LinkedIn Gone Wild: Invades Inboxes

/in /by

Did you know there is a setting on LinkedIn where they will email your entire contact list in your behalf to let everyone know about a new position you have taken with a company?

I didnt.

Until I got all kinds of  “Congratulations” in my inbox.

Apparently there is a new setting that by default is left “On” which in fact tells all your contacts that you’ve taken a new job or got a new contract or whatever. And while you may post this to your profile, it may not be something you want to stick in someone’s inbox.

I know it’s posted online for the world to see. But some things posted are meant to be passive not direct. Linkedin is supposed to be a place to catalog your accomplishments and business interests. Not a sounding board to push out content in people inboxes. I choose what to pushout. Not LinkedIn.

What’s bothersome is LinkedIn knows this new feature is a problem and only passively tells their members.

It looks like this:

“”By selecting this option, your activity updates will be shared in your activity feed.

  • Note: You may want to turn this option off if you’re looking for a job and don’t want your present employer to see that you’re updating your profile.””

That’s incredible “if you’re looking for a job and don’t want your present employer to see” THEY WROTE THAT!!!!


OK, so you’d have to be a tool to update your profile with a new job while having an existing job, but the fact that by default LinkedIn has gone in and chosen to tell all your contacts is disturbing. It’s wrong on so many levels they take it upon themselves to send that email.

My issue is I don’t have a “Job” I have “clients” and now my clients think I got a Job. Which is unusual for a consultant to have a job and consult and makes me look like a “Moonlighter”.

It’s just wrong Linkedin. You had no right to do that.

Robert Siciliano has no job. He is a consultant to great security companies. See him discussing home security and identity theft on TBS Movie and a Makeover.

Be Aware Online Daters – Romance Scams & Threats

/in /by

With Valentine’s Day around the corner, many single people return to thoughts of finding love online.   But while your head is in the online clouds, you should know – and sorry to sound like a parent – that cyberscammers may be there with you looking to take advantage of your vulnerable heart.

To help you stay safe on Valentine’s Day and year-round, here is a look at some of the top romance scams and threats, followed by safety tips in honor of your heart:

1) Online Dating ScamsMillions of people use online dating sites to broaden their networks and meet potential mates, but not everyone on these sites are sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust, and eventually, your money.

2) Love Exploits—These threats have you looking for love in all the wrong places—like dangerous websites designed to steal your information. One recent example of this is the Koobface worm, which targeted Match.com users by sending messages that appeared to be from other users, inviting them to look at photos and videos on a Match.com look-a-like site. When users tried to log in to the malicious site, it recorded their usernames and passwords and attempted to install a Trojan.

3) Valentine’s Day Spam & eCards–Scammers know that the holidays are the perfect time to send out themed messages and eCards, knowing they will grab your attention. Spam messages with subject lines such as “The Perfect Valentine’s Day Gift” may contain a link to a dangerous website that asks for personal information. And, a message that appears to be an eCard from a loved one could actually download malware on your machine when you click on the link, leaving you with an infection, rather than affection.

In Honor of Your Heart – How To Stay Safe

  • When signing up for online dating, go with a well-known dating site and get referrals from friends on which sites they use
  • Design your dating profile with care—think about the image you want to project and NEVER, under any circumstance, post personal information, such as your full name, address and phone number
  • Vet potential dates by checking to see that their profile information matches other online information, such as their LinkedIn or Spokeo profile
  • If a potential date asks you for a loan or any financial information, immediately report them to the dating site
  • NEVER EVER click on links in emails or eCards from people you do not know – if you don’t trust it, DO NOT click it
  • To help protect you from malware, use a comprehensive security software, such as McAfee Total Protection, and keep it up-to-date

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing discusses Safe Personal Dating on Tyra. (Disclosures)

High Tech Alarm Systems Are Much More Than Home Alarms

/in , /by

So I have the new ADT Pulse system. It’s pretty amazing. I’ve had a “plain old” system for the past 15 years, which has been upgraded 3 times. The standard home alarm system covers monitoring, doors, windows, motion and glass.

