Posts

Young Kids Getting Sexually Exploited Online More Than Ever Before

An alarming new study is out, and if you are a parent, you should take note…children as young as 8-years old are being sexually exploited via social media. This is a definite downturn from past research, and it seems like one thing is to blame: live streaming.

Robert Siciliano Quora Breach

YouTube serves up videos of kids, in clothing, that pedophiles consume and share as if it is child porn. It’s gotten so bad that YouTube has had to disable the comments sections of videos with kids in them.

Apps like TikTok are very popular with younger kids, and they are also becoming more popular for the sexual predators who seek out those kids. These apps are difficult to moderate, and since it happens in real time, you have a situation that is almost perfectly set up for exploitation.

Last year, a survey found that approximately 57 percent of 12-year olds and 28% of 10-year olds are accessing live-streaming content. However, legally, the nature of much of this content should not be accessed by children under the age of 13. To make matters worse, about 25 percent of these children have seen something while watching a live stream that they and their parents regretted them seeing

Protecting Your Children

Any child can become a victim here, but as a parent, there are some things you can do to protect your kids. First, you should ask yourself the following questions:

  • Are you posting pictures or video of your children online? Do you allow your kids to do the same? A simple video of your child by the pool has become pedophile porn.
  • Do you have some type of protection in place for your kids when they go online?
  • Have you talked to your children about the dangers of sharing passwords or account information?
  • Do your kids understand what type of behavior is appropriate when online?
  • Do you personally know, or do your kids personally know, the people they interact with online?
  • Can your kids identify questions from others that might be red flags, such as “where do you live?” “What are your parents names?” “Where do you go to school?”
  • Do your kids feel safe coming to you to talk about things that make them feel uncomfortable?

It is also important that you, as a parent, look for red flags in your children’s behavior. Here are some of those signs:

  • Your kid gets angry if you don’t let them go online.
  • Your child become secretive about what they do online, such as hiding their phone when you walk into the room.
  • Your kid withdraws from friends or family to spend time online.

It might sound like the perfect solution is to “turn off the internet” at home, but remember, your kids can access the internet in other ways, including at school and at the homes of their friends. It would be great to build a wall around your kids to keep them safe, but that’s not practical, nor is it in their best interest. Instead, talk to your child about online safety and make sure the entire family understands the dangers that are out there.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Who Has Access to Your Personal Info? The Answer Might Surprise You

Are you aware that many people probably have access to your personal info? If you have ever gotten an apartment, have insurance, or applied for a job, someone has done a background check on you, and you might be shocked by what’s in there, including your debts, income, loan payments, and more. On top of this, there are also companies collecting information on you including:

  • Lenders
  • Employers
  • Government agencies
  • Volunteer organizations
  • Landlords
  • Banks/credit unions
  • Insurance companies
  • Debt collectors
  • Utility companies…and more

Thanks to the Fair Credit Reporting Act (FCRA), you can get a copy of these reports every year for a small fee, and they are free if there has been any type of adverse action against you. You can also get this information from certain organizations including the following:

Credit Agencies

Most people know the main credit reporting bureaus, Experian, TransUnion, and Equifax. The reports that these companies give you can include your loan and credit card payment history, how much credit you have, info from debt collectors, and other information.

Employment Screening

If you have applied for a job, you might have gone through employee screening. These employers have access to things like your salary history, credit history, education, and even criminal history.

Housing/Tenant Screening

If you have ever rented an apartment or home, your landlord might have done a background check, too. This might include prior evictions and other negative information.

Banking and Check Screening

Your bank also might have information on you, which could include your banking history, such as negative balances on your checking account or unpaid bills.

Medical Insurance

Finally, if you have medical insurance, your insurance company has probably also done a background check on you. These policies include life insurance, health insurance, long-term care insurance, critical illness insurance, or disability insurance.

Lifehacker and the Consumer Financial Protection Bureau’s 2019 report compiled a pretty amazing list below. Check it out.

The nice thing about these things, however, is that you have a right to access all of these reports, too. In most cases, these reports are free. You can ask these organizations what background check companies they are using, and then you might be able to request a free report. Again, if there is any negative information on these reports that cause you to, for instance, not be hired by an employer, you will automatically get a free copy of this report so you can see the derogatory information for yourself, and then take any steps you can to change it.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Protect your USPS Mail from Getting Stolen

USPSID stands for U.S. Postal Service Informed Delivery. It is a good thing to sign up for because it informs you of your expected deliveries.

But there’s a problem: Someone ELSE could pose as you and sign up for this service, getting your mail before you have a chance to.

In fact, it has already happened. Crooks have signed up as other address owners and collected their mail.

This can lead to credit card fraud if some of that mail includes new credit cards or credit card applications.

And what if the mail includes a check? The thief could find a way to get it cashed. What a thief could do with your mail is limited only by his or her imagination.

