Posts

Top 5 2022 Cybercrime Scams Targeting Everyone

/0 Comments/in /by

According to experts in threat analysis, 2022 could be the year that cybercriminals start focusing more on the Average Joe instead of focusing on big corporations as they have in the past. These days, consumers could be a lot more lucrative to hackers, so it makes a lot of sense. Here is what you need to know about what is happening to help hackers:

Cybercriminals Like to Take the Easy Path

No one really likes to do a lot of hard work, and this includes hackers and other cybercriminals. So, they will focus on the path of least resistance when targeting a victim. Where they used to find a lot of loopholes with corporations, now they are focused on individuals…specifically those who work from home as a remote worker.

Remote Workers Are Easy Prey

Though the pandemic is starting to fade away, remote working seems to be here to stay, and with that comes more security risks. While all of this is going on, organizations are focusing more on internal security and forgetting that they have employees out there who can easily be connected to the network remotely and are vulnerable to hackers.

So, it is totally possible that for a hacker, it is much easier to access a company network by using social engineering or a phishing scam on Mary in Customer Service, who now works from home in her jammies, than it is to go through traditional hacking methods.

We are in a Crypto-World, Now, Too

2021 was the year for those who mine cryptocurrency because coins like Ether, Bitcoin, and other cryptos rose greatly. Meanwhile, we also…and are still seeing…the rise of NFTs on the market. People who are just now getting into this are really focused on this new crypto-craze, and they don’t know how to protect themselves. Hackers are focused on them, too, and it is thought that it will continue to rise into 2022.

Meta is also here, now, and it is expected to create even more payments via digital assets, and this is expected to add even more fuel to the fire.

Stopping Macros

Another thing that is happening right now is that companies like Microsoft are working to disable things like Excel 4.0 macros, which hackers often use to get malware on a victim’s device. However, hackers are one step ahead, and they are now working on fooling victims to go to a malicious website instead, and using things like social media sites, fun games that are actually designed to steal passwords, and even posting YouTube videos designed to hack.

For much of 2021, experts noted that there were tons of threats to people that came from software that looks innocent, such as games, and though a person can play the game in some cases, the software also installs things like miners onto the device. This, too, is expected to increase throughout 2022.

Even More Adware

For most cybercriminals, adware is seen as a great way to make money, and they use it to exploit networks, smartphones, and even computers. It is expected that in the remainder of 2022, these attacks will continue to rise as they are difficult to detect but spread fairly quickly. Many consider adware to just be annoying and not particularly dangerous, these programs may be bundled with other types of software including ransomware, viruses, and more.

Speaking of Ransomware…

Finally, when we think of ransomware these days, we still see a lot of threat, but they had been focused more on larger companies and corporations. As we settle nicely into mid-2022, however, we have seen more ransomware targeting governments and other similar organizations, as well as people who may own something of value. These attacks are common for hacking groups, as they are easy to pull off.

We also see the ransom demands falling a bit, with hackers asking individuals for $1000 or less in order to access their device. This means that consumers have to be more careful than ever before, and they need to keep the following in mind:

  • Only use unique passwords that are very strong and varied. (I.e. a mixture of letters, numbers, and symbols.)
  • Use security software, like Microsoft Defender, if you have a Windows computer or any antivirus as long as you ay for it. With free, you get what you pay for.
  • Never open any email attachments from a person or company that you don’t know. Call them first to confirm its OK.
  • Don’t expose internal services, like NAS devices or a Remote Desktop, to the internet.
  • When OS and software updates are available, make sure you install them.
  • Don’t download key generators or software cracks, which often contain viruses or ransomware.

By taking these simple steps, we can work together to make sure that 2022 is NOT the biggest year of cybercrime, and instead, the year we do our best to fight back against hackers.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now#1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

A Look Ahead: What Challenges Might We Face with Cyber Security in the Next Year?

