Posts

Beware of Amazon’s scary Customer Service Hack

Do you shop at Amazon.com? Are you aware they have a back door through which hackers can slip in?

11DLet’s look at Eric’s experience with hackers and Amazon, as he recounts at medium.com/@espringe.

He received an e-mail from Amazon and contacted them to see what it was about. Amazon informed him that he had had a text-chat and sent him the transcript—which he had never been part of.

Eric explains that the hacker gave Eric’s whois.com data to Amazon. However, the whois.com data was partially false because Eric wanted to remain private.

So Eric’s “fake” whois.com information wasn’t 100 percent in left field; some of it was true enough for the customer service hack to occur, because in exchange for the “fake” information, Amazon supplied Eric’s real address and phone number to the hacker.

The hacker got Eric’s bank to get him a new copy of his credit card. Amazon’s customer service had been duped.

Eric informed Amazon Retail to flag his account as being at “extremely high risk” of getting socially engineered. Amazon assured him that a “specialist” would be in contact (who never was).

Over the next few months, Eric assumed the problem disintegrated; he gave Amazon a new credit card and new address. Then he got another strange e-mail.

He told Amazon that someone was impersonating him, and Amazon told him to change his password. He insisted they keep his account secure. He was told the “specialist” would contact him (who never did). This time, Eric deleted his address from Amazon.

Eric became fed up because the hacker then contacted Amazon by phone and apparently got the last digits of his credit card. He decided to close his Amazon account, unable to trust the giant online retailer.

  • Frequently log into your account to check on orders. See if there are transactions you are unaware of. Look for “ship to” addresses you didn’t authorize.
  • Amazon’s customer support reps should be able to see the IP address of the user who’s connecting. They should be on alert for anything suspicious, such as whether or not the IP address is the one that the user normally connects with.
  • Users should create aliases with their e-mail services, to throw off hacking attempts. In other words, having the same email address for all your online accounts will make it easy for them to be compromised.
  • If you own domain names, check out the “whois” info associated with the account. It may be worth making it private.

Be very careful when sharing information about yourself. Do not assume that just because a company is a mega giant (like Amazon), it will keep your account protected from the bad guys.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Bitdefender’s BOX: All-in-one Cybersecurity from one App

Gee, if your home is connected to lots of different devices, doesn’t it make sense that your cybersecurity integrates all your connected devices? Meet the Bitdefender BOX, a network bulletproofing hardware cybersecurity tool for the home that embraces smart home protection focusing on the Internet of Things with remote device management offering next generation privacy protection.

boxBOX description:

  • One complete security solution for connected homes
  • Sets up to a router
  • Is controlled by the user’s mobile device and hence, can be controlled anywhere
  • Everything is protected: not just your computer, but all of your connected devices, like your baby monitor, TV, thermostat, garage door opener and house alarm system. You name it; it’s protected from hackers.
  • BOX works with an annual subscription much like most cyber security “security as a service” technologies.

Features:

  • Easy Setup. Just plug and play.
  • Advanced Threat Protection. In and outside your home network. You’re safe on the go as well!
  • Management and Control. All available in one app, at your fingertips, anywhere you are.

So, protection from hackers means that you can have peace of mind knowing that BOX is warding off attempts at ID theft, fraudulent activities, cyber snooping and other threats.

All you need to do is connect BOX to your router via one of its ethernet ports. Then get the BOX application going. Its user friendly and you just follow its easy instruction: all of a few minutes’ worth. BOX then goes to work to intercept cyber threats at the network level. And all from just one app.

So yes, you need a smartphone (Android or iOS) to take advantage of BOX. If you’ve been on the fence about getting a mobile device, move out of your cave, junk your Pinto, cut your mullet, and get the BOX.

Think of how great it would be to be alerted of network events through this does-it-all application that you can control no matter where you’re located. This means you can control all of your connected devices.

One of BOX’s features is the Private Line. This protects your Internet browsing experience, including making you anonymous. Other features:

  • Protection against hacking attempts including lures to malicious sites.
  • Protection against viruses, malware including downloads, phishing, etc.
  • Protection against anyone wanting to pry open your files and see what’s in them or steal them.
  • Protection occurs even when you’re using public Wi-Fi, such as at a hotel, airport or coffee house!