Krebsonsecurity.com reports that seven crooks in Michigan used the USPS to, not surprisingly, apply for credit cards via those applications that we all get.

Then they waited for the new cards to arrive. They knew just when they’d arrive, too, and planned to raid the owner’s mailbox on that date. Of course, the owners never even knew that the cards were applied for.

The crooks obtained the cards and spent a total of about $400,000. Needless to say, they didn’t bother stealing the bills.

Though a key on your mailbox will surely help, you can add an extra layer of protection by emailing eSafe@usps.gov to opt out of the service. This will prevent anyone from using it in your name.

KrebsOnSecurity reports that this email address may be inactive. So at least have your mailbox fashioned with a lock – even if you do get a response from that email address.

Another thing you can do is get a credit freeze, though this doesn’t guarantee 100 percent that a thief won’t be able to sign up your address with the USPS, but the freeze will prevent new credit cards being opened in your name.

What Else Can You Do?

  • Check your existing credit card statements every month for any odd or unfamiliar charges and report them immediately even if the amount is small.
  • Contact credit reporting agencies (Equifax, Experian and TransUnion) and sign up for alerts to any changes in your credit report.
  • Can’t be said enough: Get a locking mailbox, there’s simply too much sensitive information not to.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

 

Protect Yourself From Gift Card Scams

So maybe Christmas now means the very predictable gift card swap, but hey, who can’t use a gift card? But beware, there are a ton of scams. This includes physical, not just digital, gift cards.

Regardless of who gave you the card, you should always practice security measures. Below are two common ways that fraudsters operate.

Transform Gift Card to Cash Twice.

If someone gives you a $200 gift card to an electronics store and then it’s stolen, you technically have lost money, as this is the same as someone stealing a wad of cash from your pocket.

Nevertheless, you’ll feel the loss just as much. Crooks who steal gift cards have numerous ways of using them.

  • Joe Thief has plans on buying a $200 item with your stolen gift card from your gym locker.
  • But first he places an ad for the card online, pricing it at a big discount of $130 saying he doesn’t need anything, he just needs money.
  • Someone out there spots this deal and sends Joe the money via PayPal or Venmo.
  • Joe then uses the $200 gift card to buy an item and sells it on eBay
  • And he just netted $130 on selling a stolen gift card that he never shipped.

Infiltration of Online Gift Card Accounts

Joe Thief might also use a computer program called a botnet to get into an online gift card account.

  • You must log into your gift card account with characters.
  • Botnets also log into these accounts. Botnets are sent by Joe Thief to randomly guess your login characters with a brute force attack: a computerized creation of different permutations of numbers and letters – by the millions in a single attack.
  • The botnet just might get a hit – yours.

Here’s How to Protect Yourself

  • Be leery of deals posted online, in magazines or in person that seem too good to be true and are not advertised by reputable retailers.
  • Buy gift cards straight from the source.
  • Don’t buy gift cards at high traffic locations, at which it’s easier for Joe to conceal his tampering.
  • Change the card’s security code.
  • Create long and jumbled usernames and passwords to lessen the chance of a brute force hit.
  • The moment you suspect fraudulent activity, report it to the retailer.
  • Spend the card right away.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How Your Username Can Be used to Track You

You probably have a few usernames, or you might have just one that you use for every site. Either way, your user names can be used not just to identify you online, but it can also be used to track you and find out information about you. How do people track you based on your user name? They do the following:

They Start with a Google Search

The first thing people do to track your username is do a Google search. You will be amazed by all of the information that is out there. However, Google is not the only game in town, so the best scammers will search on other search engines, too, including Bing,  USA.gov, various information broker sites and within social media.

They Then Move on to Social Networks

With so many people on social networks, it is a good possibility that a scammer can find you there, too, especially if they know the username that you use over and over again. It’s easy to find someone on sites like Facebook, Pinterest, Twitter, and Instagram, and in many cases, this is a gold mine of information for them.  Once they find your account, they can do any number of things like save your profile image, and then do a reverse image source. This often helps them find even more information.

Don’t Forget the Blogs

Savvy searchers will also do searches of a username on blogging sites like Tumblr, Blogger, and LiveJournal. Unless your blog is locked down, and most are not, they can read them.

Do a General Sweep of Username Searches

There are other sites, too, that allow people to search by username. For example, you can search for a username on Spotify. This could tell them what types of music you like. They also might look on a site like Reddit, and they can see any comments you have made. They aren’t done yet, though…you can even search for usernames on sites like Amazon.com and eBay. As you can imagine, once they go through all of these steps, they can know a ton about you.

You might think that this is an invasion of privacy, but all of this information is totally legal, totally available, and totally free.

And many of you are TOTALLY putting it ALL out there!