/0 Comments/in , /by

I was recently talking to a friend. She called me because there was a big issue at work: a ransomware attack. Basically, a hacker installed software that locked down the entire network, and then demanded that her boss pay $8500. Ultimately, against my recommendations, the only choice they determined they had was to pay the money, and in the process, they learned a very valuable lesson about the importance of backing up company data.

This is only one of the things that we are going to be facing in the upcoming year. Here are some more that everyone should be aware of:

More Ransomware

We are definitely going to be seeing more ransomware attacks. These cyber criminals are getting even more greedy and they know that the data they are holding for ransom is very valuable. So, expect even higher priced demands.

More Built-In Security

For those in the security industry, there is going to be a lot of work ahead. There are new challenges coming up all of the time, and there are still the old issues that haven’t been solved. People in the industry will have to go way beyond home computers and cell phones. With so many products connecting to the internet, there are millions of ways for cyber criminals to launch an attack.

Intelligence-Based Security

We also can expect to see more artificial intelligence-based security approaches, since the technology we have now just isn’t doing the job. There needs to be more advanced analytics and monitoring, and this will help to prevent more identity theft incidents than ever before. Artificial intelligence just keeps on getting more prominent, and we are seeing computers actually learning without any help from humans. If these computers start to learn enough, they can start helping criminal hackers too.

A More Vulnerable Internet of Things

It’s also a huge possibility that there are going to be big issues in regard to the Internet of Things. Often called “end points” more devices than ever before are connecting to the internet, and more people are using them. This makes us more vulnerable to attacks, so we need to lock this down. Before you buy anything that connects to the internet, you must do your research.

More Phishing, Too

We can also expect more phishing attacks. Hackers are certainly planning more of this, and honestly, these attacks are easy to pull off. Why would they stop?

Credential Theft is Here to Stay

Attacks that occur for the purpose of stealing banking credentials and payment cards will also continue. Don’t ever click on a link in emails, and don’t open any attachment before you open them.

Credential Stuffing

There are billions of stolen credentials floating around the Internet ready for the taking and hackers are plugging this data into well-known websites and gaining access to email, ecommerce, banking, financial, you name it. Change up your passwords.

Security with Smartwear

We are also seeing new threats in regard to wearable devices. These can be bad news for consumers and businesses because they can easily be portals for infecting a home network. Keep these devices updated and change the passwords from the default if you can.

Governments Could be Targets

Cyber-attacks on governments will surely continue, too. These might be inside jobs, or they could be from foreign sources. Even if you think your devices and data is secure, the government might not be. This is another reason you need to have ID theft protection.

Smarter Cars

We also are going to see smarter cars; cars that are more connected than we have ever seen. There are close to 100 ECUs, electronic control units, in cars these days. Some of these are connected to the internet, too, so think of what this might mean. Technically, a hacker could do things like control the car’s brakes. Thankfully, manufacturers are adding more security, but consumers really have to do their homework, too, and understand their cars’ capabilities.

DDoS Attacks

Distributed denial of service attacks, or DDoS attacks, is when manipulation occurs to make something unavailable to people, like a website. We will certainly see more of this.

Disinformation Proliferation

There has never been a time when dis-information was so easily spread by so many, for so many reasons. When government officials at the very top become the primary spreaders of this information, such as dictators in Banana Republic’s and even those in the USA, you know we have a significant problem. Get your facts straight, publications like the New York Times or the Wall Street Journal have no reason to lie. Fact check before you share and spread misinformation.

Conclusion

Here’s the situation; we cannot fully protect ourselves from all of the fraud and scams that are out there, no matter how hard we try. With so many devices that are connecting to the internet, hackers have a ton of opportunity to take advantage of their victims. We need better security and more awareness, so as we move into the new year, keep all of this in mind.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

What Happens if Your Social Security Number Gets Stolen?

/0 Comments/in /by

It might be surprising to know that when Social Security numbers were first given out in the 1930s, that they were not used as a form of identification. However, whether you know it or not, most of us use our SSN every day, from visiting our doctor’s office to doing banking transactions. Your Social Security number is likely being accessed by humans and computers on a daily basis.