Who needs BOX?

Everyone who has connected devices at home and uses the Internet. This is like asking, who needs a lock on their home’s door? Anyone who lives in a home.

Think about a home and home security as an example. If you’re going to have a lock, it should be a good lock, right? But the lock is only effective if you actually lock it. You also need to lock up your windows and consider a home security system. These are all “layers of protection. Well, the BOX is multiple layers of protection for protecting your online experience as well as computer files.

BOX is designed for non-techy users, so if you’re one of those people who is “not good with computers,” you’ll still find BOX’s setup and navigation quite friendly. It also helps set up password-protected Wi-Fi network does for you and you can even let guests use a secured Wi-Fi network. This post is brought to you by Bitdefender BOX.

Can the cloud be trusted?

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

4HA cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

  • How often do you clean out dormant accounts?
  • What type of authentication is used?
  • Who can access and see my data?
  • Where is the data physically kept?
  • What level of encryption is in place?
  • How is the data backed up?
  • What’s in place for physical security?
  • Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

  • All data, even if old or irrelevant, should be backed up.
  • Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
  • Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

2016 Information Security Predictions

No bones about it, 2016 is sure to see some spectacular, news-chomping data breaches, predicts many in infosec. If you thought 2015 was interesting, get your seatbelt and helmet on and prepare for lift off…

4WWearable Devices

Cyber crooks don’t care what kind of data is in that little device strapped around your upper arm while you exercise, but they’ll want to target it as a passageway to your smartphone. Think of wearables as conduits to your personal life.

Firmware/Hardware

No doubt, assaults on firmware and hardware are sure to happen.

Ransomware

Not only will this kind of attack continue, but an offshoot of it—“I will infect someone’s device with ransomware for you for a reasonable price”—will likely expand.

The Cloud

Let’s not forget about cloud services, which are protected by security structures that cyber thieves will want to attack. The result could mean wide-scale disruption for a business.

The Weak Links

A company’s weakest links are often their employees when it comes to cybersecurity. Companies will try harder than ever to put in place the best security systems and hire the best security personnel in their never-ending quest for fending off attacks—but the weak links will remain, and cyber crooks know this. You can bet that many attacks will be driven towards employees’ home systems as portals to the company’s network.

Linked Stolen Data

The black market for stolen data will be even more inviting to crooks because the data will be in sets linked together.

Cars, et al

Let’s hope that 2016 (or any year, actually) won’t be the year that a cyber punk deliberately crashes an Internet connected van carrying a junior high school’s soccer team. Security experts, working with automakers, will crack down on protection strategies to keep cyber attacks at bay.

Threat Intelligence Sharing

Businesses and security vendors will do more sharing of threat intelligence. In time, it may be feasible for the government to get involved with sharing this intelligence. Best practices will need hardcore revisions.

Transaction Interception

It’s possible: Your paycheck, that’s been directly deposited into your bank for years, suddenly starts getting deposited into a different account—that belonging to a cyber thief. Snatching control of a transaction (“integrity attack”) means that the thief will be able to steal your money or a big business’s money.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

11 Ways to Mitigate Insider Security Threats

Companies are constantly attacked by hackers, but what if those attacks come from the inside? More companies than ever before are dealing with insider security threats.Here are 11 steps that all organizations should take to mitigate these threats and protect important company data:11D

  1. Always encrypt your data If you want to minimize the impact of an insider threat, always encrypt data. Not all employees need access to all data and encryption adds another layer of protection.
  2. Know the different types of insider threatsThere are different types of insider threats. Some are malicious, and some are simply due to negligence. Malicious threats may be identified by employee behavior, such as attempting to hoard data. In this case, additional security controls can be an effective solution.
  3. Do background checks before hiringBefore you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior.
  4. Educate your staffEducating your staff on best practices for network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior.
  5. Use monitoring solutionsThere are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack.
  6. Use proper termination practicesJust as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave.
  7. Go beyond the IT departmentThough your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats.
  8. Consider access controlsAccess controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data.
  9. Have checks and balances for all staff and systemsIt is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords.
  10. Analyze network logsYou should collect, store and regularly analyze all of your network logs, and make sure it’s known that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack.
  11. Back up your data Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. See him discussing identity theft prevention.Disclosures.