This system has all that plus wireless cameras inside, remote controlled thermostats, remote controlled/timed light controls, flood sensors in the mechanical room and laundry, full web access to the cameras, an iPad looking touchpad that controls it, an iPhone app to control/monitor its cameras/stat it from anywhere, and a web dashboard that lets you control every single aspect of each control to inform you of activity or to set up a “reaction” to an incident.

This home alarm system is very simple and easy to program and once you dive into the system it give you a tremendous amount of “awareness” of the goings on in and around your home and it does it automatically.

I haven’t spent a lot of time on the programming just yet, but just by default the basic settings will alert you via text and email whenever anything happens. You also have the ability to turn all these same alerts off.

It has no less than 5 ways to turn it on and off including a wired keypad, iPhone app, Touch pad, computer and remote control on the keychain for deactivating before the garage door goes up. The Touch pads sit in bedrooms/office/kitchen and has a live video feed tuned into kids rooms or the entrance way. There’s also a big green or red icon on the touch pad letting you know if it’s set or not. Mine is mostly red because it’s set while we are home. The touchpad definitely give you more control with, than without. It allows very simple setting of the home alarm so it’s mostly always on and you know it which reduces false alarms.

What I like most is the inside cameras. I have one in the little people’s room who are too little to tell me they don’t want them there. There’s also one in the kitchen, family room, office, entrance way, mechanical room and basement/garage. All of these spaces have a light switch in the room that I can control remotely to turn on so I can see what’s going on at night.

More visibility, more notification, more functionality, easier controls means more security. I LOVE THAT!!!!!!!!!

Oh, and when ADT installed this thing, the sales peeps and installers couldn’t have been more courteous and more professional. They weren’t run of the mill-off of craigslist-contractors, these were employees of the largest alarm company on the planet and it showed they do serious quality control over who their employees are. You don’t see that so much anymore.

It was a very impressive parade of professionalism.

I’m going to do a few posts regarding my experience with ADT Pulse as I dig deeper, so stay tuned.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

Data Leakage is a Correctable and Solvable Problem

/in /by

WNYT.com reports “the Social Security Administration in New York City says that 15,000 Social Security numbers were stolen by a subcontractor who was working in Office of Temporary Disability Assistance making computer infrastructure upgrades.”

In this case the culprit is a subcontractor and succeeded either because he had the contractor’s credentials/passwords and/or the files containing the SSN info weren’t encrypted.

The problem with protecting only with userid/passwords is well understood. Passwords are generally 123456 or otherwise easily cracked. Even if the password is a good one, chances are it is used on dozens of other sites that don’t do a good job of protecting it.

In this case the password gave a “good guy” access and he went rougue.

Some organizations think that deploying Full Disk Encryption (FDE) or File and Folder Encryption (FFE) provides them the desired security level. The point often missed is that even with Full Disk Encryption or File and Folder Encryption in place, users with correct credentials can access, copy, transfer/download to USB sensitive data without any problem.

I’ve said this before and I’ll say it again: Zafesoft can prevent such incidents from both of the above. Company administrators can remove access for a suspected malicious insider at any time and even if they have the physical file with them, it’ll be in encrypted format which they won’t be able to open.

Secondly, the Zafe technology travels with the information so they wouldn’t have been able to open the files even they were a legitimate user unless they were also using an approved laptop that has been registered and authorized with the company.

Moreover the moment they copied the data and tried to open it on a non-authorized laptop an alert would have gone to Company administrators alerting them of a possible theft and they could have prevented the incident from happening.

Robert Siciliano is a Personal Security and Identity Theft Expert. See him discussing another databreach on Good Morning America. (Disclosures)

Blue Cross Blue Shield Applications Found in Trash

/in /by

Ever apply for insurance of any kind? There is always a litany of paperwork and the process is always frustrating and somewhat demeaning. Insurer’s applications feel invasive and ask questions that require information that you may not even tell your mom.

