Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Desperate Teens Turning to Prostitution and Drug Dealing to Survive

0
Pin It

Teenagers across the country are falling into drug dealing, theft, and prostitution in order to eat. This, according to a recent study, which found that poverty has been increasing throughout the U.S.

10DResearchers at the Urban Institute in Washington, D.C. have taken a close look at the current Census data, and this group estimates that more than 6.8 million Americans between the ages of 10 and 17 struggle to eat, including almost three million who currently have “very low food security.”

During this study, 20 different focus groups of teens were studied in 10 separate communities across the country. In eight out of the 10 communities, the study participants claimed that pre-teens and teens often participated in theft and drug dealing to make ends meet. In all 10 communities, teens claimed that they participated in prostitution. Additionally, in a couple of communities, teens intentionally committed petty crimes and went to jail in order to get a meal.

The stigma that surrounds hunger and poverty often stops many teens from reaching out for help. It’s true that some rely on friends, family, neighbors, or teachers, but too many face criminal acts to survive.

In the communities with the highest rates of poverty, these teens are often desperate and not only steal food for themselves, but also for their family. Teens in all of the studied communities, and in 13 out of the 20 focus groups, mentioned that several teens are “selling their body” or having “sex for money.” Mostly girls, the teens who are doing this are feeling pressed to the extreme to get the basic resources for their basic needs.

Many instances of having sex for money came in the form of girls regularly seeing a man, generally one who was much older, in exchange for food and other items. This, in turn, has opened these teens up to forms of sexual exploitation, with both men and boys harassing girls in the neighborhood. This includes everything from catcalls to stalking. Other girls gave sexual favors for cash or even stripped to make money to get food, and these acts took place in locations including flea markets and abandoned homes.

Looking at a case in Chicago, an 11-year-old girl dropped out of school to make money for her family in the sex industry. A group of boys in LA confirmed that the same thing happens there, and even claim that girls in middle school are sharing flyers in public to advertise their offerings.

Having food insecurity has had a significant effect on these teens, as they are at an extremely important stage in their physical and mental development. For those who do not have enough to eat, it undermines their emotional and physical growth, academic achievement, job performance, and stamina. This gets even worse when you look at the quality of the food that is available to them.

All of these actions including sex work, shoplifting, and drug dealing, severely affect the future of these teens. They risk dropping out of school, arrest, bodily harm, incarceration, and criminal records that might inhibit their future opportunities for employment.

There are a few solutions that could address this crisis, including offering more food from federal programs and more job opportunities for these teens. Counseling and informing the teens could also have a positive impact.

In the long run, making an investment in ending poverty is the only solution. This means that expanding housing assistance, creating more jobs, improving the access to existing jobs, and offering more cash assistance is necessary. To do this, however, will require some daring steps to make a big difference.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: drugs

Fake News is Becoming Too Real

0
Pin It

Fake news is a problem that is taking the internet by storm, and it ran rampant during the 2016 Presidential Election. In fact, many believe that fake news stories had a strong impact on the outcome of the election. In a survey following the election by the Pew Research Center, a whopping 64 percent of polled Americans said that fake news has given them a “great deal of confusion” about current events.

12DAll of us have been fooled by fake news, and it doesn’t seem to be going anywhere, anytime soon. But, there are some lessons that we can learn from it: Here are five of those lessons:

Fear and the Unknown are Perfect for Fake News

One of the lessons that we can learn from fake news is that any event that causes fear or the unknown is the perfect breeding ground for fake stories. We live in a world where competition for attention is rampant, and headlines are written to make you click. Remember, anyone can write up a fake news story and make it look legitimate, and in many cases, these stories are based on fact. For instance, you might recall the stories of creepy clowns walking through neighborhoods earlier this year, which was actually real news. However, you might also recall that these clowns were going on murdering sprees. This is fake…it never happened, but because these stories appear on legitimate looking sites, people believe it.

Some Stories Fool Us All…

Another lesson to learn about fake news is that some stories are so good or so believable, that they fool us all. You might remember a meme that was shared stating that Donald Trump said that Republicans are the “dumbest group of voters in the country.” Due to the fact that Donald Trump doesn’t exactly keep his views silent and has made a habit of insulting people, most people took this for truth. It wasn’t. He never said it, but many believed it.

