Posts

Typosquatting for Fun and Profit

/0 Comments/in , , /by

Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter or criminal hacker.

Typosquatters often create spoofed sites that may have the look and feel of the intended site. Operations like these may actually sell products and services that are in direct competition with the site you wanted to go to or they may be a front to steal your credentials including credit cards or social security numbers. Examples from Veralab might be “leson vs. lesson” or extra double characters such as “yahhoo vs. yahoo” or wrong character sequencies such as “IMB vs. IBM”, or a wrong key pressed such as “fesex vs. fedex.”

In some cases the typosquatters employ phishing to get you to visit the site. Phishing of course is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Typosquatting and phishing go hand in hand.

SC Magazine reports “in most cybersquatting cases, the web address can be similar in appearance to the actual corporate site, but will instead contain pay-per-click advertisements, according to a 2007 McAfee report, which studied 1.9 million typographical variations of 2,771 of the most trafficked websites.”

Last year Scammers created a website imitating Twitter.com called tvvitter that’s t-v-v-itter, cute huh? They sent phishing emails to millions of users, many of whom clicked on the link contained within the emails, which sends them to the phishing site, where they enter their user names and passwords in order to log in.

When doing a search online look carefully at any links you click.

When typing in a browser, before hitting “enter” look at the address bar to confirm you spelled it properly.

Do business with e-tailers you are familiar with and carefully spell their domain.

Set up your favorites menu with your most visited sites.

So heads up, be careful out there and don’t get hooked.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

5 Ways to Prevent Check Fraud Scams

/0 Comments/in , , /by

Check fraud is a billion dollar problem. Check fraud victims include banks, businesses and consumers. Our current system for cashing checks is somewhat flawed. Checks can be cashed and merchandise can be purchased even when there is no money in the checking account.

There are 5 main forms of check fraud to watch out for:

Forged signatures are the easiest form of check fraud. These are legitimate checks with a forged signature. This can occur when a checkbook is lost or stolen, or when a home or business is burglarized. An individual who is invited into your home or business can rip a single check from your checkbook and pay themselves as much as they like. Banks don’t often verify signatures until a problem arises that requires them to assign liability.

Forged endorsements generally occur when someone steals a check written to someone else, forges and endorsement and cashes or deposits it.

Counterfeit checks can be created by anyone with a desktop scanner and printer. They simply create a check and make it out to themselves.

Check kiting or check floating usually involves two bank accounts, where money is transferred back and forth, so that they appear to contain a balance which can then be withdrawn. A check is deposited in one account, then cash is withdrawn despite the lack of sufficient funds to cover the check.

Check washing involves altering a legitimate check, changing the name of the payee and often increasing the amount. This is the sneakiest form of check fraud. When checks or tax-related documents are stolen, either from the mail or by other means, the ink can be erased using common household chemicals such as nail polish remover. This allows the thieves to endorse checks to themselves.

Uni-ball pens contain specially formulated gel ink that is absorbed into the paper’s fibers and can never be washed out. The pen costs two bucks and is available at any office supply store.

Consider a locked mailbox so nobody can access your bank statements.

Using online banking and discontinuing paper statements.

Never toss old checks in the rubbish, always shred them.

Have checks delivered to the bank for pick up opposed to your home.

Guard your checks in your home or office, lock them up.

Go over your bank statements carefully.
Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

11 Ways To Prevent Home Invasions

/1 Comment/in , , , , , /by

Strangers and posers: You tell your children not to talk to strangers, so why do you open the door to a total stranger? And never talk to strangers via an open or screen door. Home-invaders pose as delivery people, law enforcement or  public workers.

Distress: If someone is in distress tell him or her you will call the police for them. Don’t open the door for them.

Make a call: Under no circumstances do you open the door unless you get phone numbers to call their superiors. Even if that means making them wait outside while you call 411.

Money, jewels and drugs : One simple reason your house is chosen is someone tipped off the home-invader that you have valuables. You may have done it via social media or your friends or children or baby sitter might have unintentionally bragged. In states where medical marijuana is legal that may be an additional consideration.

Peephole: Install peepholes, talk through the door.

Do not call the police!: If you live in a high crime area where law enforcement takes a while to respond, and if someone is trying to break into your house while you are in it, calling the fire department will sometimes get help to the scene quicker. Do this only if you are desperate. Firefighters are not equipped to handle violence. However squealing sirens can deter a criminal. And call the police!

Get armed: Having a non-lethal weapon in the form of a Taser or a Pepper spray in close proximity to your bed or front door can debilitate your attacker before they gain control. But realize these can be used against you.