If you put your information out there, it is there for anyone to look at and use as they will. So, consider changing up your usernames, and while you are at it, take a look at your accounts and content to make sure nothing there’s going to get you in trouble, and beef up the security options.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Do Not take that Stupid Facebook Quiz

Where should you live in the world? What Game of Thrones family are you in? What is the food that best describes your personality? All of these answers are given and found by doing quizzes on Facebook. You have surely seen them if you use Facebook, and have may have taken these quizzes, but you definitely might want to consider stopping. If you have ever used one of these quizzes, you have probably given these third-party apps permission to access some of your personal data. Not only does this affect you, it might also affect the people on your friends list. How does it affect you? These answers can sometimes crack password reset questions,

Here are some tips that you can use to protect yourself:

Use Two-Factor Authentication – Almost all social media sites offer two-factor authentication. This allows you to further lockdown your accounts, as you won’t be able to sign in with only a password. Instead, you need a password and a code, which is often sent to you via text message. So, no one can log into your account even if they have your password, unless they also have access to your phone and texts.

Stop Taking Quizzes – The best thing you can do to protect yourself is to stop taking those quizzes. Though they look innocent enough, every click gives the company information on you. It’s true that not all companies collect your personal info, but you really have to do some digging in the terms of service to see if they do or not.

Check Your Privacy Settings – When is the last time you reviewed your privacy settings on Facebook? If you are like most of us, it’s probably been awhile. So, take some time to log in and do this. If you need a tip, choose to only share with yourself by clicking “Only Me” on all of the settings. That’s the safest, but after all, this is SOCIAL media, so you might want to pick and choose.

Look at What You Share – You should also look in your app security to find out what you are sharing with third-parties. You might be surprised at what you see.

Delete Old Accounts – Finally, make sure that you take a look at, and delete, any old social media accounts. If you don’t want to delete it, at a minimum, change your password. Also, Google yourself and see what accounts come up. If you can find it, you can bet that a hacker can.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

15 Year Old’s Naked Photos Spread Like Wild Fire

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

You have probably heard the story before. Teenage girl takes some scantily clad photos and sends them to her latest boyfriend. “What could go wrong?,” she thinks. Well, a lot could go wrong, and an article on Vice.com really lays that out. You might think that the boyfriend is to blame for this 15-year old’s photos spreading like wildfire, but the truth is this: he deleted them soon after getting them…the photos got out because the teen kept them on her phone and some classmates took that phone.

Ultimately, the photos got into the hands of the victim’s best friend. At this point, you probably think “Phew…the photos are safe.”  Wrong again. Her “best friend” ended up posting the photos to a blog. Many years later, the victim found out why…her “best friend” was mad that she had sent some angry texts to her the night before, and that her main motivation was to simply hurt her friend because of those texts. That’s all it took for a teen’s life to be effectively ruined for months.

When things like this happen, many women are made to feel guilty that they took these photos, and this is a type of digital violence. In fact, more women are now seeking counseling to help to combat these feelings. The thing is, if you have a nude photo, you are certainly not immune. Teens often become victims here, but so do adult women and celebrities. In most cases, someone else is spreading these photos, but the victim is often blamed.

In late 2017, the EU passed new laws that help to better protect people who find themselves in this situation, and in 2015, the British government made these actions a crime, too. However, in most other countries, no such laws exist.

In this case, the victim ended up forgiving her classmates, but as an adult, she still has not overcome the invasion of her privacy. She also still struggles with the fact that most people in the community blamed her…not the boys who stole her phone, nor her friend, who posted them on the internet. She says that people came up to her for years after the incident and told her they saw those photos, too, and she still has that feeling that she did something wrong.

Finally, as a society, we have to find ways to make sure that victims of these crimes are taken seriously, and ensure that video sites, like YouTube, and social media sites, like Facebook, respond immediately when notified of content like this.

And, please, I’m not blaming the victim here, and a bit of advice, no naked pics of yourself, girlfriend, husband or wife please. It’s a bit too risky and can have significant consequences.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Is Your Small Business Staff Trained in Security Awareness?

The Ponemon Institute released a shocking statistic: about 80% of all corporate data leaks is due to human error. In other words, it only takes a single staff member to cause a huge issue. Here’s a scenario: Let’s say that you have an employee, Betty. Betty is lovely. We love Betty. But when Betty is checking her personal email during her lunch break and sees she has an offer that promises a 10-pound weight loss in only a week, she clicks the link. She wants to learn more about it, so she clicks the link in the email. What she doesn’t realize is that by clicking that link, she just installed a virus onto the computer. In addition, the virus now has access to your company’s network.