Most Fake Stories are Obviously Fake When You Actually Read Them

Most of us are tricked by fake news stories because we never actually read past the headlines. Writers of these stories make sure that these headlines are eye-catching and believable, in addition to viral. When we read a headline of a fake story, we often get the wrong impression of what the story is about. This is on purpose. If you actually click these stories and read them, you will often find that they have a lot of incorrect facts and are poorly written.

No One is Immune From Fake News

You will also find that no one is immune from fake news, and sometimes this news crosses over into the real world. Take the Pokemon Go phenomenon of this summer. There was a fake new story of a man who was stabbed while playing Pokemon Go in a bad neighborhood. However, a few days later, a man really WAS stabbed while playing the game.

There were also fake news stories that Hilary Clinton was given debate questions in advance. It was untrue. However, a few weeks later this actually happened.

Politics is a Huge Factor in Fake News

There is no question that politics are emotional, and this is not just the case in the U.S. It is also similar in Europe. Thus, the emotions of politics helps to make fake news extremely believable.

Many people simply do not trust the mainstream media, so they seek out other news sources. However, these news sources are extremely biased, highly believable, and generally fake.

You have probably noticed that many of these news stories over the past several months have focused on accusing the two Presidential candidates of crimes. There were also many stories about violence between supporters of the opposing parties. The vast majority of these stories were fake, and if you believed them, sorry to say, you were duped.

In our current climate of fear, anger, and hate, the facts are being clouded by emotions, and this is why we are so ready to believe the stories that fall in line with our beliefs. Facebook is not a trustworthy news site. Do your own research, go to trusted sites written by those who are fully researched. You will quickly see that fake stories become transparent once you have the facts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: fake ids

Top 3 Social Engineering Scams

0
Pin It

Think about hackers breaking into accounts. If you think they need top-notch computer skills, you would be wrong. These days, instead of requiring skills behind a keyboard, hackers generally rely on strategy…specifically a strategy called social engineering. This means that hackers don’t have to be technical, but they DO have to be clever and crafty because they are essentially taking advantage of people and “tricking” them into giving information.

2DThere are four main ways that hackers use social engineering:

  • Phishing – where hackers use email tricks to get account information
  • Vishing – similar to phishing, but through voice over the phone
  • Impersonation – the act of getting information in person
  • Smishing – getting account info through text messages

Phishing accounts for 77 percent of all social engineering incidents, according to Social Engineer, but in vishing attacks, alone, businesses lose, on average, $43,000 per account.

Here are the top scams that all consumers and businesses should know about as we move into 2017:

Scam Using the IRS

Starting from the holiday season stretching through the end of tax season, there are scams involving the IRS. One such scam uses caller ID to change the true number of the caller and replaces it with a number from Washington, D.C., making it look like the number is from the IRS. Usually, the hacker already knows a lot about the victim, as they got information illegally, so it really sounds legit.

In this scam, the hacker tells the victim that they owe a couple of thousands of dollars to the IRS. If the victim falls for it, the hacker explains that due to the tardiness, it must be paid via a money transfer, which is non-traceable and nonrefundable.

BEC or Business Email Compromise Scam

In the business email compromise, or BEC scam, a hacker’s goal is to get into a business email account and get access to any financial data that is stored within. This might be login information, back statements, or verifications of payments or wire transfers.

Sometimes a hacker will access the email by using an email file that contains malware. If an employee opens the file, the malware will infect the computer and the hacker has an open door to come right in.

Another way that hackers use the BEC scan is to access the email of a CEO. In this case, they will impersonate the CEO and tell the financial powers that be that he or she requires a wire transfer to a bank account. This account, of course, belongs to the hacker not the business. When most people get an email from their boss asking them to do something, they do it.

Ransomware

Finally, hackers are also commonly using ransomware to hack their victims. In this case, the hackers are working towards convincing targets to install dangerous software onto their computer. Then, the computer locks out the data and the victim cannot access it…until he or she pays a ransom.

At this point, they are informed that they can get access back when they pay a ransom. This might range from a couple of hundred to several thousands. Usually, the hackers demand payment by bank transfer, credit card, bitcoin, PayPal, or money transfer services. Victims are usually encouraged to go to a certain website or call a certain number Unfortunately, too often, once the victim pays the ransom, the hacker never opens up the system. So now, the hacker has access to the victim’s computer and their credit card or financial information.

