that. Revenge porn anyone?
  8. Don’t ever talk about anyone in authority—your boss, coworkers, teachers, students, the president or anyone, for that matter—in a negative tone. Seriously. Unless the person is a serial killer or oppressive dictator, play nice.
  9. Don’t be so public. Lock down your settings. Most social networks have privacy settings that need to be administered at the highest level. Default settings generally leave your networks wide open to attack.
  10. As Howard Stern’s dad used to say to him: “I told you not to be stupid, you moron.”

You have been warned.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Safety Tips for Online Dating

/in /by

By Angie Picardo

According to identity theft expert Robert Siciliano, “Millions of people use online dating sites to broaden their networks and meet potential mates, but not everyone on these sites are sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust, and eventually, your money.” When seeking friends or dates via the internet, people often tend to be overly optimistic or trusting, but it is important to remember that some people may take advantage of the your trust. Here are some tips for staying safe while making friends online.

  • Keep your personal information personal. Details about where you live and work, your phone number or email address, or details that would lead someone to you with minimal effort should not be put in an online profile or shared with someone you’ve barely started communicating with. When selecting a profile name, don’t use your first and last name. Instead, choose a nickname or other title for yourself so that potential dates don’t have the key information for looking you up and learning too much about you in advance. If you’ve started talking to someone you feel you would like to exchange personal information, consider offering a secondary email account (email addresses are free and nothing stops you from having more than one) that isn’t directly linked to you or your work.
  • Trust yourself. Use common sense and your instincts to stay away from risky situations. If you feel nervous about someone or something, don’t go; you probably feel that way for a reason. If the person is really interested in you, she or he won’t hate you for rescheduling for a later time. Another part of trusting yourself is knowing what speed feels right for you. Don’t feel obligated to go somewhere private or unfamiliar just because the other person wants to. Again, you know yourself best and you have enough life experience to know when something could end badly: listen to yourself.
  • Meet new people in public. It seems obvious, but you shouldn’t bring total strangers back to your house (nor should you go to theirs). When scheduling a first meeting, plan to go somewhere public where a lot of people will be milling around. A park, restaurant, or museum can be great areas for public first dates not only because they are public, but because they are places where you can actually talk to your date and get to know him or her in person. When you have a first date with someone, make sure that you are in control of your own transportation situation by driving yourself, taking a trusted form of transit, or arranging a ride with a good friend. Don’t rely on your date to take you somewhere. Getting in a car with someone you barely know is not a great idea!
  • Tell somewhere where you are going. In case the worst does happen (it probably won’t, but it never hurts to be prepared), make sure someone knows where you are going and when you expect to be back. Let a good friend know that you are going on a date with someone new and agree to check in with them by a certain time so that they know you are okay. You might also set up a pick up spot in case you need your friend to pick you up if you need to bail on your date for any reason.

Online dating isn’t all about being cynical and mistrusting, of course, but taking precautions when meeting someone new will make it all the better when you meet someone who you want to get to know better. Anyone who is worth getting to know will be empathetic to your safety concerns and willing to work with you within your comfort zone.

Angie Picardo is a writer for NerdWallet, a personal finance website dedicated to helping you protect and save your money whether in online dating or finding the best options for LAX parking

Take Privacy Seriously When Transferring Money Overseas

/0 Comments/in /by

According to a study done by the World Bank, money sent home by expatriates last year totaled a staggering £335 billion (about $509 billion) – or three times the amount of global aid budgets. It’s common for workers all over the world to supplement the incomes of their families back home, but the current amount and frequency has also given rise to transfer fraud.

The most common methods are notifications of fake awards, a bogus money inheritance or requests for bank account information (there are countless – often imaginative – stories that fraudsters use to extract this data).

For example, an individual dressed as a policeman may approach you, saying that a relative or friend of yours has been in an accident and then request that you send money immediately for his or her hospital fees. Another example is an email request for proof of funds to make reservations for your holiday accommodation overseas. Thousands of people fall for these scams every year; use these tips to avoid falling foul of wire transfer fraud.

Secure your online banking
Obviously, the easiest way to avoid a scam is to verify the identity of the recipient. If you trade in different countries and pay suppliers all over the world, however, it can be difficult to verify every single party before transactions can be made. One way to secure payments is to work with a bank that’s linked with your home branch and which provides secure online banking. Remember that your bank will never ask you to verify your details via email.