Pay attention to your IoT Device Security

Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…

6DSlow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

  • Was the company ever hacked? Google this to find out.
  • If so, did the company try to hide it from their customers?
  • Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
  • Does the product have excellent customer support?
  • Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
  • Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
  • Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
  • Does the product’s firmware also automatically update? If not, not good.
  • Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
  • Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
  • What data does the device collect, and why?
  • Can data on the device traverse to another device?
  • Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
  • Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
  • Ask the manufacturer how the device lets you know its batteries are low.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Protect Your Family Online With WOT

The web is a dangerous place. Malware, scams and privacy dangers are around every corner, and children can easily find themselves face to face with sites that are not suitable. What can a parent do? One option is to try WOT, Web of Trust, a free browser add-on.

WOT rates each site on the Internet for reliability, privacy, trustworthiness and child safety. When searching a website with WOT, you will see a colored icon, red for bad and green for good, which indicates if a user should proceed. You can also use the WOT rating for every site and read reviews from those who have been on the site.

wot1

WOT offers other features, too. For instance, when visiting a “red site” a large warning appears on the screen. This allows people to choose if they go through or surf away. Additionally, you can also click the WOT button in the browser, and you can see information about the rating of the site, too.

When performing an Internet search and you come across a link that looks fishy, WOT places a red icon next to it. You may also see a yellow icon, which indicates the site may or may not be safe, and gray icons indicate the site is unrated. Hovering over each icon will give you more details about the website, as well as ratings and reviews from users.

WOT2

The latest version of WOT has four levels of safety included. Lite, the lowest level, only shows icons for dangerous websites. The highest level, Parental Control, not only blocks dangerous websites, it also blocks any sites that are not suitable for kids.

Web of Trust is available as a browser add-in for Firefox, Google Chrome, Opera, Internet Explorer and Safari.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. This is a review opportunity via BlogsRelease. Disclosures.

Keep Accountant happy and Thieves out

Are you a shredder? I hope so. No identity thief on this planet is going to want to attempt to reconstruct cross-shredded documents.

Computer crime conceptSo what, then, should you make a habit of shredding?

  • All financial documents and information, including financial information you’ve jotted on a Post-it note.
  • Credit card receipts unless you want to file these away for end-of-month calculations, but ultimately, you have your monthly statements so you will not have use for them anyways.
  • Old property tax statements (keep the most current one). But any other tax documents you should retain.
  • Voided checks.
  • Most things with your Social Security number on it that aren’t tax related.
  • Any other piece of paper that has your or a family member’s personal information on it, including envelopes with your address. Never assume “that’s not enough” for a skilled identity thief to use.
  • Ask your accountant what they think.

Now, what kind of shredder should you get for your home or office? There are all kinds of makes and models out there.

  • Do not buy a “strip” shredder that simply slices thin strips in one direction. Identity thieves will actually take the time to reconstruct these.
  • Buy a “cross-cut” shredder. The pieces are sliced and diced too small for an identity thief to want to struggle to tape back together.
  • We can go one step further, in case you are wondering if anyone would actually take the time to lay out all those cross-cut fragments and reassemble them: Buy a micro-cut device. The pieces, as the name suggests, are tiny.
  • Read the features for that micro-shredder, as some models are more heavy-duty than others.
  • You may not want to purchase a machine online; at least you will want to see the various makes and models in person first.
  • But if you can’t locate the type of shredder that you’d like from a brick-and-mortar retailer, then of course, there are plenty online to choose from.

So get yourself a shredder on your next shopping trip; you will be so glad you did.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Online Shopping and Counterfeit Goods – The Facts Don’t Lie

As the holiday season creeps upon us, research shows that an astonishing 24% people who are buying online have been duped by scammers. Whether you are buying shoes, electronics or the latest fashions and accessories, research companies are showing that you are at risk of being duped.

9DWhen you look at the overall shopping behavior of consumers, we see that about 34% do all of their shopping online, and during the holiday season, this number rises to 39% of all consumers. That is a lot of people for counterfeiters to focus on.