The way social engineering works in this scam is varied:

One way is this…imagine you are browsing the internet, and then you get a popup warning that looks quite official, such as from the FBI. It might say something like “Our programs have found child pornography on your computer. You are immediately being reported to the FBI unless you pay a fine.” When you click the popup to pay, the program actually downloads a program called spyware to your computer that will allow the hacker to access your system.

Another way that social engineering works with ransomware is through voice. In this case, you might get a phone call from someone saying they are from Microsoft and the representative tells you that they have scanned your computer and have found files that are malicious. Fortunately, they can remotely access the machine and fix the problem, but you have to install a program to allow this. When you install it, you give them access to everything, including personal and financial information, and they can do what they want with it.

Finally, you might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: hackers internet safety online scams Phishing social engineering

Small Business a favorite Attack Vector

0
Pin It

Small businesses are hardly immune to attacks by hackers.

  • The illusion of low attack risks comes from the publicity that only huge corporations get when they are breached, like Target, Sony and Anthem. These are giants, so of course it makes headline news.
  • But when a “ma and pa” business gets attacked, it’s not newsworthy.

11DIf you own a small business, ask yourself just how the mega-giant Target got infiltrated by cybercriminals in the first place. Answer: a ma and pa HVAC vendor of Target’s!

Cybercriminals thrive on the myth that only big companies get attacked. They know that many small outfits have their guards down; have only rudimentary security measures in place. Never assume you know everything that a hacker wants—or doesn’t want.

Think of it this way: Which burglar is more likely to make off like a bandit? One who attempts to infiltrate a palace that has a 10-foot-high stone wall, surrounding a moat that surrounds the palace, with motion sensors everywhere that set off piercing alarms; an army of Dobermans; and a high tower where guards are keeping a lookout?

Or the burglar who tries to break into a small townhome with only a deadbolt and window screens for security? Sure, the palace has millions of dollars worth of wall art alone, but what chances does the burglar have of getting his hands on it? The little townhome just might have some electronics and jewelry he can sell underground.

No business is too small or its niche too narrow to get a hacker’s attention; just like any burglar will notice an open ground floor window in that little townhome at 3 a.m.

  • Never use lack of funds as an excuse to cut corners on security.
  • Share security information with competitors in your niche.
  • Consider the possibility that a cyber attack can be an inside job in your little company—something relatively easy to pull off (e.g., every employee probably knows the direct e-mail to the company owner).
  • Get cyber attack insurance. A halfway-sized cyber attack could cripple any small company and have tangential fallout.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: cyber crime cybersecurity

Stop being a Social Media Idiot

0
Pin It

Leave personal details off your Facebook page.

14DDoes the whole world—or even your private circle, many of whom you haven’t seen in person for years, or even at all—have to know you’re laid up from hernia surgery (i.e., vulnerable, defenseless)?

Try this experiment for a week: Assume that the only visitors to your Facebook are 1) future possible employers, 2) master gossip spreaders and reputation bashers, and 3) your future in-laws (if you’re not married). This should really change the game plan of how you post.

Never send naked photos of yourself.

Not even to your significant other. After all, in many cases of leaked nude images…the significant other is the leaker! If your lovey-dove wants to see you in your birthday suit, then present yourself that way in person—after you know for sure all the cameras in the room are turned off.

Enough with the selfies.

It’s gotten to a point where all selfies look alike: Some doofus holding up the phone and staring INTO the phone. Whatever happened to the nice images of yesteryear, where someone, posing nicely, was facing the viewer? Selfies are fine if you’re showing off your abs when the selfie next to it of 90 days ago shows the Pillsbury Dough Boy, but please, nobody is special enough to justify endless selfies, including those for which you corralled a bunch of people to take part in it.

Instagram is not for food images.

Don’t waste your time. Think “borrrrrring!” Who really wants to see your beet salad? If you want to promote your recipe skills, start a website.

“Like” only recent posts.

Nobody pays attention to likes on old posts.

Cross out cross-posting.

Post an item on your Snapchat story, then put it in a private message…NOT.

No ODRs, no oversnapping.

Avoid opening but not replying on Snapchat. Avoid double-snapping someone.

Say no to screengrabbing.

Read that again. Don’t grab a Snapchat unless you want the sender to know who did it.

For parents…

Be mindful of commenting on your teenagers’ pages. Be sincere if you must, like a congratulations for qualifying for the state wrestling finals.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: social media privacy

Oh No, iOS Hacked by NSO

0
Pin It

Recently, says a report at wired.com, it’s been unveiled that the obscure Israel-based NSO Group has been selling spyware delivered to smartphones through vulnerabilities in Apple’s iOS operating system.

