Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Advisory Boards

Make Information Security a Priority

0
Pin It

Just about everyone has private information that should be protected. Let’s begin with something you’ve surely heard of: antivirus protection.

3DBut this isn’t enough to guard your personal data. A free antivirus service may not even update automatically, and this is very important to keep up with rapidly evolving technology. Your protection is worth the fee for Antivirus, a firewall, antiphishing software and antispyware.

When’s the last time you updated your browser? Hackers love old, outdated browsers. After you finish this article, update your browser and set your computer to automatically download any future update.

The same goes with your operating system. Update!

Don’t miss out on encryption, which scrambles data so that prying eyes can’t make sense of it. Your computer might already have the feature of encrypting folders, files or the whole disk. If not, you can get a third-party encryption program for free.

If your computer were to crash right this instant, how much data would you lose? You shouldn’t lose much if every day you back your data up on an external drive. Another option is a cloud-based storage system, which is encrypted. The fee for that may be $100 annually or less.

We all know that 123qwe is such an easy password to remember, especially if it’s for all gazillion of your accounts. You know whom else finds this very convenient? Hackers!

If it’s easy for you, it’s easy for them! Every account should have a unique password, and if this is too dizzying, then use a password manager. And choose long passwords that include various characters and exclude words that can be found in a dictionary or successive numbers/letters on a keyboard.

That wireless connection of yours is great—for your neighbor if he decides to get a free ride, or even hack into your data. A WPA2 encryption built into the router will protect you. With public WiFi, use a virtual private network like Hotspot Shield.

Your smartphone also needs protection with all the tools mentioned above, and that includes a VPN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Filed Under: information security

Healthcare Providers: Customer Security is Good Marketing

0
Pin It

Consumers are on red alert about sharing personal data with businesses, thanks to the widespread publicity of major data breaches. As a result, many consumers feel trapped when they know they must reveal personal information just to get basic quotes for healthcare services.

2PTo get a quote, the potential customer must fork over a Social Security number and birthdate—enough information for a thief to use to commit fraud and identity theft.

Consumers feel as if there’s no escape: Data can be stolen at any point: over the landline phone or smartphone, on “trusted” websites, in servers … thieves are just waiting to pounce. So even though a potential (or current) customer has faith in an organization, the customer may be afraid of the pathways they must use to interact with the organization.

Stolen healthcare information is a goldmine for cyber criminals. It’s big business. This means that protecting it is big business.

A way for healthcare organizations to set themselves apart from their competition is to put a big premium on caring about the customer’s data security. You can’t be nonchalant. You must create a striking impression of sincere concern.

Consumers need a lot more than just hearing how well you’ll reduce employee negligence, enforce HIPAA compliance and create methods of foiling cyber attacks.

Of course, consumers need assurance you’re doing the aforementioned tasks, but consumers also want to know what the healthcare organization will do in the event of a breach.

AllClear ID outlines the key strategies that will make a big impression on current and potential enrollees in a healthcare plan:

  1. The most state-of-the-art IT practices must be brought on board so that all facets are secured, such as cloud services, computers and smartphones.
  2. All levels of personnel must receive training to minimize errors and be able to comfortably discuss data security with customers
  3. A stronger security system must be set in place for the business’s computers and the employees’ personal devices.
  4. Adherence to HIPAA policies must be improved.
  5. Potential customers must be made aware that the company offers an identity protection plan—as this will ease apprehension in the potential consumer.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Filed Under: health records data

Facebook Security for Parents and Teens

0
Pin It

Facebook offers a hefty amount of security measures that parents and teens should know.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813The Login

  • Social authentication. A hacker will have a harder time hacking into your Facebook account if he or she must identify your friends via photos. This verification process is social authentication, and it’s easier to use than having to remember another password.
  • ID verification. A new user must create a security question with an answer. An extra layer of security is achieved when the user adds their smartphone number so they can receive a text message with a code.
  • One-time password. You can get a one-time password; just send a text to 22605.
  • Login approval. Suppose someone logs into your account with an unfamiliar device. A code will be sent to your mobile. The user will need to verify the login next time they try to log in.
  • Session classifier. Every login is verified using details like your device and location.

