Posts

What Happens if Your Social Security Number Gets Stolen?

It might be surprising to know that when Social Security numbers were first given out in the 1930s, that they were not used as a form of identification. However, whether you know it or not, most of us use our SSN every day, from visiting our doctor’s office to doing banking transactions. Your Social Security number is likely being accessed by humans and computers on a daily basis.

Social Security numberYour Social Security number is a form of verification, authentication, and it is even used as a password. Simply having it, simply knowing it, and entering it, verifies and authenticates its holder. However, it shouldn’t be like that at all.

You need your Social Security number to apply for a job, to open credit cards, and even to get married. Since we use this number so often, you might be wondering what happens if it gets stolen. Here’s what you should do:

Fraud Alert – The first thing to do is to get in contact with one of the three major credit bureaus. That one bureau then contacts the other two bureaus. You must put a fraud alert on your report. When you do this, a creditor or lender hopefully will use much stricter guidelines when they get a credit application. Keep in mind that these alerts only last for 365 days, but you can get an extension. Also keep in mind that this is not a full proof plan, the lender may not enable these stricter guidelines at all.

Credit Freezes – You should also consider freezing your credit. When this happens, you cannot use your credit to refinance or open a new line of credit until you go through the unfreezing process. Keep your credit frozen, and then unthaw it when you need it. Getting a credit freeze is a pretty simple process, it does require a bit of effort and organization, however it is a great way to protect your identity from new account fraud, we will discuss this in more detail and future posts.

Get ID Theft Protection – You should also think about getting ID theft protection. This can be an investment for some, but it also ensures that there is someone monitoring your credit 24/7. Identity theft protection services don’t actually protect you from much in the way of new account fraud, account take over, credit card fraud, criminal identity theft, tax related identity theft, medical related identity theft, but nothing else does either. However, what identity theft protection service does do is monitor your credit and there is an insurance component that kicks in and activates “identity theft expert restoration agents” that fix stolen identities. These people can get you back on track quickly if your identity is stolen.

Keep an Eye on Your Credit – If around 90 days have passed, and you don’t see anything weird on your credit report, don’t think that this automatically mean you are safe. A thief can use your info in other ways, too, so keep an eye on your credit report. Also keep in mind that your Social Security number can be used by a thief in perpetuity or until about six months after your perish. You can get a free copy online at AnnualCreditReport.com.

Be Cautious When Online – Finally, it is important that you make sure that you are using caution when online. Cybercriminal know every trick in the book, and people fall for them all of the time. Here are some things to remember:

  • Do not click on any email links. This is true even if it is from someone you know. Unless you are expecting it, do not click on anything in an email.
  • Do not open any email that is found in your spam folder.
  • Do not open emails that have sensational or exaggerated subject lines.
  • If you have the choice to use two-factor authentication, you should do it.
  • Have a firewall, an antivirus program, and anti-malware software.
  • Create a unique password for each account you have. Make sure that they are hard to guess, and don’t let them contain information like your name, pet’s name, etc.
  • Use a password manager.
  • Shred all of your documents that contain personal information before you put them into your garbage.
  • Don’t give your Social Security number out to anyone unless it is a total necessity.

Remember, if your credit is frozen and if you have identity theft protection combined, you have “multiple layers of security” and you can give your Social Security number out without much of a worry.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

8 Scams That go Beyond Pandemics

As you might know, scammers often take advantage of people during times of trouble, such as in the current atmosphere of the COVID-19 pandemic. Here are some of the scams that you should be on the lookout for:

pandemicAccount Takeovers

This is a scam where the cybercriminals take credentials obtained from data breaches to take over accounts. They are also trying to reach out to kids to give up their account credentials, as they know most of them are out of school.

Phishing

There are a lot of phishing scams out there that are taking advantage of peoples’ fears about COVID-19 pandemic. Right now, the most prolific are coming out about the World Health Organization, WHO. Preying on fears is a common tactic that people use, and when people click on links in emails that look like they come from WHO, they can get access to your devices, collect private information, and even steal address books.

Vishing

This is a tactic that scammers use to get access to people’s back account information. The scammer informs people that there is something wrong with their bank account, and that they should call a number. When they do, it is a VoIP number, and the victim can unknowingly give up their personal information, including their banking information.

Smishing

A smishing attack is similar to a vishing account, except it uses SMS instead of emails or phone calls to lure in their victims. Most of these smishing attacks are focused on the coronavirus and have a sense of urgency to them.

Social Media Attacks

Social media attacks are looking pretty legit these days, and that’s why it’s easy to fall for them. Essentially, they look like a social media post from a real retailer who is giving something away.