Social Security numberYour Social Security number is a form of verification, authentication, and it is even used as a password. Simply having it, simply knowing it, and entering it, verifies and authenticates its holder. However, it shouldn’t be like that at all.

You need your Social Security number to apply for a job, to open credit cards, and even to get married. Since we use this number so often, you might be wondering what happens if it gets stolen. Here’s what you should do:

Fraud Alert – The first thing to do is to get in contact with one of the three major credit bureaus. That one bureau then contacts the other two bureaus. You must put a fraud alert on your report. When you do this, a creditor or lender hopefully will use much stricter guidelines when they get a credit application. Keep in mind that these alerts only last for 365 days, but you can get an extension. Also keep in mind that this is not a full proof plan, the lender may not enable these stricter guidelines at all.

Credit Freezes – You should also consider freezing your credit. When this happens, you cannot use your credit to refinance or open a new line of credit until you go through the unfreezing process. Keep your credit frozen, and then unthaw it when you need it. Getting a credit freeze is a pretty simple process, it does require a bit of effort and organization, however it is a great way to protect your identity from new account fraud, we will discuss this in more detail and future posts.

Get ID Theft Protection – You should also think about getting ID theft protection. This can be an investment for some, but it also ensures that there is someone monitoring your credit 24/7. Identity theft protection services don’t actually protect you from much in the way of new account fraud, account take over, credit card fraud, criminal identity theft, tax related identity theft, medical related identity theft, but nothing else does either. However, what identity theft protection service does do is monitor your credit and there is an insurance component that kicks in and activates “identity theft expert restoration agents” that fix stolen identities. These people can get you back on track quickly if your identity is stolen.

Keep an Eye on Your Credit – If around 90 days have passed, and you don’t see anything weird on your credit report, don’t think that this automatically mean you are safe. A thief can use your info in other ways, too, so keep an eye on your credit report. Also keep in mind that your Social Security number can be used by a thief in perpetuity or until about six months after your perish. You can get a free copy online at AnnualCreditReport.com.

Be Cautious When Online – Finally, it is important that you make sure that you are using caution when online. Cybercriminal know every trick in the book, and people fall for them all of the time. Here are some things to remember:

  • Do not click on any email links. This is true even if it is from someone you know. Unless you are expecting it, do not click on anything in an email.
  • Do not open any email that is found in your spam folder.
  • Do not open emails that have sensational or exaggerated subject lines.
  • If you have the choice to use two-factor authentication, you should do it.
  • Have a firewall, an antivirus program, and anti-malware software.
  • Create a unique password for each account you have. Make sure that they are hard to guess, and don’t let them contain information like your name, pet’s name, etc.
  • Use a password manager.
  • Shred all of your documents that contain personal information before you put them into your garbage.
  • Don’t give your Social Security number out to anyone unless it is a total necessity.

Remember, if your credit is frozen and if you have identity theft protection combined, you have “multiple layers of security” and you can give your Social Security number out without much of a worry.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

10 Internet Security Myths that Small Businesses Should Be Aware Of

/0 Comments/in , , /by

Most small businesses don’t put as much focus on internet security as they probably should. If you are a small business owner or manager, not focusing on internet security could put you in a bad spot. Are you believing the myths about internet security or are you already using best practices? Here’s a few of the most common myths…take a look to see where you truly stand:

Myth – All You Need is a Good Antivirus Program

Do you have a good antivirus program on your small business network? Do you think that’s enough? Unfortunately, it’s not. Though an antivirus program is great to have, there is a lot more that you have to do. Also, keep in mind that more people than ever are working remotely, and odds are good that they are working on a network that is not secured.

Myth – If You Have a Good Password, Your Data is Safe

Yes, a strong password is essential to keeping your information safe, but that alone is not going to do much if a hacker is able to get it somehow. Instead, setting up two-factor authentication is essential. This is much safer. Also make sure that your team doesn’t write their passwords down and keep them close to the computer or worse, use the same passwords across multiple critical accounts.