Online

  • Application classifier. This checks out application activity to see if it’s suspicious.
  • User action classifier. This detects when a user’s behavior is suspicious.
  • Link scanner. Every day, Facebook scans over a trillion links. Every link is compared against not only Facebook’s, but also other Internet security companies’ databases of known malicious or spammy links.
  • Photo DNA. About 300 million photos are uploaded every day to Facebook, and Facebook compares these to its blacklist database of images from international, federal and state law enforcement agencies.

The Logout

  • Hacking suspicion. If you suspect something fishy, you can manually shut Facebook down and reset your password.
  • Login alert. You can approve the device you use to log in, though you can get a security notification if you log in from an unapproved device.
  • Guardian angel. If you can’t gain access to your account, your friends can receive a code. Then pre-select these individuals from the account settings page.
  • Roadblock. Your profile will be locked by Facebook and scanned with security software, should your account be infiltrated with malware. A cleaned-up account will be certified by Facebook.
  • Remote logout is available.

Considerations for Teens

The age setting. Many kids lie about their age on social media. Have your child sign into Facebook and go to the profile “About” page to make sure their birthdate is correct.

Liking ads. Warn you kids about what can happen if they “like” an ad. Liking an ad will likely result in receiving updates from the ad page, and the user’s name could become associated with future renditions of the ad. Is this what your teen wants? Ask your teen how important it is for them to “like” an ad just because the ad has this feature.

Unliking. Once you “like” something, doesn’t mean you can’t unlike it. To find out what your teen has liked, visit the profile page and click “More,” “Likes,” then “Other Likes.” Hover at the upper-right corner; a pop-up box will result with a choice to unlike. Learn of your teen’s apps by going to Facebook’s main page to click on “Apps,” located on the news feed’s left side. Here you can disconnect applications.

Flag ads. Think an ad is inappropriate? Flag it by clicking the small “X” or down-arrow located at the top right of the unappealing ad. Click “I don’t want to see this,” then “It’s offensive or inappropriate,” and then click the reason.

Free games may mean free unwanted software. Warn your teens that downloading a free game can also download a lot of undesirable clutter.

Although Facebook now uses SSL encryption with login and user sessions, it’s still a good idea to use an additional layer of protection on wireless sessions. Hotspot Shield encrypts your entire web surfing on any site, no matter its security settings.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Filed Under: facebook

Malware Can Hide in the Most Obvious Places

0
Pin It

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

6DMuch has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.

It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few.

If just one of these systems can be busted into, the hacker can crack ‘em all. The extent of these leaky third parties is difficult to pinpoint, namely because of the confidential nature of the breach resolution process.

A New York Times online report points out that one security expert says that third party leaks may account for 70 percent of data breaches, and from the least suspected vendors, at that.

When the corporation’s software remotely connects to all those other things like the A/C, vending machines, etc., this is practically an invitation to hackers. Hackers love this “watering hole” type crime , especially when corporations use older systems like Windows XP.

Plus, many of the additional technological systems (such as video conference equipment) often come with switched-off security settings. Once a hacker gets in, they own the castle.

The New York Times online report adds that nobody thinks to look in these places. Who’d ever think a thermostat could be a portal to cyber crime?

Security researchers were even able to breach circuit breakers of the heating and cooling supplier for a sports arena—for the Sochi Olympics.

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Filed Under: malware

How Law Enforcement Detects Breaches Before Victims

0
Pin It

Law enforcement agencies detect data breaches before businesses do because the former seeks evidence of the cyber crime, reports a networkworld.com article.

1GUnlike law enforcement agencies, businesses don’t go undercover in hacker forums. Nor do they get court permission to bust into enclaves of cyber thieves. Businesses don’t have moles. It continues: Law enforcement agencies interview imprisoned cyber crooks. The FBI does a lot of undercover work.

