- The e-mail (or phone call) says you owe money; if you don’t pay it immediately, you’ll be put in jail or fined.The scammer may know the last four digits of the victim’s Social Security number.
- Caller ID will be spoofed to look like the call is from the IRS.
- The e-mail will include an IRS logo and other nuances to make it look official.
- The scammer may also have an accomplice call the victim pretending to be a police officer.
- The victim is scared into sending the “owed” money—which goes to the thief. Or, the thief gets the victim to reveal credit card information.
- Another version is that the IRS owes the victim. The victim is tricked into revealing bank account information to receive the refund.
- Know that the IRS will never contact you via e-mail or phone; will never threaten jail time, a fine or other threats like a driver’s license revocation.
- If you owe, the IRS will send you snail mail, certified.
- The IRS will never threaten to have you arrested.
- If the subject line of an e-mail appears to be from the IRS, delete it.
- If a phone call appears to be from the IRS, hang up.
- Scammers scan obituaries for prey.
- They then contact someone related to the deceased and claim something against the estate or that they’ll reveal a family secret scandal unless they’re paid.
- If one of these scams comes your way, request written documentation of the claim.
- Tell the sender you’ll send this documentation to the executor.
- If you’re blackmailed, contact a lawyer.
- Never arrange to meet the sender.
- This may come as a phone call: A person claiming to be a Microsoft rep informs you that your computer has been hacked and he’ll fix it—or you’ll lose everything.
- He wants to convince you to let him have remote control or “sharing” of your computer…and from there he’ll try to get your credit card number…
- Someone halfway around the world has chosen YOU to handle a large amount of money, and you’ll be paid richly for this.
- The sender often has a foreign sounding name, but even common names are used.
- Often, there’s some smaltzy message in the e-mail subject line like “God bless you” or “Need your help.”
- Delete e-mails with any subject lines relating to investments, inheritances, mentions of money, princes, barristers or other nonsense.
- If you feel compelled to open one, don’t be surprised if there are typos or that it’s poorly written. Do NOT click any links!
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: IRS scammers scams
The days of using a computer to access your bank account, using a password, may be coming to an end, to be replaced entirely (as some experts believe) with a fingerprint or face scan using a smartphone.
The smartphone employment of such biometrics will drastically reduce hacking incidents, but will be problematic for those who do not own a mobile device. Major banks are already offering the fingerprint scan as a login option.
Other biometrics currently in use by banks are the eye scan, facial recognition and voice recognition. Banks are sold on the premise that biometrics offer significantly more protection of customers’ accounts than does the traditional means of accessing accounts, what with all the hundreds of millions of data pieces (e.g., SSNs, e-mail addresses) that have been leaked thanks to hackers.
Though biometric data can be stolen, pulling this off would be much more difficult than obtaining a password and username. For instance, only a specific mobile device may work with the owner’s biometrics; a crook would have to have possession of the phone in order to hack into the owner’s bank account.
Nevertheless, biometrics aren’t foolproof even for the rightful owner, in that, for instance, poor lighting could skewer facial recognition.
Unlike the once-venerable password, banks do not keep customers’ biometrics in storage; your fingerprint is not in some secret cache of your bank. Instead, banks store templates in the form of numerical sequences that are based on the customer’s biometrics.
Can hackers obtain these templates? It’s possible, but with additional security layers, banks say that it would be very difficult, nothing compared to the ease of getting someone’s traditional login data.
For instance, an extra security layer might be that the biometric of eye recognition requires a blink—something that a thief can’t do when using a photo of the accountholder’s eye for the scanning recognition process.
Doubling up on login requirements—biometric plus password—is an even stronger defense against hackers. And banks are doing this with the fingerprint biometric.
In a world where it seems that the hackers are getting closer to taking over, the time for biometrics as being a part of the login process has arrived—and not too soon.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: biometric passwords
Malevolent advertising is called malvertising. The “ad” is placed on a website by cybercriminals who want control of your computer for financial gain.
And the real scary thing about malvertising is that these trick-ads have appeared on trusted, popular websites like the Weather Network, BBC, NFL and the New York Times.
Oh, and it gets worse: The malicious ad can be hidden, unseen by the site visitor, thanks to a special html code that allows the bad ad to be inside legitimate content. This trick-code is usually hidden in what are called iframes—without affecting the rest of the site appearance.
The type of cybercriminal who succeeds at this needs to be patient and clever.
- Legitimate advertisers place their ads with ad networks, bidding for ad placement.
- Ad networks, which handle the bidding, serve the ads to websites.
- Crooks may place legitimate ads with these networks to gain a good reputation, or, crooks run networks.