Myth – Hackers Only Target Large Businesses, So I Don’t Have to Worry

Unfortunately, many small business owners believe that hackers won’t target them because they only go after big businesses. This isn’t true, either. No one is immune to the wrath of hackers, and even if you are the only employee, you are a target.

Myth – Your IT Person Can Solve All of Your Issues

Small business owners also believe that if they have a good IT person, they don’t have to worry about cybercrime. This, too, unfortunately, is a myth. Though having a good IT person on your team is a great idea, you still won’t be fully protected. Enlist outside “penetration testers” who are white-hat hackers that seek out vulnerabilities in your networks before the criminals do.

Myth – Insurance Will Protect You from Cybercrime

Wrong! While there are actually several insurance companies that offer policies that “protect” businesses from cybercrimes, they don’t proactively protect your networks, but will provide relief in the event you are hacked. But read the fine print. Because if you are severely negligent, then all bets may be off. In fact, it is one of the strongest growing policy types in the industry.

Myth – Cyber Crimes are Overrated

Though it would certainly be nice if this was false, it’s simply not. These crimes are very real and could be very dangerous to your company. Your business is always at risk. Reports show as many as 4 billion records were stolen in 2016.

Myth – My Business is Safe as Long as I Have a Firewall

This goes along with the antivirus myth. Yes, it’s great to have a good firewall, but it won’t fully protect your company. You should have one, as they do offer a good level of protection, but you need much more to get full protection.

Myth – Cybercriminals are Always People You Don’t Know

Unfortunately, this, too, is not true. Even if it is an accident, many instances of cybercrimes can be traced back to someone on your staff. It could be an employee who is angry about something or even an innocent mistake. But, it only takes a single click to open up your network to the bad guys.

Myth – Millennials are Very Cautious About Internet Security

We often believe that Millennials are very tech-savvy; even more tech-savvy than the rest of us. Thus, we also believe that they are more cautious when it comes to security. This isn’t true, though. A Millennial is just as likely to put your business at risk than any other employee.

Myth – My Company Can Combat Cyber Criminals

You might have a false bravado about your ability to combat cybercrime. The truth is, you are probably far from prepared if you are like the majority.

These myths run rampant in the business world, so it is very important to make sure that you are fully prepared to handle cybercrime.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Make $5 Million a Day in Cybercrime

/in /by

This post isn’t exactly a “how to” but if your current employment isn’t bringing in the bacon, I’m sure your criminal mind can figure it out. In the biggest digital advertising fraud in the history of the U.S., it was recently found that a group of hackers is bringing in from $3 million to $5 million a day from media companies and brands. That’s some scratch!

11DWhite Ops, an online fraud-prevention firm, uncovered this campaign, which they have called “Methbot,” and the firm found that the campaign is generating more than 300 million video ad impressions each day.

AFT13, which is a cyber criminal gang, has worked to develop the Methbot browser, which spoofs all of the interactions that are necessary to initiate and carry out these ad transactions.

The hackers, which are allegedly Russia-based, have registered more than 250,000 distinct URLs and 6,000 domains, all of which impersonate US brand and companies, including Vogue, ESPN, Fox News, Huffington Post, and CBS Sports. They then take these sites and sell fake ad slots.

The cybercriminals that are behind Methbot are using their servers, which are hosted in Amsterdam and Texas, to give power to almost 600,000 bots. These have fake IP addresses, most of which belong to the US, and this makes it look like the ads are being viewed by visitors in the US. The criminals then get video-ad inventory, which they display on the fake media website that they have created. They get top dollar for this, and they trick the marketplace into believing that this content is being seen by legitimate visitors. In reality, however, these ads are being “viewed” by fake viewers thanks to an automated program that mimics a user watching an ad.