Have your mobile handy: Consider a second line or a cell phone in your bedroom. Burglars sometimes cut phone lines and often remove a telephone from the receiver when they enter a home.

Get alarmed: An alarm system activated while you are sleeping will prevent a burglar from getting to far. And keep it on 24/7/365. With a home alarm system on, when someone knocks on the door, a conscious decision has to be made to turn off the alarm. Most people will keep it on.

Locks: Call a qualified locksmith to take a physical security survey to help you determine the most efficient way to lock up. Many products on the market are a false sense of security. A qualified locksmith should be a professional associated with well known manufacturers.

Cameras: Install a 24-hour camera surveillance system. Cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Personal Safety When Selling a Home

/0 Comments/in , , /by

Two real estate agents were killed in separate incidents in Ohio in the past two weeks.

“Police have confirmed the suspects in this week’s murder of a Youngstown OH realtor are not connected with the murder of a realtor in Ravenna OH the day after.”

“Meeting new clients, showing properties, holding open houses, letting strangers get into your car, and even your marketing may be jeopardizing your personal safety.

The root of the issue is that you have real estate agents with no formal security training who are then meeting with complete strangers at odd times of the day and in vacant homes. Real estate professionals put themselves at risk at so many points. The industry opens itself up to predators.”

Here are a few tips to protect you when selling a property.

Be suspect of everyone. There isn’t any benefit in being paranoid; however, being a little guarded can keep you from getting into a vulnerable situation. Don’t just be wary of a man showing up unaccompanied. Expect them to show up in a nice car, well dressed, maybe with a wife and kids tagging along. They might have a business card saying they are a doctor or a lawyer. Don’t let your guard down.

Appointment Only. When placing ads, all advertisements should state “Appointment only” “Drivers license required” and “Pre Approval Documentation Required.” These are all hoops the bad guy may not want to jump through and you vetting out those who are “just looking” at the same time.

Use the Buddy System. When you set appointments always schedule around a spouse or friends availability so they can join you. There is always strength in numbers. If you have to go it solo, when someone walks in, say, “I’d be happy to show you the benefits of this home! In a few minutes my friend Rocco will be along to assist me,” creating the illusion of the buddy system.

ID and pre-qualify at your first meeting. When you are meeting at your property, get some form of identification. Also, it is to your benefit that a potential client buying a home is pre-qualified. Someone who is pre-qualified by a lender is less likely to be a predator.

Safe open houses. Spend a few minutes considering all the vulnerable points within the home and how you would escape if necessary.

Dress for safety and success. Don’t wear expensive jewelry. A $3-5 thousand-dollar diamond buys a lot of drugs. Dress professionally instead of provocatively.

Robert Siciliano personal security expert to Home Security Source discussing Real estate Agent safety on Inside Edition . Disclosures.

Subdivsion Residents Fighting for Security Camera

/0 Comments/in , , , , /by

Condominium Association, Subdivision Association, or Neighborhood Association, whatever the name is, if you live in one and pay dues and have a board of directors that makes decisions for the community in regards to what you can and can’t do on a property, you probably feel my pain.

I like that bush, I hate that bush, no swing-sets, I want a swing-set, no pets, I want a cat BLAH BLAH BLAH!!

In Atlanta in what the residents of the subdivision considered a “safe neighborhood” a group of men climbed into a basement window of a woman’s home and stole every piece of jewelry, cash and electronics. She now has double deadlocks and door jams. She lives in fear and her home is not the same.

She was quoted saying “As a result, now I literally live like a hermit, with the lights off. I have security cameras up, bars on my windows. I have to go, literally, with a key room to room in my house, because they continue to affect my neighborhood.”

The neighborhood has had 2 burglaries in the past month. One neighbor took a bullet during a breaking.  If this is a “safe neighborhood” then my neighborhood is Fort Knox safe.

“Some residents said that they want home security cameras, but the president of the homeowners association says that’s not going to happen. In a lot of ways, the battle is over what is more important, personal safety or personal privacy.”

Privacy does you no good when you are shot dead by an intruder.

“The camera won’t be any, any good for the security, as far as safety for the community, just one camera,” said the association president.

One home security camera is better than zero cameras. It’s all about layers of security. The more proactive layers in place the more secure you will be. Wake up Mr. President.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Top 5 Credit/Debit Card Skimming Attacks

/0 Comments/in , , , /by

Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

Wedge Skimming

The most common skim is when a store clerk/waiter etc. takes your card and runs it through a card reader device that copies the information from the magnetic strip. Once the thief has the credit or debit card data he downloads it to his PC then he can burn the data to a gift card or blank “white card” or place orders over the phone or online.