Fake e-Commerce Sites

There are also a ton of new fake e-commerce sites popping up, most of them claiming to sell things like masks, gloves, and other COVID-19 related products.

Rogue Mobile Apps

Fake mobile apps are also on the rise, and when downloaded, these apps can install things like spyware, malware, and ransomware on the person’s device.

Work at Home Scams

Finally, we have work at home scams, which are becoming very popular due to so many people being out of work. Often, these scams make people lose more money than they could make.

Don’t be a Victim

Here are some tips that you can use to stop yourself from becoming a victim of these scams:

  • Don’t respond to any texts or calls from numbers you don’t know or that seem suspicious
  • Don’t share any financial or personal information via text, email, or on the phone.
  • Be careful if you are asked to share information or make an immediate payment.
  • Scammers might try to spoof numbers to trick people into answering. Remember, there are no government agencies that will ask you for money or personal info.
  • Don’t click on links that you get in text messages. If you get one from a friend, make sure it is legitimate before clicking on it.
  • Always check that a charity is real before making any type of donation.

These cybercriminals are poised to profit from this pandemic, and they are doing all they can to take advantage of people. So, it’s important that you use caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Small Business a favorite Attack Vector

Small businesses are hardly immune to attacks by hackers.

  • The illusion of low attack risks comes from the publicity that only huge corporations get when they are breached, like Target, Sony and Anthem. These are giants, so of course it makes headline news.
  • But when a “ma and pa” business gets attacked, it’s not newsworthy.

11DIf you own a small business, ask yourself just how the mega-giant Target got infiltrated by cybercriminals in the first place. Answer: a ma and pa HVAC vendor of Target’s!

Cybercriminals thrive on the myth that only big companies get attacked. They know that many small outfits have their guards down; have only rudimentary security measures in place. Never assume you know everything that a hacker wants—or doesn’t want.

Think of it this way: Which burglar is more likely to make off like a bandit? One who attempts to infiltrate a palace that has a 10-foot-high stone wall, surrounding a moat that surrounds the palace, with motion sensors everywhere that set off piercing alarms; an army of Dobermans; and a high tower where guards are keeping a lookout?

Or the burglar who tries to break into a small townhome with only a deadbolt and window screens for security? Sure, the palace has millions of dollars worth of wall art alone, but what chances does the burglar have of getting his hands on it? The little townhome just might have some electronics and jewelry he can sell underground.

No business is too small or its niche too narrow to get a hacker’s attention; just like any burglar will notice an open ground floor window in that little townhome at 3 a.m.

  • Never use lack of funds as an excuse to cut corners on security.
  • Share security information with competitors in your niche.
  • Consider the possibility that a cyber attack can be an inside job in your little company—something relatively easy to pull off (e.g., every employee probably knows the direct e-mail to the company owner).
  • Get cyber attack insurance. A halfway-sized cyber attack could cripple any small company and have tangential fallout.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ransomware Hackers provide Customer Service Dept. to Victims

Yes, believe it or not, ransomware has become such a booming business for thieves, that these cyber thugs even provide bona fide customer service departments to guide their victims!

4DWhen ransomware infects your computer, it holds your files hostage; you can’t access them—until you pay the hacker (usually in bitcoins). Once paid, the crook will give you a decryption “key.” Sometimes the fee will go up if you don’t pay by a deadline. Fees may a few to hundred to several hundred dollars to way more for big businesses.

Thieves typically include instructions on how to pay up, and they mean business, sometimes being “nice” enough to offer alternatives to the tedious bitcoin process. They may even free one file at no cost just to show you they’re true to their word.

As the ransomware business flourished, particularly Cryptolocker and CryptoWall, hackers began adding support pages on their sites to victims.

An article at businessinsider.com mentions that one victim was able to negotiate a cheaper ransom payment.

Why would thieves support victims?

  • It raises the percentages of payments made; the easier the process, the more likely the victim will pay. The businessinsider.com article quotes one ransomware developer as stating, “I tried to be as [much of] a gentleman thief as my position allowed me to be.”
  • It makes sense: If victims are clueless about obtaining bitcoins and are seeking answers, why wouldn’t the crook provide help?

Perhaps the most compelling reason why bad hackers would want to help their victims is to get the word out that if victims pay the ransom, they WILL get their decryption key to unlock their encrypted files.

This reputation puts the idea into the heads of victims to “trust” the cyberthief. Otherwise, if ransomware developers don’t give the key to paying victims, then word will spread that it’s useless to pay the ransom. This is not good for the profit-seeking hacker.