To make the bots look even more real, the group also uses methods such as fake clicks, mouse movements, and even social network login info. White Ops has also found that this fake army of viewers has amassed about 300 million ad views each day, and it has an average payout of about $13 per every 1000 views. If you multiply this by the compromised IP addresses out there, the money is rolling in.

White Ops believes that the Methbot empire has created from 200 to 300 million fake video ad impressions each day, which targets about 6,000 publishers. In a 24-hour period, this is generating somewhere between $3 and $5 million in each 24-hour period.

While the operation has its headquarters in Russia, White Ops can’t say for sure that Methbot has Russian origins. The good guys have been in contact with the FBI, and together, they have been working towards stopping this scam for several weeks.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to figure out Crime Statistics in a Town

/in , /by

If you want to get an idea of how safe or crime-ridden a town may be, do some casual observing including at night:2H

  • Are women walking or jogging alone at night?
  • Are people hanging out in the evening having a good time?
  • Are children mysteriously absent on a sunny weekend afternoon?
  • Are there a lot of “for sale” signs among the houses?
  • Do many houses have security signs in their yards?
  • Are there any other tell-tale signs that the town is safe—or seedy? Like many taverns and only one recreation center?

Before moving to a particular town, you should also chat with its residents. Maybe you shouldn’t reveal you’re thinking of moving there, as they may tell you things you want to hear. Pretend you’re a resident and strike up a conversation at the local diner or some place like that, a comment that would lure someone into giving information about the safety—or danger—of the town.

But of course, you can just be more upfront and honest and flat-out ask about the crime rate, safety, etc. Ask if it’s safe for children to walk to and from school by themselves (I don’t mean six-year-olds, of course).

Ask if there’s a neighborhood watch and why it was established. Inquire about safety measures the townsfolk are taking.

Safety also means the condition of roads and sidewalks, not just for motor vehicles but bicyclists and pedestrians. Are roads in good condition? Are intersections well lit? Are stop signs easily visible?

If your move is long-distance and you can’t in-person visit the town:

  • It’s time for some googling. Type in “city of (name of town)” to view its website and various stats such as “crime rate.”
  • Also visit the town’s police department’s website. See if it has a Facebook page. A lot of local buzz is reported on a police department’s Facebook page.
  • Read the town’s major online newspaper to see what’s usually cooking.
  • Find out what the town’s news station is and visit its site.
  • Are the sites laden with crime stories? Over time, have there been a lot of sexual assaults or home robberies?
  • Any continuous complaints about the schools?

For more comprehensive research, visit the following:

  • MyLocalCrime.com
  • FamilyWatchdog.us
  • CrimeReports.com
  • Neighborhoodscout.com
  • City-data.com

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

The Impact of Ransomware on Small Businesses

/in , /by

What’s going on this September? National Preparedness Month. This will be the time to increase your awareness of the safety of your business, family, pets and community. During disasters, communication is key. National Preparedness Month concludes on September 30 with the National PrepareAthon! Day.

celebrateIt would be like a science fiction movie: You go to pull up the file detailing the records of your last quarter’s profit and loss statement, and instead you get a flashing notice: “Your computer has been compromised! To see your file, you must pay money!”

This is called ransomware: a type of malware sent by criminal hackers. Welcome to the world of cybercrime. In fact, ransomware can prevent you from doing anything on your computer.

Where does this ransomware come from? Have you clicked a link inside an e-mail lately? Maybe the e-mail’s subject line really grabbed your attention, something like: “Your FedEx shipment has been delayed” or “Your Account Needs Updating.”

Maybe you opened an attachment that you weren’t expecting. Maybe you were lured to a website (“Dash Cam Records Cyclist Cut in Half by Car”) that downloaded the virus. Other common ways crooks trick you into downloading ransomware include:

  • Hackers impersonate law enforcement; claim you downloaded illegal material; demand a fine for your “violation.”
  • You receive a message that your Windows installation requires activation because it’s counterfeit.
  • Or, the message says your security software isn’t working.

What should you do?