5W“Pegasus” spyware can put a surveillance out on nearly everything including keystrokes, e-mails, video feeds and phone calls. Apple says that the three vulnerabilities with this spyware (“Trident”) have been patched.

In short, NSO Group’s spyware has been reverse engineered for the first time—achieved by the security research firm Lookout, which discovered Pegasus. Also getting credit for the discovery is Citizen Lab.

  • Ahmed Mansoor, a well-known human rights activist with a history of being targeted by surveillance spyware, sent the security firms the suspicious SMS text messages he had received.
  • Mansoor’s mobile device was running iOS’s latest version when two phishing texts came in with links. He had refused to click them.
  • Instead he sent screenshots to Citizen Lab. The links led to a blank Safari browser page. The analysis then began.
  • The spyware was intended to jailbreak the phone.

Jailbreaking an iPhone means the user can bypass Apple’s plan and customize the experience. However, in the Pegasus case, remote hackers wanted this control.

Citizen Lab and Lookout took their analysis to Apple, who made the patches within 10 days. The recommendation is to regularly download the latest iOS versions to help protect the device from attacks. The latest iOS version will stop Pegasus. However, it’s possible for NSO to infiltrate other phone operating systems like Android with the spyware, says Citizen Lab and Lookout.

NSO Group has no website, and supposedly, earns $75 million a year, with governments as the typical clients, and may have up to 500 employees. It won’t be any surprise if a new and similar threat follows soon, as the NSO Group is quite advanced, with a solid software development organization.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: hackers online security spyware

How to erase Yourself from your Job

0
Pin It

You shouldn’t leave any digital trace of yourself after you leave a job. Hopefully, you’ll be leaving voluntarily and thus have the time to first make backups before you delete anything. This may seem easy, but you need to take inventory to make sure you get EVERYTHING.

3DNote: make sure that every suggestion below is allowed via a company’s internal policies.

An article at wired.com gives these recommendations:

  • Use a flash drive for smaller amounts of data.
  • An alternative is a personal account with Dropbox or Google Drive.
  • For more data use an external hard drive.
  • Don’t include company information in your backups.
  • Forward e-mails you want to save to your personal e-mail.
  • Delete all e-mail files, then close down your e-mail account.
  • Check USB slots.

Your Computer

  • Clear out your personal data if you don’t have authority to wipe the device.
  • Delete all your passwords, usernames, etc., that are stored in the computer.
  • Browsers like Chrome and Firefox will save passwords and tie them to Google ID or Firefox Sync. Don’t just close out of the browser; log out so that nobody sees your passwords. Do what you can to make the browser forget your passwords.
  • In Chrome is “Manage Saved Passwords” in the settings. Use this to delete passwords from any Google account you’ve used. Warning: Hopefully you don’t use the same password and username for workplace Chrome as you do for home, but if you do, deleting this information at workplace Chrome will also clip them at your home computer.
  • In Safari, go to “Preferences,” then “Passwords” and delete.
  • For Microsoft Edge, click the three dots in the upper right; go to “Settings” and then “View Advanced Settings.” Click “Manage Saved Passwords” and delete.
  • If you’re allowed to, wipe the computer.
  • The wired.com article recommends KillDisk and DP Wipe.

Your Phone

  • Wipe your mobile device that’s provided by the company, assuming you have permission.
  • If you don’t have permission, ask the IT team to do this. Just make sure you’re logged out of all applications.
  • Shut your company voicemail down—after you delete remaining messages.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: online safety online security

10 ways to beef up Digital Security

0
Pin It

#1. Keep everything up to date. You know those annoying popups telling you updates are available? Do you ever click out of them? Don’t. Always update at the time these appear.

2D#2. Two-step verification. Two-step verification or authentication should be set up for all your accounts that offer it. A unique one-time code is sent to the user’s phone or via e-mail that must be entered in the login field.

#3. Unneeded browser extensions? Review your browser extensions. Uninstall the ones you don’t use. Too many extensions can slow down your computer.

#4. Encryption. Encryption software will scramble your e-mail and other correspondence so that prying eyes can’t read them, but you and your intended correspondent can. If you must use public Wi-Fi (like at a coffee house), install a virtual private network to encrypt transactions.