A healthy dose of skepticism
Some of the best-known scams are those that claim you’ve won a prize in a foreign lottery and that you need to send over your bank details to receive it. Similar are the “Nigerian Prince” or “419” scams that offer non-existent rare pets, unclaimed properties – even romance – in exchange for your details and payments. Apply common sense when someone you don’t know contacts you – especially if you haven’t played the lottery in Nigeria recently.

It’s too good to be true
Another common type of financial scam is an offer to sell something at an incredibly attractive price through classified ads. The recipient will accept your money but you won’t receive the item in return. Remember that if an item seems too good to be true, it probably is.

Every day, scam artists are thinking up sneakier ways of scamming you out of your hard-earned cash, but they require a certain amount of trust from you to make a sale or obtain information. As long you remain skeptical and aware that these scams exist, you can avoid most of the common pitfalls. Keep up to date with the latest scams to ensure you don’t fall victim to wire fraud.

If you think you have been a victim of fraud or want to learn more about digital life, you can read more information here.

Highschooler Opens Bogus Twitter Account In School Directors Name

/0 Comments/in /by

We’ve seen this before and it never ends good. This time it’s resulting in an identity theft charge  for Ira Trey Quesenberry III, an 18-year-old student at Sullivan Central High School. A few years ago this would have been looked upon as a victimless prank. But times have changed and as social media sites like Twitter, Facebook, Linkedin and others have morphed into much more than just recreational websites, it’s not just unacceptable, it’s a crime.

The Twitter account was created with the name and photo of Dr. Jubal Yennie, director of the Sullivan County school district. The account has since been deleted but the tweets sent in Yennie’s name were reported to be of an embarrassing nature and not appropriate for a school administrator. Why would an 18 year old do something like that?

The Smoking Gun reports “Yennie contacted sheriff’s deputies last Friday to report the phony Twitter account. After investigators linked Quesenberry to the account, the teen reportedly confessed to opening it. Quesenberry was booked today by sheriff’s deputies, and is due to appear tomorrow in General Sessions court.”

Grab your/companies name/products/services people. Sites like Knowem.com will do this for free or for a small fee. The worst thing you can do is nothing. There are millions of stupid 18 year olds out there to make you look stupid-er.

Robert Siciliano, personal security and identity theft expert and Advisory Board member to Knowem. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Enacted Maryland Child Identity Lock Bill, is Useless

/0 Comments/in /by

This week the Maryland Child Identity Lock bill, went into effect. CBS Baltimore reports “Maryland State Delegate Craig Zucker is behind a new state law that just went into effect designed to protect a child from identity theft. “It will be the first time parents or guardians can proactively contact any of the three credit agencies and freeze their child or dependent information to protect against identity theft,” Zucker said. By freezing a child’s credit, crooks are out of luck.

Not quite Craig, but A for effort.  I mean that, and I hope you follow through and finish what you started.

The Huffington Post reported back in April “Under current Maryland law, credit agencies must place a security freeze on the credit of anyone who requests it. However, they can refuse to lock the credit of those who do not have a pre-existing credit report. That’s a problem for children. If they have a credit report, it likely means they’re already a victim of fraud.” Which is kind of exactly where we are today. Not much has changed.

Unless all 3 bureaus offer a proactive credit freeze then the bill fails, and it fails further if ALL children can’t get one, not just Maryland kids.

I contacted all 3 credit bureaus and only Experian offers a credit freeze for children and only if your child is a victim,  no matter what state you live in.  First go to Experians Credit Freeze Center then click “Add A Security Freeze” then Continue then “Place a Security Freeze on a Minor’s Credit File”

As of this writing, a phone call to Equifax at 1-800-603-9430 (a phone number only available by initiating a chat session) reveals the customer service agents have no knowledge of the Maryland Child Identity Lock bill, and will only freeze credit if the child is currently a victim of identity theft. Once a credit report is generated for a minor the damage is done and then a credit report can be frozen.

Transunion was a little more helpful in that they offer what they call a “Minor Supression” by going online seeking out “child identity theft” then calling 800-680-7289. The operator will then open a case and forward you to the fraud department. You should make sure to get a “Minor Supression File#” on each child and then send in the required documentation to the address they provide. But no credit freeze.

Being in the trenches and working with child identity theft victims I can tell you first hand that child identity theft is extremely damaging to a childs future. Most kids who are victimized have a hard time getting started as adults at the age of 18, when their credit makes them look like deadbeats. Their reputation is already damaged and getting credit, getting into schools or getting a job becomes 100 times harder than it already is.