POS Swaps

EFTPOS (electronic funds transfers at the point of sale) skimming occurs when the point of sale terminal is replaced with a skimming device. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. This is what happened to Stop and Shop. In Australia, fast food chains, convenience stores, and specialty clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

ATM Skimmers

Criminals can also place a card reader device on the face of an ATM, which appears to be a part of the machine. The device may have wireless Bluetooth or cellular technology built to obtain the data remotely.   It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder, light bar, mirror or car stereo looking speaker on the face of the ATM in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

Data Interceptors

Another type of gas pump skim is pulled off due to a common set of keys that will open almost any gas pump. Criminals pose as fuel pump technicians and access the terminal with the master keys. Once inside they access the wires that connect the key pad/card reader and piggyback a device inside the pump that reads all the unencrypted card data.

Dummy ATMs

In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read/copy data. The machine might be powered by car batteries or plugged in the nearest outlet. I bought one off Craigslist for $750 from a guy named Bob at a bar. How you like them apples.

When credit card information is skimmed, hackers can copy the data on blank cards, gift cards, hotel keys, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils to look like a legitimate credit card, as seen in this video.

To help combat ATM Skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

Consumers must check their statements online weekly or at least their papers ones monthly. Refute unauthorized charges immediately. Federal law allows up to 60 days to dispute a charge. After that you may be paying for an identity thief’s Vegas bender. Whenever entering a PIN always cover the keypad with your other hand.

Robert Siciliano personal security expert to Home Security Source discussing ATM skimming on Fox Boston. Disclosures.

Criminal Hackers Steal Victims Home

/0 Comments/in , , /by

A sophisticated scam left an Australian business man with a half million dollars stolen when criminals sold 2 properties and almost a 3rd using his stolen credentials. This kind of scam is happening in the U.S. too.

The business man had been overseas for a while and his neighbor contacted him at one point because his home was on the market and being sold. When the business man started investigating the non-permissioned sale, that’s when he realized the other properties had been sold and were no longer his.

The thieves, were believed to be Nigerian, and had enough information on the man to allow the real estate transactions to go through.  It is believed the criminal hackers got into his email account and obtained his personal identifying information along with his property documents which enabled the criminals to sell the houses.

Reports state the transactions were made virtually via email, telephone and fax, without any physical contact between the owner and anyone else. In this scam the owner, the real estate agent, banks, and various government agencies were all duped.

The system of checking and verifying identities in this case and in others often fails.

Advice to prevent this type of crime is often directed towards real estate agents who are used as the pawn in the transaction and do the dirty deed for the scammer.

In the very least agents should request a photocopy of a driver’s license or passport before listing a home for sale when doing business virtually. Other suggestions might be verify signatures using a notary or checking existing documentation and compare signatures. Look at deeds for alterations and get them from the title company.

More importantly it is essential that the homeowner meet the real estate agent for a face to face meeting. Airfare can’t cost more than a few thousand dollars and when doing a half million dollar transaction it makes sense for everyone involved to make this a priority.

But the best thing and probably the most effective solution when doing a full blown virtual transaction is to contact a lawyer wherever the seller may be and require the seller to verify themselves through a competent lawyer or other professional who can review and certify the sellers credentials.

Homeowners have a different set of responsibilities.

First and foremost make sure to invest in title insurance. Title insurance should cover legal bills associated with this type of scam. Check the policy.

If you plan on leaving your home or investment property vacant for any period of time get friendly with your neighbors and request they alert you in case your property goes on sale.

Do the same with local real estate agents and request they do an occasional drive by. Have that same real estate agent check the MLS listing occasionally looking for your property to show up on the market.

Invest in technology. A home security camera solution that alerts you to any activity on the home can give you a sense of there is any mischief. Motion sensitive cameras can alert you to any activity via text or email and can be viewed remotely via a mobile phone or internet connection.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Woman Drags Naked Intruder By His Beard

/0 Comments/in , , , /by

‘Hell hath no fury like a woman scorned’…then there is this woman.

They say “never hit a woman”.  The reason is because women don’t just hit back, they keep hitting back until they are done with you. Plus it isn’t cool.