  • Never pay the ransom, even if you’re rich. Paying up doesn’t guarantee you’ll regain access. Are you kidding?
  • Double check that all of the newly encrypted (and utterly useless) files are backed up, wipe your disk drive and restore the data.
  • Wait a minute—your files weren’t backed up?

An ounce of prevention is worth a pound of hacking.

  • Don’t open links or attachments you’re not expecting! This includes from senders you know or companies you patronize.
  • Install an extension on your browser that detects malicious websites.
  • Use a firewall and security software and keep it updated.
  • Regularly back up data, every day ideally.

Needless to say, ransomware attacks occur to businesses. Small companies are particularly vulnerable because they lack the funds to implement strong security. Attacks on businesses usually originate overseas and are more sophisticated than attacks on the common Internet user at home or at the coffee house.

And just like the common user, the business should never pay the ransom, because this will only prolong the situation.

  • Make the criminal think you’re going to pay. Tell them you need time to prepare the fee.
  • Build your defense by gathering all the correspondence.
  • Present this to your webhosting provider, not the police.
  • The webhoster will get to work on this.
  • If the loss is extensive, present the correspondence to the FBI.
  • If the attack is in virus form, you’re finished.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how “phishing” e-mails work and other tricks that cyber thieves use. To learn more about preparing your small business against viruses like ransomware, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures

3 Ways Criminals influence to steal

/in , , /by

Criminals use six basic principles of Influence to steal. In this post we will discuss the first 3. The ability to influence boils down to science. By applying some science, anyone can learn to be more influential. It’s easy to influence sheep and cattle. It’s a bit more complicated to influence people. But many people can be influenced as easy as a cow. Criminals understand this the same way sales people do. The derivative of “confidence” is con. All influence in some way is designed to gain your confidence and in some cases to trick you. That’s where “confidence trick” comes from. Robert Cialdini is a psychologist who studied influence for nearly 30 years, condensing his findings into six principles. I’ll bet every crime syndicate out there read his books.

Reciprocation

  • Do something nice for a person and they will feel obligated to return the favor. This concept is seen in doctors who promote a particular drug—the pharmaceutical company has just given him free notepads, pens and a coffee mug.
  • Want your children to show you respect? Show them respect. They’ll feel obligated to treat you the same. Mostly.
  • Scammers use this by offering something free in an emailed link. You might have to reciprocate and give up an email address or simply click a link. Clicking on the link installs a virus. You get a call from a colleague in tech support. They say “I need your password to fix this server” and “I’ll be there for you someday when you need help”. We want to help, we want to return the favor.

Social Proof

  • This is the “It’s okay if everyone else does it” approach. People have a tendency to check out what other people are doing when they’re not sure what course to take. Stand on a street corner in a busy city and look up at a skyscraper, then watch the crowed gather to see what you are looking at.
  • Why does the new treadmill user at the gym hold onto the rails while walking? Because they see everyone else in the gym doing it. What made you decide to buy that kitchen gadget? Because the TV ad said, “They’re going fast, everyone’s buying it, so order now!”
  • This concept also applies to emergency situations, such as people lined up at a third story window of a burning building, afraid to jump—until one person leaps. Suddenly, everyone else leaps.
  • Scammers will use social proof to trick you in a Ponzi investment scheme. If all kinds of people you trust are making the same investment, then why wouldn’t you?

Commitment and Consistency

  • Get someone to verbally or in writing commit to something, and this will increase the chances they’ll follow through. They are committed. Signing a contract means you are committed. Anything that comes out of that contract is your responsibility.
  • People want to do things by the book, they want to be civilized and play by the rules. This plays off of social proof to conform like others.
  • Scammers recognize most people are committed to “doing the right thing”, or being appropriate. So if you get a call or an email saying there is an issue with your account, you want to do the right thing and fix it. Getting things right may mean giving your data to a criminal.