These crooks want everyone to know that payment begets the key. What better way to establish this reliability than to provide “customer” support on websites and also via call centers where victims can talk to live people?

Apparently, at least one ransomware developer has a call center where victims can phone in and get guidance on how to get back their files.

Prevent ransomware by keeping your devices update with the latest OS, antivirus, updated browser, and back up your data both locally and in the cloud.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Phishing 101: How Not to Get Hooked

You’d think that it would be as easy as pie to avoid getting reeled in by a phishing scam. After all, all you need to do is avoid clicking on a link inside an email or text message. How easy is that?

A phishing scam is a message sent by a cybercriminal to get you to click on a link or open an attachment. Clicking on the link or attachment downloads a virus, or takes you to a malicious website (that often looks like real site).

You are then tricked into entering user names, passwords and other sensitive account information on the website that the scammer then uses to take your money, steal your identity or impersonate you.

Intel Security recently designed a quiz to help people identify a phishing email. Sometimes they’re so obvious; for example, they say “Dear Customer” instead of your actual name, and there are typos in the message. Another tip-off is an unrealistic “threat” of action, such as closing down your account simply because you didn’t update your information. Some scammers are more sophisticated than others and their emails look like the real thing: no typos, perfect grammar, and company logos.

The quiz showed ten actual emails to see if all of us could spot the phishing ones.

  • Out of the 19,000 respondents, only 3% correctly identified every email.
  • 80% thought at least one phishing email was legitimate.
  • On average, participants missed one in four fraudulent emails.

image001

The biggest issue may not be how to spot a phishing scam as much as it is to simply obey that simple rule: Don’t click links inside emails from unknown senders! And don’t download or click on attachments. Now if you’re expecting your aunt to send you vacation photos and her email arrives, it’s probably from her.

But as for emails claiming to be from banks, health plan carriers, etc.…DON’T click on anything! In fact, you shouldn’t even open the message in the first place.

And I can’t say this enough: Sorry, but you aren’t special enough to be the one person to be chosen as the recipient of some prince’s lofty inheritance. And nobody wins a prize out of the blue and is emailed about it.

A few more things to keep in mind:

  • An email that includes your name can still be a phishing scam.
  • Don’t fret about not opening a legitimate message. If it is, they’ll call you or send a snail mail.
  • You can also contact the company directly to see if they emailed you anything.

Want to see how your phishing skills stack up? Take the Intel Security quiz, here.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is Browser Hijacking?

Imagine it. You sit down at your computer about to do your daily perusal of Buzzfeed  or check out The Financial Times but your homepage is now some weird search engine you’ve never seen before. Guess what? You’ve been hijacked.

IEBrowser hijacking is when your Internet browser (eg. Chrome, FireFox, Internet Explorer) settings are modified. Your default home or search page might get changed or you might get a lot of advertisements popping up on your computer. This is done through malicious software (malware) called hijackware. A browser hijacker is usually installed as a part of freeware, but it can also be installed on your computer if you click on an attachment in  an  email, visit an infected site (also known as a drive-by download), or download something from a file-sharing site.

Once your browser has been hijacked, the cybercriminal can do a lot of damage. The program can change your home page to a malicious website, crash your browser, or install spyware. Browser hijackers impede your ability to surf the web as you please.

Why do criminals use browser hijackers?
Like other malware and scams,  hijacked browsers can bring in a good chunk of money for the hacker. For example, one browser hijacker, CoolWebSearch, redirects your homepage to their search page and the  search results go  to links that the hijacker wants you to see. As you click on these links, the cybercriminal gets paid. They can also use information on your browsing habits to sell to third parties for marketing purposes.

Browser hijackers are annoying and sometimes they can be tough to get rid of. Here are some ways to prevent your browser from getting hijacked:

  • Carefully read end user license agreement (EULA)documents when installing software. Often times, mentions of browser hijackware are hidden in the EULA, so when you accept the user agreements, you might be unknowingly accepting malware.
  • Be cautious if you download software from free sites. As the old saying goes, free is not always free—you may be getting additional items with your free download.
  • Keep your browser software up-to-date.
  • Use comprehensive security software, like the McAfee LiveSafe™ service, to keep all your devices protected.

For other security tips and advice, follow McAfee_Consumer on Twitter or like the McAfee Facebook page.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

USB Drives have serious Security Flaws

That little thing that you stick in your computer to store or transfer data can also mean very bad news.