A 64-year-old woman fought off a neighbor and dragged him out of her house by his beard after he let himself into her Kansas City home and took his clothes off. The woman said she awoke about 12:50 a.m and found her 62-year-old neighbor standing over her naked, as she tried to throw him out, he allegedly grabbed her throat. She picked up a tape measure and bonked it against his head three times. He left.”

Moment’s later police found him outside crying. I think I’d cry too after a bonk on the head and a whooping like that.

Resistance in this situation worked out for the victim.  At 64 she decided she wasn’t going to sit back and allow the intruder to make advances on her in any way.

What is important to understand is in any attack situation the victim actually has a lot of control over the outcome if they react within the first 30-60 seconds. What the victim does in that initial time frame can allow them to gain control over the direction of the attack. The attacker generally goes into the attack thinking the victim will be submissive but when the victim is confrontational the attacker is usually not prepared for that.

This entire situation could have been prevented if the homeowner had a home security system installed and beefed up her doors and windows with the appropriate locks. Now THAT is taking control.

Robert Siciliano personal security expert to Home Security Source discussing self defense on Fox Boston. Disclosures.

Strong Passwords Aren’t Enough

/0 Comments/in , , /by

I’ve said it before, use upper and lower case, use number and letter combinations and when possible, if the website allows it, use special characters. It has been documented that “Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.”

It is great advice to strengthen your passwords. It is just as important is to make sure your PC is free of malicious programs such as spyware and key-loggers.  Beware of RATS a.k.a “Remote Access Trojans.” RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. But what’s most damaging is RATs gaining full access to your files and if you use a password manager they have access to that as well.

RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”.

Installing RAT’s can be done by full onsite access to the machine or remotely when the user opens an infected attachment, clicking links in a popup, installing a permissioned toolbar or any other software you think is clean. More ways include picking up a thumb-drive you find on the street or in a parking lot then plugging it in, and even buying off the shelf peripherals like a digital picture frame or extra hard drive that’s infected from the factory. The bad guys can also trick a person when playing a game as seen here in this YouTube video.

An unprotected PC is the path of least resistance.  Use anti-virus and anti-spyware. Run it automatically and often.

A PC not fully controlled by you is vulnerable. Use administrative access to lock down a PC preventing installation of anything.

Many people leave their PC on all day long. Consider shutting it down when not in use.

Robert Siciliano personal security expert to Home Security Source discussing Digital picture frames with built in viruses on Fox News. Disclosures.

10 Very Stupid Criminals

/0 Comments/in , , , , /by

Dumb Criminals are performing stupid crimes all the time.  Here is a list of 10 stupid criminal stories.

#1 Firefighters said it can’t get more ironic than this — an arsonist breaks into a convenience store, steals scratch-off lottery tickets, tries to cover his tracks by setting a fire, and in the process, sets himself on fire.

#2 Robber walked in to a store with duct tape wrapped around his head to conceal his face. The store manager had some duct tape of his own. He had a wooden club wrapped with duct tape that eventually sent the suspect fleeing the store. A store employee chased Duct Boy to the parking lot, tackled him and held him in a choke position until police arrived.

#3 Burglar breaks into a home and rifled gems from a jewelry box and helped himself to a check book, but the vodka and valium he had already downed that morning was taking its toll. And when the stunned homeowner came upstairs, she found him fast asleep under her bed.

#4 A woman stepped out of her car to talk to an officer about a crime she witnessed. While her back is turned, a man in a black cap carrying a big stick walked past her and and jumped into her car. The officer banged on the hood – to try to get the man to stop, but he got away. He was caught the next day.

#5 A policeman and his drug sniffing dog were invited to a Boy Scouts meeting for a demonstration. One of the boy’s mothers was arrested for having marijuana in her purse.

#6 Robber holds up a liquor store and demands all the money. Clerk gives him the money then the robber demands a bottle of scotch. The clerk refuses unless the robber shows him ID to verify his age. Robber showed his ID.

#7 Woman’s car is stolen with her mobile phone in it and she reports it to the police. Police call the thief on the phone saying they were responding to a news paper ad to buy the car. Thief shows up to sell the car.

#8 Two robbers enter a store and one screams “Nobody move or I’ll shoot!” His partner moved, he got shot.

#9 Guy breaks out of jail and goes to his girlfriend’s house. He accompanied her to court the next day on a charge she faced.  While at court he went outside to smoke a cigarette, she couldn’t find him and had him paged. Two cops recognized the name and arrested him.

#10 Bank robber stuffed a bag of money down his pants. The teller put an exploding dye pack in the bag. The dye pack exploded.Ouch! He didn’t make it out the door.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.