What’s worse is they have to be given to another person who you often do not know. What’s even worse than that is you really have no control over what that agent will do with the information.

Private investigator William Cobra Staubs, was doing some dumpster diving conducting some “research” this week and happened upon a big box of discarded medical files and applications tossed there by what appears to be a Blue Cross Blue Shield agent who didn’t need them any longer. He found over 30 documents and approximately 50 Social Security numbers.

“Cobra”, as he is known is no stranger to controversy himself as a one-time Haleigh Cummings case investigator who accepted a plea deal in charges against him concerning his apprehension of a registered sex offender. He has also had intimate dealings in the OJ Simpson case. This is a guy to know.

Cobra determined who the agent was by finding a page from the agents “day planner”.

Personal identifying information is often collected by businesses and stored in various formats, both digital and traditional paper. With identity theft a growing problem in the country, many states have passed laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable, in order to protect an individual’s privacy. At least 29 states, listed HERE, provide laws that govern the disposal of personal data held by businesses and/or government.  See also Security Breach Notification Laws and Identify Theft Statutes.

Robert Siciliano is an Identity Theft Expert. See him discussing Social Security numbers on Fox News.

Yahoo News Search Results “Robert Siciliano”

/in /by

This is seriously braggadocios.  But it’s a nice way to end 2010 on a highnote.

  • Fox News – Dec 20
  • The Huffington Post – Dec 16
  • US News & World Report – Dec 14
  • MSNBC – Dec 04
  • ABC News – Nov 29


2010 was a great year. 2011 will be great-er. Thanks to all.

Thank you McAfee, ADT, Gemalto, Intelius, Knowem, RSA, and all my dynamite clients!

Happy New Year!



test AY6AJMUJJUHE

/in /by

test AY6AJMUJJUHE

How to Recover a Lost iPhone

/in , /by

You may be one of the millions and millions who own and love your iPhone. What I love about mine is the ability to work from anywhere and I can also view my home security cameras through an iPhone application.  ADT Pulse provides customers with anywhere, anytime access to their home via smart phones or personal computers, including an iPhone application.

But what if you lost your iPhone? Certainly you can just get another one, but what if you are within the timeframe that you can’t get a subsidized phone upgrade? You may have to spend hundreds and hundreds on an unsubsidized iPhone. Fortunately, you have a great option to recover a lost iPhone that works with your iPhone’s GPS

It’s easy. Activate Find My iPhone. This is a subscription based service ($99 annually) if your iPhone is a 3G or 3Gs. Find My iPhone is FREE if you have an iPhone 4.

Just enable Find My iPhone in the MobileMe settings on your iPhone or iPad. Then sign in to me.com from any computer or using the Find My iPhone app on another iPhone, iPad, or iPod touch to display its approximate location on a full-screen map.

When I did this the process was a little buggy because of my inability to connect my phone to the Me/Find My iPhone Account.  Once you log into Me.com with your Apple credentials, the same credentials you use to download an App on your iPhone, the phone should connect.

Find My iPhone locates your phone via a map and tells you an approximate location. It also allows you to send a message to who may have found the phone (like a number they should call to return it) and it overrides your vibrate setting and emits an alarm if you send a signal and are in range to listen for it. If all else fails Find My iPhone can wipe all your phones data remotely to help prevent identity theft.

Robert Siciliano personal security expert to Home Security Source discussing mobile phone spyware on Good Morning America.

Protecting Yourself and Family During The Holidays

/in /by

Criminals share the same calendar as you and I. Their lives are no different than ours. They anticipate the holidays and feel the same pressures to provide.  But they “shop” in a different way than we do. I’m already seeing news reports of “Woman attacked while shopping” and “Teens jump man leaving jewelry store”

The only thing that separates us from them is the boundaries they have established. While you and I are civilized humans who feel sympathy, empathy and understand personal boundaries, the bad guys don’t.