3DThe USB device or “flash drive” can be reconfigured to work like a little thief, for instance, being made to mimic a keyboard and take instructions from the master thief to rip off data or install malware. It can be made to secrete a virus before the operating system boots up, or be programmed to alter the computer’s DNS setting to reroute traffic.

There’s no good defense for these kinds of attacks. The firmware on the USB devices can’t be detected by malware scanners. Biometrics are out because when the firmware changes, it simply passes as the user plugging in a new flash drive.

Cleaning up the aftermath is no picnic, either. Reinstalling the operating system doesn’t resolve the problem because the USB device, from which installation occurs, may already be infected. So may be other USB components inside one’s computer.

Whitelisting USB drives is pointless because not all have unique serial numbers. Plus, operating systems lack effective whitelisting mechanisms. Also, Malicious firmware can pass for legitimate firmware.

To prevent a bad USB from infesting a computer, the controller firmware must be locked down, unchangeable by an unauthorized user. USB storage devices must be able to prevent a cybercriminal from reading or altering the firmware. It must make sure that the firmware is digitally signed, so that in the event it does become altered, the device will not interface with the altered firmware.

  • Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
  • Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
  • Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
  • Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is Fake Antivirus Software?

Most of you know how important it is to have security software on your computers to stay protected from viruses, malware, spam and other Internet threats. Unfortunately, cybercriminals also know that it is critical to have security software, and they are using this knowledge to trick us into downloading fake antivirus software that is designed to do harm to your computer.

6DFake antivirus software is one of the most persistent threats on the Internet today. It masquerades as legitimate software, but is actually a malicious program that extorts money from you to “fix” your computer. And often, this new “antivirus” program disables your legitimate security software that you already have, making it challenging to remove.

These rogue programs often hook you while you’re browsing the web by displaying a popup window that warns the user that their computer may be infected. Often, the popup includes a link to download security software that offers to solve the problem, or redirects you to a site that sells the fake antivirus software. It is also often also called scareware since the hackers use messages like “You have a virus,” as a way to get you to click on their message.

Because the idea of having an infected machine is alarming to us—it can mean lost data, time, and money—most of us are eager to get rid of any potential problems, and this is what has made the bad guys who make fake antivirus software so successful.

And once you agree to the purchase, the cybercriminals end up with your credit card details and other personal information, and you get nothing but malware in return.

So here’s some steps you can take to protect yourself from the bad guys:

  • Never click on a link in a popup window. If you see a message pop up that says you have a virus or are infected, click the “x” in the corner to close it.
  • If you are concerned that your computer may be infected, run a scan using the legitimate security software you have installed on your device.
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service, which protects all your PCs Macs, tablets, and smartphones from online threats as well as safeguarding your data and identity.

While it is frightening to think that your computer may be infected, don’t fall for fake alerts that could compromise your personal and financial information. Take a minute to run a scan using your trusted security software rather than give more money to the bad guys.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Security Beyond the Desktop

A defensive posture no longer suffices for the protection of the devices and data that have become ubiquitous in today’s digital world. Rather than simply rushing to install defenses on computers, in networks, and in the cloud, we urgently need to step back and take a broader view of the security landscape, in order to take more calculated preemptive measures.

McAfee Security Journal is a publication intended to keep security executives and technical personnel informed about various cutting edge topics in order to help them make better-informed security decisions. Regular, everyday computer users can increase their security intelligence by having a read. The report details the following highlights on the evolution of cyber threats and the necessity of a more inclusive security strategy:

The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees. Educating employees on secure practices is not enough—organizations need to install a proper framework to empower and encourage employees to make a habit of using these practices.

Mobile is everywhere: Mobile attacks are becoming more sophisticated every year. Instead of rendering a device unusable, hackers are now finding ways to steal sensitive personal data that can be lucratively exploited. Hackers are also broadening their target range to include less common mobile systems, such as the GPS system in your car, for example.

Cloud-based apps on the rise: The popularity of cloud-based applications has made them an attractive target for hackers and other cybercriminals. However, the cloud is also a highly efficient way to scale security and protection for a business. Leveraged correctly, the cloud both helps reduce your security costs and can actually increase your overall security posture.

Data is king: Whether it’s stored on a smartphone, in the cloud, or on a network, cybercriminals are after your data. It is crucial that organizations take proper precautions to secure this data.

Learn from mistakes: For those who take the time to study it, history is a great teacher. Analytics help identify patterns, vulnerabilities, and even motives.

Understanding these concepts can help prevent attacks in the future. For a full copy of the McAfee Security Journal: Security Beyond the Desktop, visit McAfee.com.

 

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)