Law enforcement may then approach a company and say, “You’re being victimized; we have the evidence.” But often, the company may be skeptical of such a claim. Admittance means facing government response and upset customers

The law is always buffing up on its skills at fighting cybercrime to keep up with its evolution, such as a drastic decrease in solitary criminals and an increase in complex crime rings. These rings have all sorts of technical tricks up their sleeves, including hosting their own servers and changing up their communication methods to vex law enforcement. It doesn’t help that some foreign countries don’t place an emphasis on fighting cybercrime.

The evidence that the law presents to the business when that time comes is rock solid, though again, the company may lack aggression in its immediate response. The company’s legal counsel is commonly the first person to get the forensics report. Upper management usually gets involved before the IT department does. This is all part of keeping legal control over potentially harmful situation.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Filed Under: cyber crime

Medical Identity Theft Can be Deadly

0
Pin It

If you feel like you are starting to get the flu, going to the doctor’s office can get you some medicine and get you on the road to recovery. But, there’s no pill or surgery that can protect you from medical identity theft—which can kill you. Literally. The thief who steals your identity doesn’t mean to kill you; he just wants to obtain free medical care on your dime.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813If a thief has access to your personal information, he can pose as you and see doctors and have procedures done—for free or for a nominal copay. The crook uses fake IDs and phony insurance cards to pull off this scam.

The problem really starts kicking in when the imposter’s medical situation gets tacked onto your medical record—since they are posing as you. This can result in a number of harmful outcomes for you. Not only can it potentially cause misdiagnoses, you could be issued a prescription to a drug that you have a fatal reaction to.

Just think about it for a moment: Someone else’s medical condition getting integrated with yours. This can cause a lot of problems. You could be denied medical coverage or lose your current coverage because of false information in your medical records. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) protects your right of access to your medical records. If someone else is pretending to be you and accessing your records, you might not be able to access your own records. That’s a scary thought.

But even you are lucky enough not to suffer any negative consequences to your health as a result of the medical identity theft, cleaning up the mess can be enough to give anyone a heart attack.

So how can you prevent becoming a victim of medical identity theft?

  • Protect your mail: Install a locking mailbox so no one can access your mail.
  • Keep medical documents secure: Keep all of your hard copy medical documents in a file that locks. If it’s in cyberspace, make sure the files are encrypted and not in folder on your desktop that says “Medical.”
  • Shred all medical documents: Make sure to properly dispose of your medical documents so you don’t become a victim to dumpster-diving thieves. This includes digital files as well.McAfee LiveSafe (put tm in here and links this) service comes with a digital shredder that uses higher than government standard file shredding—don’t rely on simply putting something in the “trash bin” on your computer and then emptying it.
  • Leave medical cards at home: Only take them when you are visiting the doctor. If you’re worried you might need them in the event you have an accident and need immediate medical treatment, memorize your health ID number. If you’re unconscious upon arriving at an ER, you’ll get treated anyways—it’s the law. Simply provide your medical card after the fact. Don’t carry identity cards either: Identification cards or Social Security number cards should also be left at home in a safe place. Since many medical systems use these numbers as your identifier on the policy, you don’t want them falling into the wrong hands. And with access to these cards, a thief could easily create the fake credentials needed to commit medical identity theft.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Filed Under: Identity Theft

Most Toxic Superhero 2014

0
Pin It

It’s a bird! It’s a plane! It’s Superman! Yes, this superhero might be the epitome of courage, justice, and strength, but he might also be the biggest threat to you online.

We’ve entered a new age of superheroes. No longer are they just pictures in a comic book. They are now accessible on computers, game console devices, and mobile devices. Superheroes like Captain America, Thor, and Spiderman star on the silver screen. The Green Arrow and The Flash have their own television shows. Videos like Batkid and the Spiderman dad went viral on YouTube (and consequently, melted our hearts).