The credit bureaus are in the best position to prevent child identity theft by simply tweaking their systems to allow a credit freeze BEFORE THE CHILD IS A VICTIM OF IDENTITY THEFT.

Us parents aren’t asking a lot. We just want to do our jobs and protect our children from what harm can come to our kids.

Robert Siciliano is personal security and identity theft expert and speaker. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Classified Ad Scams Target Pet Lovers

/0 Comments/in , /by

Classified Ad Scams Target Pet Lovers

I love my dog, 60lb German Shepherd. Small for a shepherd, but she was the runt. I’ve always rooted for the underdog. The underdog has more heart, more passion and often tries harder.

Anyway people love their pets, which is why it’s a multi-billion dollar a year business. Scammers know this too and they prey upon classified ad users who are seeking their next pet.

This story caught my eye, “A warning for internet users: an online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet.”

An ad was posted to a local online classifieds website by a man who claimed he was living in Florida. The seller said he had recently moved to Miami, and couldn’t keep his dog due to his new living conditions. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.

The couple sent a delivery service $220 by way of Western Union. The delivery service told the family to send another $820 or risk losing the dog. That’s when the couple realized they’d been scammed. They told the person on the other end of the phone the deal was off. But the caller kept calling, becoming more aggressive each time.

“He kept calling me saying the dogs here,” said the victim. “Making me feel like this poor dog is sitting somewhere unattended.” When the caller realized the couple wasn’t sending the extra $820 he threatened to turn them into authorities and charge them with animal abandonment. Officials determined the entire thing was a scam.

Scammers will say and do anything to get a person to part with their money. At first they had a sob story that sounded like a legitimate issue, new housing that wouldn’t allow a pet. When posted as a classified ad, it looks legitimate. Then they involved a “shipping company” that was a front for the scam. Once the victims were asked to send a money transfer, this should have been a red-flag.

It’s usually best to do business like this locally.

Never automatically trust anyone over the phone or via the internet.

Unless the business is one that is well established online, don’t ever send money that you can’t get back.

Many classified sites stop fraudulent ads from being published in the first place by incorporating device-based intelligence that helps them assess risk upfront. Fraud prevention technology offered by iovation Inc. not only helps these sites identify repeat offenders coming in under multiple fake identities, but they also detect when scammers are attempting to place multiple fraudulent ads using a variety of computers, tablets and smartphones to do so.  This greatly helps rid these sites of undesirables and protect their valued members.

Fraud analysts review thousands of transactions per month on auction sites. They watch for emerging schemes such as the popular “advanced fee schemes” where bad actors posing as sellers require down payments to be wired to them, and “text message fraud” where the legitimate sellers receive text messages that starts the process of being scammed.

Online businesses can see what kind of fraud records are associated with a device touching their website before accepting a new account registration, by tapping into iovation’s cybercrime intelligence network with over 10 million fraud events and more than 1 billion devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesidentity theft  in front of the National Speakers Association. (Disclosures)

Are Your Mobile Apps Up To No Good?

/0 Comments/in /by

Most of us have heard the saying “It’s 2am, what are your kids doing?” and you may know, but do you know what your mobile apps are doing? I know before I started working in the industry, I would not have given a second thought to this, but consider this.

Why would an app designed to monitor your mobile’s battery need to know your location via your GPS? How come some gaming applications ask users for their phone numbers? Mobile applications, especially free ones, require some level of your personal data in order to supplement development costs. This means “free” isn’t exactly free.

Unsurprisingly 97% of users don’t understand how permissions correspond to the risk of an app. The consequences of not knowing is once you share your personal data, it now can be use and sometimes abused and is out of your control forever. Check out this infographic…

 

If it’s digital then that means it’s also “repeatable” and can be copied, pasted, duplicated and sent an infinite amount of times. For example 18.3 million US adult Smartphone owners have looked up medical information.  32.5 million US adult Smartphone owners access banking information. Using applications that don’t care much about your privacy can expose this data.

Android applications can ask for 124 types of permissions and with these permissions someone can turn on your camera, monitor or modify or even kill outgoing calls, record images of your screen while you enter personal information, monitor and view texts or pictures and even scarier capture conversations in the room when no call is active!!

What’s troubling is 33% of apps ask for more permissions than they need, 42% of users don’t know what these permissions are and 83% of users don’t pay attention to permissions when installing an app. This all adds up to needing to know what your apps are doing.