This was a very simple act, one that most of us do every day. However, this is why it is so important that your staff is up to date on security awareness. How can you do this? Here are some tips:

  • Present your staff with information about being aware of security, and then come up with a set up where you send them a link they want to click on. This is a process known as “phishing simulation.” If your staff members click on the links, and they probably will, it will take them to a safe page. However, on the page is a message telling them that they fell for a scam, and though they are safe this time, there could be great repercussions.
  • The staff members who click the link should be tested again. This way, you will know if the message got through.
  • Make sure when you give these tests that it isn’t predictable. Send the emails at different times of day and make sure they look different and have a different message. For instance, don’t send the “lose 10 pounds” email twice.
  • Think about hiring someone, a stranger, who will try to get your staff to give them sensitive information about your company over the phone, through email, or even in person. This is a valuable test, as it helps you to determine who the “weak links” are in your company.
  • Give your staff quizzes throughout the year to see who is paying attention to security.
  • You should focus on education, not discipline, when you are doing this. Don’t make them feel bad or punish them. Instead, make sure they know what they did wrong and work on not doing it again.
  • Ensure that your team knows that a data breach can also result in financial, legal, and criminal problems.
  • Schedule checks of workstations to see if any employee is doing something that might compromise your company’s sensitive data. This includes leaving information on a screen and walking away.
  • Explain the importance of security to your staff, and encourage them to report any activity that seems suspicious.
  • After training and testing your staff, make a list of all concepts that you want them to understand. Look at this list often, and then evaluate it time and time again to see if anything needs changed.
  • Don’t forget company officers. When company officers are omitted from this kind of training it poorly reflects on the organization. Some security personnel are afraid to put their Executives on the spot. That is a huge mistake. Security starts from the top.

Remember, there is nothing wrong with sharing tips with your staff. Post them around the office and keep reminding them to stay vigilant. This helps the information to remain fresh in their minds, and helps you to recognize those who are taking security, seriously.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Black Hat 2017 was an Amazing Event

In July, more than 15,000 security pros, hackers, hobbyists, and researchers met in Las Vegas for the Black Hat Conference 2017 at Mandalay Bay in Las Vegas. This was the 20th year that the security conference was held, and both black and white hat hackers joined together to discuss security.

For two decades, Black Hat has gained a reputation for demonstrations of some of the most cutting-edge research in information security as well as development and industry trends. The event has also had its share of controversy – sometimes enough to cause last-minute cancelations.

Launched in 1997 as a single conference in Las Vegas, Black Hat has gone international with annual events in the U.S., Europe and Asia.

Black Hat 2017 was almost a full week of everything having to do with IT security. There were hands-on training sessions, a full business hall where vendors gathered with swag and products, and of course, parties. I hit 5 parties in 3 nights. I’m totally spent.

This is a conference that attracted some of the brightest people in the world of security, and has a reputation for bringing together all types of professionals and amateurs interested in hacking, security, or the latest in encryption.

What’s interesting about Black Hat 2017 is that there is something for everyone. From hackers trying to hack hackers to remaining “off the grid,” you never know what you might find. In fact, most people who attended this conference decided to stay away from electronic communication all together. Let’s just say leaving devices in airplane mode, shutting off Wi-Fi, using VPNs, and always utilizing two-factor authentication for critical accounts is the norm during the conference for veteran attendees.

One of the most popular parts of Black Hat 2017 was the briefing on business protection. It’s important to note that many companies have employees that simply don’t comply with security policies. Additionally, these policies aren’t governed enough, and it is costing millions. In her presentation Governance, Compliance and Security: Three Keys to Protecting Your Business, the speaker from HP, Sr Security Advisor, Dr. Kimberlee Brannock, during her 16-year tenure at HP, Dr. Kimberlee Brannock has used her extensive education and experience in compliance and governance to shape HP’s security standards. shared why it’s not always enough to secure business networks and why governance and compliance really matters. With 25 billion connect devices by 2020, maintaining proper network and data security compliance is an important concern for any business, as noncompliance costs businesses an average $9.5 million annually through fines, lost business and lawsuits.

Another very popular briefing at Black Hat 2017 was Staying One Step Ahead of Evolving Threats demonstrated on average, an organization has more than 600 security alerts each week, and over 27,000 endpoints leading to 71% of data breaches starting from the endpoint.

Most put in thousands of hours, and dollars, for that matter, on securing servers, laptops, and data centers, but many companies are ignoring other areas of security vulnerability. One of the best things about this briefing was that the leader, Michael Howard from HP, Chief Security Advisor, as Worldwide Security Practice Lead, Mr Howard is responsible for evolving the strategy for security solutions and services in Managed Services. He gave a lot of information on printer security, something that most businesses fail to address. He used real-world examples of how some of the most secure organizations are still lagging in their print security and share how he uses a proven framework to secure the print infrastructure.

Overall, Black Hat 2017 was an eye-opening experience, and with the world of network security changing all of the time, all in attendance surely learned something new. I met a ton of very cool characters, partied hard, drank too much, ate too much, slept none and to keep my data secure, I’m considering moving off grid to a cave in the Outback of Australia.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.