- After building trust with placement of legit ads, the crooks graduate to ad placement on high traffic sites, and then they put in their malicious code in the iframes: malvertisements.
- When you’re on one of these infected pages, the ad will release malware to your computer that can do a whole host of damage.
What to do?
- Keep all your software and systems up to date.
- Install an ad blocker, but be judicious, because ad blockers can disrupt the presentation of some sites, e.g., blocking some content, not just the ads. You may not mind this inconvenience, but also realize that an ad blocker will not block every malvertisement, either.
- Install antivirus software or an anti-exploit kit that will snuff out exploit kits, a favorite tool of the malvertiser.
- Exploit kits prowl your computer for vulnerabilities, and the right software will detect and neutralize them.
- Uninstall browser plugins you have no use for, especially if they’re the vulnerable Adobe Flash and Java.
- Set the remaining plugins to click to play, which will give you the option to run a plugin when a site you’re visiting wants to load one.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: cyber crime
You’d think with all the media attention regarding data breaches, hackers and identity theft, that consumers would be more focused on their privacy and how to protect their information from prying eyes. Surprisingly, almost 70% of the people are clueless about how a criminal might have got a hold of their personal information.
We all have a lot going on in our lives, and this is exactly how identity thieves like us. Ever lurking, these criminals are counting on us being too busy to give any thought to who we are sharing our information to. These people are always there, and just waiting for us to make mistakes.
The startling truth is that most victims of an identity theft crime, about 68 percent, don’t know how their information was obtained, and 92 percent of victims have no idea who stole their information. A further 45 percent of identity theft victims don’t realize they are a victim until they hear from their financial institution. There are more than 16 million victims of identity theft each year.
IdentityForce created a very informative info-graphic (nice job IdentityForce!) that shows the public are essentially sitting ducks, just waiting to be picked off by identity thieves.
What did you do to expose your information? Consider the following:
- Got married
- Gave too much info away on social media
- Responded to a fraudulent text, message, or email
Additionally, major life events put you at greater risk of becoming a victim, such as having a baby or getting a new job.
When most of us consider identity theft, we usually think immediately of credit card fraud, but there is much more to it than that. Though credit card fraud is a common type of identity theft, these thieves can use the information they have obtained to do the following:
- Open up a new bank account or credit card…and make changes to your billing address, leaving you none the wiser
- Take out a large loan, such as a mortgage or vehicle loan, and never pay the loan off
- File a fraudulent tax return, and taking the money that comes from it
If you find yourself to be a victim of identity theft, you could be dealing with the aftermath for years to come, and could struggle to clear your name and repair your credit score.
Fortunately, there are several ways that you can protect yourself from becoming a victim of identity theft. Some of this includes:
- Only give out your Social Security number when it is absolutely necessary
- Do not allow mail to sit in a mailbox
- Don’t respond to suspicious requests for personal information
- Only create complex passwords for online accounts
Here’s how to be part of the 30% of informed, alert, aware and cyber smart consumers: Take the “Identity Theft Risk Quiz” here: https://www.identityforce.com/resources/quiz To further protect yourself, sign up for an identity theft service, today.
If you have an iOS device, you may be leaking personal information about yourself—without even knowing it—because you’re not familiar with the privacy settings.
Apps have “permissions,” meaning, they can access private information such as your social calendar stored on the phone, appointments, anything. Go to the privacy menu under “settings” to learn which apps can gain this access and deactivate it. And there’s so much more to know…
- The Limited Ad Tracking option controls how targeted the ads are to your habits, not the amount of ads you see.
- This feature does not apply to ads across the Internet; only the iAds that are built into apps.
- At the screen top is a Location Services entry.
- Explore the options.
- Shut down everything not needed beyond maps or “Find My iPhone”
- Check out the Allow from Current Website Only option; it will prevent outside entities from watching your online habits.
- You can limit how much Safari tracks your habits (by activating Do Not Track requests).
- You can also disable cookies, but you won’t prevent 100 percent of the data collection on you.
- Want all cookies and browsing history deleted? Choose the Clear History and Website Data option.
- In the Settings app, go to Safari, then Search Engine to change the default search engine if you feel the current one is collecting too much data on you.
- Every app has its own privacy settings. For every app on your device, you should explore the options in every privacy menu.
- Set up a time-based auto-lock so that your phone automatically shuts off after a given time if you’re not using it.
- The fewer apps you have, the less overwhelmed you’ll be about setting your privacy settings. Why not go through every app to see if you really need it, and if not, get rid of it?