It is an unfortunate fact that we must cope with this sub-species that views you and I as their natural prey. They look upon us as cattle to be herded and meat to be slaughtered. They think nothing of taking from us and committing violence to get what they want.

Having this knowledge and understanding what you are up against should empower you. By achieving this kind of awareness, you can anticipate and proactively prepare and prevent crime.

The following considerations need to be made as the holidays advance:

Every tip here revolves around “situational awareness”. The more aware you are of every situation, the safer and more secure you will be. Predators seek people who are unaware. By knowing what’s happening around the perimeter of your body you reduce the chances of being chosen by an attacker.

ATM: As you are getting cash look around you, cover the keypad with your other hand as you enter your PIN. If someone makes an attempt to accost you, toss the money and run.

Parking lots: Don’t park near windowless vans. Before you get out of the vehicle scan the area. Once you are on your way continually scan the area around you. If anyone suspicious or aggressive approaches scream and run.

Wallet/purse: Carry “chump change” which is enough dollars to toss in one direction while you run in the other. If they want your purse give it to them. Don’t fight over material items.

Self Defense: If your physical security is in jeopardy offering resistance has been proven more often to get you out of a dangerous situation. Run, fight, kick, scream, and do whatever a 2 pound cat would do to get away.

Leaving the Mall: It’s never good to be loaded down with bags. Get a carriage if possible. If you are shopping late at night get a security guard to walk you out or buddy up with someone leaving the mall.

Back to your car: Scan the area around your car. Look inside the car before getting in. Scan the area around the vehicle while putting your stuff in the trunk. Once inside lock your doors.

Robert Siciliano personal security expert to Home Security Source discussing self defense on Fox Boston.

Is “Enterprise Rent a Car” Insurance a Scam?

/in /by

I rent cars all the time. I travel and need to get around so I can teach people about how scams work and how to protect themselves. Yesterday I encountered what seems like a scam but is probably just very unethical behavior on the part of Enterprise Rent a Car.

Here is how it played out.

I head to the counter to rent my car. The Enterprise Rent a Car agent asks me, “Robert, would you like to purchase rental insurance for your car today”. I say “No, I have American Express and they take care of my rental car insurance”. Which they do. I’m Platinum on AMEX and AMEX ROCKS. Their card offers physical damage insurance but not liability. Liability insurance is paid via my personal policy.

The Enterprise Rent a Car agent responds “I’m sorry; we don’t have a contract with American Express.”

Her statement “I’m sorry, we don’t have a contract with American Express” more than likely was a statement that was provided to her in sales training by Enterprise Rent a Car to overcome objection.

That statement makes an American Express card holder doubt whether or not their American Express card covers rental car insurance.

So I respond to her again, “Well, I’m pretty sure my AMEX covers me” and she responds again, “Sir, I’m trying to tell you we don’t have a contract with American Express and you will have to go through them for that”. She is now reinforcing her original statement and trying to put further doubt in my mind. Then she says, “Sir, may I suggest to you that you purchase insurance, it is only $21.00 for the day and you will be protected”. This statement further suggests that my AMEX will not cover me.

The language she used was possibly engineered by someone whose motivation was to overcome objection in the insurance sales process. Enterprise Rent a Car agents and all other rental car agents hear the same statement in regards to AMEX every day. However in my experience when Hertz agents hear me say “No, I have American Express and they take care of my rental car insurance”, Hertz agents respond with “OK” and nothing more. Hertz has elected to take the high road and not try to scam me into paying for insurance I do not need.

However Enterprise Rent a Car, instead, pads their bottom line with unethical language meant to confuse the public and get them to pay for insurance they clearly do not need.

Shame on you Enterprise Rent a Car.

Robert Siciliano identity theft and personal security expert discussing scammers and thieves on The Big Idea with Donnie Deutsch.