Mark Frost, the CEO of MarkMonitor, explains that it is crucial for customers to stay aware of the possibility of buying counterfeit goods, especially during the holidays. Most of us are looking for a bargain, and this is exactly why we tend to jump on these deals. On top of this, counterfeiters have gotten very good at making these fake goods look almost identical to the real deal, and it is near impossible, in some cases, for the untrained eye to tell them apart. Here are some more facts:

People are Exposed to Online Counterfeit Goods All of the Time

With so many counterfeit goods out there, you have likely been exposed to them, or even made a purchase. Younger people are more at risk of buying these goods, and when looking at those in the 18-34 year old range, almost 40% had purchased counterfeit goods in the past.

In addition to these goods, about 56% of people have received counterfeit emails, or those that seem as if they are coming from a certain company, such as Nike, but in reality, all of the items are fake. Fortunately, only about one in 20 consumers are likely to click on these links, but that means that about 5% of consumers are directed to these sites, too, and may get caught up in the bargains.

This is a Global Issue

Statistics also show that about 64% of global consumers are worried about online security. These same consumers report that they feel safer buying from local extensions, such as .de, .uk and .co.

Attitudes Towards Buying Counterfeit Goods

One of the most alarming facts that come up in these studies is that about 20% of consumers continue the purchase of their goods, even after finding themselves on a website with counterfeit goods.

As you continue your holiday shopping, make sure to keep these facts in mind and make sure to research any site you choose to buy from, even those that look like they may be legitimate.

Shoppers need to be cautious when searching online to spread their holiday cheer and MarkMonitor suggests checking this list twice to find out if websites are naughty or nice:

  1. Check the URL: In a practice known as “typosquatting” fraudulent sites will often be under a misspelled brandname.com, attempting to trick consumers into thinking they are on a reputable website.
  2. Check the Price: Counterfeiters have been getting very smart about pricing lately and not discounting their wares as heavily as before, but deep discounts – especially on unknown e-commerce sites – are a tip-off that consumers should do a lot more checking before buying.
  3. Check the “About” and the “FAQs” pages: Though some sites look professional at first glance, but are not always so careful about these pages. Check for spelling and grammatical errors.
  4. Check for reviews: Many fraudulent websites’ reputations proceed them. Search for what people are saying about the site and include the term ‘scam’ with the site name to see if they are known to be a risky site.  

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

8 Ways to Ensure Safe and Secure Online Shopping this Holiday Season

So, who’s on your holiday gift list this year? That list is a lot longer than you think; consider all the names of hackers that have not yet appeared on it. Scammers will do whatever it takes to get on your holiday gift list! Here’s how to keep these cyber thieves out of your pocket:

  • Before purchasing from a small online merchant, see what the Better Business Bureau says and also search Google for reviews.
  • If you see an unexpected e-mail allegedly from a retailer you shop at, don’t open it. Scammers send out millions of trick e-mails that appear to be from major retailers. They hope to trick gullible shoppers into clicking on them and revealing sensitive information. So many of these scam e-mails get sent out that it’s common for someone to receive one that appears to be from a store they very recently purchased from.
  • When shopping online at a coffee house or other public spot, sit with your back to a wall so that “visual hackers” don’t spy over your shoulder. Better yet, avoid using public Wi-Fi for online shopping.
  • Back up your data. When shopping online it’s highly probable you’ll stumble upon an infected website designed to inject malicious code on your device. Malware called “ransomware” will hold your data hostage. Backing up your data in the cloud to Carbonite protects you from having to pay the ransom.
  • Save all your financial, banking and other sensitive online transactions for when you’re at home to avoid unsecure public Wi-Fi networks.
  • Change all of your passwords to increase your protection should a retailer you shop at fall victim to a data breach. Every account of yours should have a different and very unique password.
  • Ditch the debit card; a thief could drain your bank account in seconds. Use only credit cards. Why? If a fraudster gets your number and you claim the unauthorized purchase within 60 days, you’ll get reimbursed.
  • Review your credit card statements monthly and carefully. Investigate even tiny unauthorized charges, since thieves often start out small to “test the waters.”

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.