#5. Lock screen protection for your mobile device. Your smartphone has lock screen protection in the form of a password to prevent a non-authorized user from gaining access. If you leave your phone lying around or lose it, you’re protected if you have a password. Otherwise you are screwed.

In the same vein, your laptop should have protection from non-authorized users. Set up a password that allows access to using the device, including after hibernation periods.

#6. Check active logins. Some accounts allow you to check active logins to see if any unauthorized users have been in your accounts, such as Twitter, Facebook and Gmail.

#7. How easy can someone impersonate you? Could anyone phone your bank or medical carrier and give the correct information to bypass security, such as your “favorite pet’s name”? Who might know this information? Well, if it’s on your Facebook page, anyone who can view it. How much of your personal information is actually online?  Many accounts allow a “secondary password” Ask them.

#8. Simple but powerful layers of protection.

  • Don’t have login information written down on hardcopy.
  • Cover your webcam with tape (yes, cybercrooks have been known to spy on people this way).

#9. Sharing your personal life with the whole world. Set all of your social media accounts to the private settings you desire. Do you really want a potential employer to see you hurling at your late-night party? Make sure images that you post are not geo-tagged with your home address.

#10. Web tools. Check out the various toolbars that you can add to your browser to beef up security. Be selective and check ratings.

Robert Siciliano, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: digital security

Thieves steal 30 Cars using Software

0
Pin It

Who needs a hanger to steal a car when you can use a laptop? Despite today’s vehicles having far more sophisticated security protection, thieves can still break in—like the two crooks who stole at least 30 Dodge and Jeep vehicles…with just a laptop computer.

11DIn Houston, video showed the pair in the act, though authorities are still working on piecing together just how the capers were pulled off.

One possibility is that a database contains codes that link key fobs to cars. Perhaps the thieves, who may be part of a ring, somehow got access to this database (one theory is that a crooked employee sold them the access), and from there, created key fobs based on vehicle ID numbers. VINs are visible on vehicles. Vehicles that are targeted for theft don’t “know” an authentic fob from a fraudulent one.

Again, this is all conjecture, but one thing’s for sure: The pair did not steal the vehicles the old-fashioned way.

Though today’s electronic security measures will stop the thief who lacks techy know-how and prefers the coat hanger and hotwire method, technology won’t stop smarter, more ingenious crooks who feel quite at home committing cyber based crimes.

With more and more criminals relying on the Internet of Things to commit all sorts of crimes, maybe the best security for a motor vehicle would indeed be one of the old-fashioned security features: install a kill switch.

Robert Siciliano, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: online safety online security security

Security training: the Human Being is impossible to fix

0
Pin It

As long as humans sit at computer screens, there will always be infected computers. There’s just no end to people being duped into clicking links that download viruses.

12DA report at theregister.co.uk explains how subjects, unaware they were guinea pigs, fell for a phishing experiment.

  • Subjects were sent an FB message or e-mail from an unfamiliar sender, though 16 percent of the subjects who ultimately clicked reported they knew the sender.
  • The sender announced they had images from a New Year’s Eve party but not to share them.
  • 43.5% clicked the FB message link and one-quarter clicked the e-mail link.
  • Many of the subjects denied making these clicks, but most who admitted it named curiosity as the reason.
  • 5% claimed they thought their browser would protect them from an attack.

Obviously, there will always be that percentage of the human population who will allow curiosity to preside over common sense and logic. The idea of simply never, never, ever clicking a link inside an e-mail is an impossible feat for them—perhaps more difficult than quitting smoking or losing 50 pounds.

This is the battle that businesses have with their employees, which is how businesses get hacked into and massive data breaches result.

However, says the report, rigid training of employees may backfire because valid e-mails may be ignored—though it seems that there has to be a way for companies to get around this—perhaps a phone call to the sender for verification if the company is small. For large businesses, maybe executives could just resort to the old-fashioned method of reaching out to employees; how was this done before the World Wide Web was invented?

Digital signing of e-mails has been suggested, but this, too, has a loophole: some employees misinterpreting the signatures.

Nevertheless, security training is not all for nothing; ongoing training with staged phishing e-mails has been proven, through research, to make a big difference. Unfortunately, there will always exist those people who just can’t say “No” to something as mundane as images from a New Year’s Eve party from a sender they’ve never even heard of.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Data Breaches data theft
Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category