To help you protect your privacy and identity when using apps you should:

Research apps by checking their ratings and reviews before you download

Only download apps from reputable apps stores

Read the Terms of Service (TOS) to determine what data the app is going to access on your mobile device.

Use comprehensive  mobile security app with app privacy features, such as McAfee Mobile Security, that will provide insight into the activity and safety of your apps

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

IT Security: Preventing Insider Threat

/0 Comments/in , /by

A “Logic Bomb” isn’t really logical, it’s a virus, designed to take down your corporate network and disable existing systems that may monitor data, protect it, back it up or access it. A logic bomb is designed to multiply like any virus and spread throughout a network multiplying its effects.

In a Wall Street Journal story an example provided, depicts an employee at Fannie Mae, knowing he is about to be fired commits an act of workplace violence by installing a logic bomb set to detonate almost 3 months after his departure. The detonation would have taken the organization off line for almost a week and cost millions and millions of dollars.

In this true insider threat story, an observant programmer, still employed noticed the code and disabled it before the damage could be done.

Think for a moment about your small business and how you would get in if you lost your keys. Maybe through an unlocked window?  And if a burglar knew what you knew about where you hide that extra key? How much damage could he do, knowing what you know? Insider threats pose the same problem. They know the ins and outs of all systems in place and can wreak havoc on your operation while they are employed and sometimes after they are let go.

The problems begin when we put people in a trusted place. They are granted access because that’s their job to perform certain duties and they are granted carte blanche access. Ultimately IT security is a people problem and needs to be addressed that way.

Preventing Insider Threat

1. Limited Sources; only grant access to a few trusted sources. Minimize the amount of staff that has access to whatever systems in place.

2. Due Diligence; in the information age, our lives are an open book. Background checks from information brokers are very necessary. Not doing a background check increases your liability. A person previously convicted of a crime just might do it again.

3. Limit Access; even a good apple eventually can go bad. By restricting the access to even those who are in a trusted position, in the event they turn sour, they can only do limited damage.

4. Defense in Depth; audit, audit, audit. This is all about checks and balances. Separation of powers. Multiple layers of authorization. We’ve all watched the movie where in order to launch the missile there were 2 keys held by 2 people, who pressed 2 buttons in order for the missile to launch. Put systems in place that facilitate someone always watching over someone’s shoulder. This way the bad apple can’t hide or execute their malicious intent.

5. Prosecute the Guilty; in the event of a breach of trust, make an example of the person that others won’t forget. Public hangings set a strong deterrent.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Protect Yourself From Fraud While Filing Taxes

/0 Comments/in /by

Identity theft complaints rose to more than 11 million last year, and tax-related scams have increased by over 700% since 2008. Two million fraudulent tax returns were filed in 2011 alone, at a cost of two billion dollars. Common scams include:

Double filing: If you receive a notification from the IRS informing you that multiple tax returns have been filed in your name, you should respond immediately to begin working through the restoration process.

Employment scams: Receiving wages from an unknown employer is often the first tipoff that you have been victimized by an employment scam. Avoid this issue by protecting your Social Security number. You can also make your Social Security number less attractive to thieves with a credit freeze.

Phishing scams: If you receive an unsolicited email or text message that appears to have been sent by the IRS, hit delete without clicking any links within the message.

Scam tax preparers: These con artists set up shop for just long enough to collect victims’ personal information in order direct refunds to themselves. Stick to doing business with accountants you know, like, and trust.

You should also take the following additional precautions to protect yourself from these and other tax-related scams:

Protect your data: Thoroughly secure any and all sensitive documents from the moment they arrive in your mailbox. File cabinets must have locks, and important documents should be stored in a fire resistant safe.

Shred non-essential paperwork: Use a crosscut shredder before disposing of any documents continuing sensitive data.

Go paperless: Opt out of paper statements in favor of having electronic statements sent to your email.

File early: Filing your sooner rather than later is a simple way to thwart any potential attempts to file on your behalf and fraudulently collect your refund.

Go to the post office: If you submit your taxes through the mail, do so by mailing them directly from your local post office, rather than leaving them in a mailbox.

Protect your PC: Before filing online, be sure that your computer’s operating system is up-to-date with the latest critical security patches. You should also use comprehensive security software that includes antivirus, anti-spyware, anti-phishing, and anti-spam protection as well as a two-way firewall.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures