Posts

Social Engineering: How to steal Brand New iPhones from Apple

Looks like there’s some worms in Apple.

3DNot too long ago, dozens and dozens of iPhones were stolen from two Apple stores. How could this happen, what with Apple’s security? Simple: The thieves wore clothes similar to Apple store employees and obviously knew the innards of the stores.

They sauntered over to the drawers that held the new phones, acting nonchalant to avoid attracting attention. In fact, a new face in Apple attire at one of the stung locations wouldn’t raise eyebrows since new employees are trained there.

What mistake did Apple make to allow these robberies? The introduction of new uniforms, perhaps? They came up with the idea of “back to blue, but all new” attire. But really, that shouldn’t be so easy.

This meant no one and only uniform, but rather, a variety of options that fit within a color and style concept. This makes it easy for someone off the street to visually blend in with store employees. There are six styles of just the top alone. You can pick up a strikingly similar top, including color, at Walmart. And unlike previous attire, which changed seasonally, this new line is meant to be permanent.

Have you yourself ever been mistaken for an employee at Walmart or Target (blue shirt, red shirt), or asked someone for assistance who replied, “I don’t work here”? See how easy it is to blend in—without even trying?

The theft at the two Apple stores are believed to be related, but the thieves are not known. It’s also not known if the thief or thieves were wearing an actual Apple top or just a look-a-like.

This ruse can easily be pulled off by anyone appearing to be in their early to mid-20s, clean-cut, wearing glasses (to look geeky), and with calm, cool and collected mannerisms—and of course, a royal blue shirt.

The solution would be for Apple to require a line of tops with a very distinct color pattern, and only two choices (short and long sleeved).

The lesson here: Not everything or everyone appears to be what they actually are. Social engineering is a confidence crime. As long as the thief has your confidence either in person, over the phone or via email, you are likely to get scammed.

Always be suspect. Always challenge what’s in front of you. Never go along to get along. And put systems, checks and balances in place to prevent being scammed. In this situation, proper, secure identification and authentication with proper checks would have prevented this.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Securing New Digital Devices

Laptops, desktops, Macs, mobiles, and tablets are on many people’s wish lists this holiday season. Once these shiny new devices are connected to the Internet, they will be under siege by malware created by criminals in order to steal identities.

According to a recent McAfee survey, 60% of consumers now own at least three digital devices, and 25% own at least five. Cybercriminals are taking advantage of these new opportunities by widening their nets to target a variety of devices and platforms. McAfee Labs is reporting an increase in Mac and mobile malware, while PC threats also continue to escalate.

Mobiles: Mobile malware is on the rise, and Android is now the most targeted platform.  Attacks aimed at the Android platform increased 76% from the first to second quarters of 2011. Malicious applications are a main threat area, so be careful of third party applications, and only download from a reputable app store. Read other users’ reviews and make sure you are aware of the access permissions being granted to each app.

Macs, iPads, and iPhones: Unfortunately, the popularity of Apple computers and devices has led to escalated threats. As of late 2010, there were 5,000 pieces of malware targeting the Mac platform, and they have been increasing at a rate of about 10% each month.

Since more threats are being aimed at this platform, consider installing security software for your Mac as a proactive measure. Check out Apple’s new iCloud service, which provides several tools for syncing, backing up, and securing data, and consider a product that offers remote locate, wipe, and restore features in case of loss.

Laptops and desktops: Your security software should include, at a minimum, antivirus software with cloud computing, a two-way firewall, anti-spyware, anti-phishing, and safe search capabilities. Additional levels of protection include anti-spam, parental controls, wireless network protection, and anti-theft protection to encrypt sensitive financial documents.

Gaming and entertainment devices: Remember that the Nintendo Wii and 3DS, PlayStation 3, and Xbox 360 are now Internet-connected, making them vulnerable to many of the same threats as PCs. To protect your investment, make reliable backup copies of your games. Take advantage of built-in parental controls that can help shield kids from violent games or limit when the device can be used.

Some multiplayer games allow kids to play with strangers over the Internet, so if you are a parent, consider employing monitoring tools. Connect your device to secure Wi-Fi networks only, and don’t store personal information on your device.

Removable storage devices: Flash drives and portable hard drives require technologies to protect your data. Consider using a secure, encrypted USB stick, which scrambles your information to make it unreadable if your device is lost or stolen. Install security software that protects portable hard drives, and set a password.  Since removable storage devices are small and easily stolen, you should not leave them unattended.

Learn more tips from McAfee here: http://blogs.mcafee.com/consumer/securing-new-devices

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)