This is great news to comic publishers like Marvel and DC Comics. Unfortunately, it’s also good news to hackers and scammers too. Cybercriminals know that search engines (like Google, Yahoo! and Bing) can also be used for criminal means. Therefore, they use popular search terms to draw victims in like celebrity gossip, holidays, viral hits, and…you guessed it…superheroes.

McAfee just released a study on the Most Toxic Superheroes that analyzed what superhero search led to the most risky websites using McAfee® SiteAdvisor® site ratings. And the Man of Steel topped the list. The study determined that searching “Superman,” “Superman and free torrent download,” “Superman and watch,” “Superman and free app,” and “Superman and online,” yields a 16.5% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

This year the Most Toxic Superheroes are:

superhero

Here are some things you can do to protect yourself:

  • Be suspicious: If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Double-check the web address: Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely: Use a web safety advisor, such as McAfee SiteAdvisor that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself: Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Want to know more? Join the discussion on Twitter using hashtag #toxicsuperhero.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Filed Under: scammers

Beware of Flight MH17 Facebook Scams

0
Pin It

How low can scammers go? The latest is phony Facebook profiles that use identities of deceased victims of Malaysia Airlines Flight MH17—claiming their credit cards were stolen from the crash debris.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813“Death hunters,” says Ukrainian MP Anton Gerashchenko on his Facebook page, are collecting jewels, cash and credit cards off of the victims. His post urges victims’ relatives to “freeze their credit cards, so that they won’t lose their assets to terrorists!”

The Dutch Banking Association assured next-of-kin that they’d be compensated for the fallout of credit card theft.

Journalist Phil Williams was at the crash site and pointed out that it was obvious that wallets and handbags had been stolen. Just about all the handbags had been opened, he reports. Looting is apparent, he says.

Mark Rutte, the Dutch Prime Minister, used the term “utterly disgusting” to describe how the rebels had treated the corpses.

But beyond the site is even more alarming activity: fake Facebook accounts. At least five phony FB accounts have been set up in the names of deceased Australians—including three kids. Facebook has since shut down the pages.

The pages provided a link to a video claiming to reveal footage of the airliner’s crash. However, users instead were directed to a website full of pop-up ads for fishy-looking services. The lure to this site was a malicious link tagline: “Video Camera Caught the moment plane MH17 Crashed over Ukraine. Watch here the video of Crash.”

You can imagine how many people—not necessarily next-of-kin, took the bait and made the click. Though these particular fraudulent pages were closed down, this doesn’t mean more won’t appear.

Is this common after a disaster?

It seems to be more common, as criminals are capitalizing on current events to perpetrate scams generally within a 24-48 hour period.

Tips for spotting these scams for consumers in general:

Thinking before you click, doing research and not being so impulsive will keep consumers from being baited by scammy links, titles and stories.

Tips for family members of the deceased:

They should cancel credit cards, create fraud alerts through their country’s credit bureaus, and once death certificates are obtained they need to submit them to the credit bureaus. Otherwise set up Google alerts with the decedents’’ names to monitor any chatter on social sites that may turn up their likeness in a stolen social media identity theft case.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Filed Under: Facebook scams

Real Estate Agent a Professional Burglar

0
Pin It

Does the profession of real estate sales turn someone into a burglar, or, does a burglar one day realize, “Hey, I can make off like a bandit if I sell homes!”?

3HRay Glen Greene, 49, was a real estate agent in Cobb County, Georgia, who’d use his agent keycode to get into houses and steal valuables. He was sentenced to 20 years.

His sob story was that he hadn’t sold any homes in a year and pawned stolen jewelry to support himself. He even apologized to the victims who showed up at his trial.

If that’s not entertaining enough, there’s the case where a real estate agent, 60-year-old Stephen Brumme, stole women’s clothes from a house for sale, prior to a showing, while the occupants were out of town. The crime was caught on video. Police believe that such crimes occur more often than people realize.