Don’t be cattle. Don’t act like sheep. Most of the world functions based on the honor system. As long as everyone is honest, everything works seamlessly. The honor system is designed with the mindset that we are all sheep and there are no wolves. We know there are plenty of wolves. Don’t be sheep.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is a Remote Administration Tool (RAT)?

/in /by

Ever felt like your computer was possessed? Or that you aren’t the only one using your tablet? I think I smell a rat. Literally, a RAT.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813A RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.

RATs can be used legitimately. For example, when you have a technical problem on your work computer, sometimes your corporate IT guys will use a RAT to access your computer and fix the issue.

Unfortunately, usually the people who use RATs  are hackers (or rats) trying to do harm to your device or gain access to your information for malicious purposes. These type of RATs are also called remote access   as they are often downloaded invisibly without your knowledge, with a legitimate  program you requested—such as a game.

Once the RAT is installed on your device, the hacker  can wreak havoc. They could steal your sensitive information, block your keyboard so you can’t type, install other malware, and even render your devices useless. They  could also

A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid  a RAT.

  • Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
  • Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
  • Use comprehensive security software on all your devices. Make sure you install a security suite like McAfee LiveSafe™ service, which protects your data and identity on all your PCs, Macs, tablets and smartphones.

Keep your devices RAT free!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Background Checks aren’t as easy as you’d think

/in /by

With seemingly more and more people being harassed, stalked and getting their identities stolen, the rate of background check requests (e.g., a small business owner hiring a private investigator) has increased quite a bit.

The background check is no longer some snoopy kind of thing for extra-curious people; it’s become a necessary tool in a world fraught with frivolous lawsuits but also cybercrime and identity theft. For example, if the “furnace guy” rapes and murders the homeowner, his company would be held accountable. We hear of cases like this all the time—another example would be a bus driver fondling a student. The bus company is held liable.

It’s a no-brainer that background checks should be conducted for people ranging from school officials, nannies and cafeteria workers to home health aides…you name it: all adult employees and volunteers. If you own a business, you’ll never regret getting a background check on your employees.

As crucial as this practice is, however, it’s full of land mines. But don’t let that stop you from acquiring a professional-grade background check to screen for criminality.

First off, the subject’s identity must be validated. But even if you have the correct name, the subject’s birthdate must also be correct. Usually, a photo ID will suffice. But when it’s not available, there are other methods. To see if the subject’s claimed name and DOB match, their driving record is pulled via the state DMV. But there again, we have a loophole: How do you know that the given name and DOB, that pops up in the DMV results, belongs to the subject?

A background check requires the SSN. When the SSN is run through, it will bring up a history of names and addresses, plus previous residential locations of the subject. We now can zero in on various locations to narrow down the investigation. If any aliases pop up, these too must be checked.

The third stop is the court record check in all the counties where the subject has resided in   the past decade. The court’s website should have this information. However, it can also be obtained in person at the courthouse. The investigation will also include the federal court level.

The general criminal check comes next, and is often called a “nationwide” criminal check. It’s not 100 percent accurate but will turn up criminal history if, indeed, the subject is a crook. In addition, the state prison records need to be checked to see if the subject has served some time.

But zero results here don’t mean that the subject was never incarcerated, due to flaws in the search system. On the other hand, if a red flag appears, the investigator will know to dig deeper. To aid with this, the investigator should do an online search on the federal prison site.

The sex offender history is even tougher. Unfortunately in some states, a sex offender history can’t be used to refuse employment to someone. But this doesn’t mean that the investigator can’t investigate, including going straight to the affiliated court and then turning this information over to the individual wanting the background check. Sex offender checks usually turn up empty, but they should always be done.

The investigator should also search for arrest reports, but there’s no guarantee that the unveiled information can be legally presented to the client who hired the investigator.

And finally, is the subject wanted by the police? Historically, PIs were not privy to this information (it was available only to law enforcement). But fairly recently, PIs can now get ahold of this information, though the search process has flaws. Nevertheless, it should be done, especially since the fee is low.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.