How can you prevent crimes like these?

  • Install a video surveillance system. Though fake cameras are effective deterrents to break-ins once they’re spotted by the would-be thief, should a brazen thief bust in anyways, a fake camera won’t catch anything. A real camera at least will catch the crime on tape, which you’ll need for evidence.
  • Security cameras can also set off sounds and lighting, plus also alert the homeowner with a text message or phone call.
  • Technology (such as Dropcam) is available that allows you to view just what’s happening inside and outside your house, and in real time.
  • The investment in a surveillance system will go beyond protection and evidence. It will add value to your home. Some insurance plans even give discounts if your home has a good security system.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Filed Under: burglary

Using Technology to Secure Your Home when Traveling

0
Pin It

Whom better than a burglar knows what a great way to find a victim is? Edith Cowan University in Australia interviewed 69 burglars. One of their favorite methods of finding a target is to search social media for vacation updates.

3BYou can extrapolate that it wouldn’t be a bright idea to reveal travel plans on your voicemail. Only close family and friends should know; this excludes casual neighbors. Here are more tips:

Don’t buy the biggest house on the block. The biggest, fanciest house on the block really gets a burglar’s attention. Skip it when home shopping.

Home security systems

The vast majority of burglars will not bother with a home that has an alarm. Put the alarm company’s stickers on your windows and their sign in your yard.

Home automation

Use services like Total Connect by Honeywell to control your home from wherever you are. Get video updates of any activity on your front door or cars. You can unlock and disarm your system all from your phone.

Hide valuables

Use a safe for pricey items. Put jewelry in a plastic bag from Walmart, then put it on your vanity. What thief will look inside, thinking it’s new hairspray or a pack of bobby pins?

Close your curtains

It’s a myth that closed curtains in broad daylight are an invitation to burglars. Thieves don’t just break into any home. They want to make sure their efforts are worth it. How can they know this if they can’t see into your house?

But if you want the curtains/shades open for light to come in or to expose a nice view, at least close them when it begins getting dusky. A burglar cases possible targets by looking inside, and it’s very easy for them to see through a bare window at night when your lights are on. Not only can they see what’s worth breaking in for, but they’ll be able to see if the residents can be easily overpowered.

Looks are everything

Accumulations of mail and newspapers will get a burglar’s attention. So will unmowed lawns and a perpetually barren driveway. Put a delivery stop on mail and newspapers, and ask neighbors to park their cars in your lot. Use automatic timers for indoors that set off lights and TVs. Mute the ringer volume on your phone.

Lock your front door!

A 2008 State Farm Insurance study revealed that under 50 percent of 1,000 respondents locked their front doors. It takes the average thief 60 seconds to break in, but only a few seconds for you to lock each portal to your home. Burglars don’t like hard work. Add extra security with a deadbolt.

The Bureau of Justice Statistics, interestingly, says that 40 percent of home burgles are not forced entries. Burglars are literally waltzing right into homes via an unlocked door or window. Lock up, even when you’re home, even during the day. Many burglaries occur during the day.

Keep the garage door closed

Even when you’re home. Install a device that will automatically close the garage door after a specific amount of time open. Prior to traveling, disable the door’s opener or lock the door if it rolls up.

Trash

Don’t leave the boxes that expensive items came in, visible on your curb for trash pickup. Disassemble as much as possible and conceal.

Don’t aid burglars

Keep plant growth away from entry points so that burglars can’t conceal themselves when they’re trying to break in. If you absolutely must have shrubbery near entry points due to aesthetic appeal, then choose thorny plants to repel a thief.

Know your neighbors

Not many burglars will get past a Mrs. Kravitz-type neighbor. A stranger will stand out to neighbors who know each other. Get a Neighborhood Watch program going.

Get a dog

A dog’s incessant barking will drive many burglars away.

Robert Siciliano is a personal security expert to SecurityOptions.com discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Filed Under: burglary home security
Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category