Tags: child burglary, child identity theft, child internet safety, child locator
How many times have you read, or at least caught a headline, of the latest high profile missing child case? How many stories have we heard about the kid who got lost on a hike? His body was found several miles from where he’d been last seen, concluding a several-day search.
What if he had had an iPhone on his person at the time he wandered off in the middle of some vast woods? Sure he could call, but then what? Android and iPhones have a “find my phone” feature that a parent can track down a lost child with—provided that this feature is enabled.
- At android.com/devicemanager log onto the Android Device Manager page. The parent must also know the password and name for the Google account that is associated with this tracking feature.
- You’ll see Android hardware’s location, which is stored in the phone attached to the lost child, on a map.
- Obviously, you must have your own mobile device on you to locate.
- This feature works for older kids too, such as your young teen daughter on her first date. She’s 20 minutes past her curfew and she’s not answering her mobile. Time to locate her.
- You can set up a restricted profile that blocks the teen’s access to the “settings” application, or, you can use a parental control app.
- There are locator apps also compatible with the iOS phone too.
Do you have an elderly relative who’s not all there upstairs and prone to wandering off? Most phones are compatible with affordable ($6 to $15 a month) applications that can give you the location of your family member. Family locator apps are offered by T-Mobile, AT&T, Sprint and Verizon Wireless.
Locator apps also come with other features, not just the locator aspect. Some offer 911 and emergency features. This would be great for your elderly grandmother who forgets things or gets lost easily.
Criminals often rely on tricking their victims to gain access to their passwords and other account information. This act of tricking is called social engineering, also known as a confidence crime, and it comes in many forms.
- A type of phishing e-mail where the criminal targets someone specific is called spearphishing. The spearphishing e-mail will look very much like the typical company e-mail that the real person uses.
- Example: The thief sends a trick e-mail (phishing) to a company employee he found on LinkedIn, making it appear to be from the company’s CEO or some other higher-up. The “CEO” requests sensitive information (like a password) or a wire transfer.
- The phone is used for phishing (vishing) in a similar manner. A vish is a combo voicemail and phishing.
- A fake invoice is sent to a company, mimicking ones that the business’s actual vendor routinely sends, requesting payment. Or it may look like any vendor that the company possibly does business with. Accounting often pays the fake invoice.
- Finder’s keepers finder’s weepers: The crook leaves a USB drive lying around, hoping someone will find it and greedily insert it into their computer, during which it will then unleash malware.
- Impersonating a vendor or other employee in person to gain access to a business.
Don’t Take the Bait
- Any time someone calls, you receive an email, someone comes in your office, or the door bell rings, be aware they may have scammy intentions.
- All bank accounts should have two-factor authentication. Even if passwords are compromised, this can prevent scammer account access.
- Train employees to be extremely judicious in what they post on social media such as the nickname of the company CEO.
- Never click links inside e-mails. Phishing specialists want you to click on links which will download a virus.
- Requests for money transfers or handing over sensitive data must be verified by the person making the request—in person or over the phone. Never hit the “reply” button.
- Money transfers should require two signatures.
- Free web-based e-mail needs two factor authentication.
- Vigorously train employees to recognize phishing maneuvers. This includes catching any anomalous features of e-mails supposedly sent by the CEO or other key figures in the company. Staged phishing e-mails should be regularly sent to see who falls for the bait.
- Examples of anomalous behaviors: The CEO suddenly wants to be contacted via a new e-mail, or suddenly her e-mail signature is different (“Kathy” instead of “Kathi”). Another suspicious change is that a CEO, for instance, suddenly signs off with “Sincerely,” when for years he’s been signing off with “Best.”
- Uncharacteristic behaviors may also occur with vendors (crooks posing as a longtime vendor).
If your computer password contains the name of your dog, your favorite vacation spot, and an easy-to-remember numerical sequence, then you are breaking some basic rules of password safety. Even though “BusterBermuda789” might seem impenetrable to you, this is a password security experts say is vulnerable.
Here are five things to know about passwords:
- A long, strong password goes a long way in helping prevent hacking.
- Every account should have a different password.
- A hacker’s password-cracking software can easily expose any password composed of an actual word or proper name, or keyboard sequences. (i.e. Mike123)
- Passwords should be a jumbled mix of upper and lower case letters, numbers and characters.
- A password manager tool will make all of this easy for you. Here is one of password manager tool that can help you get started creating stronger passwords.
Need to Know: Four data protection tips
- Look out for suspicious emails: Hackers send out phishing emails to trick recipients into clicking a link or attachment that downloads a virus. Or, the link may take them to a website that tricks them into typing out login information. Fraudulent e-mails that look as if they could be from your bank, employer, medical plan carrier, the IRS, UPS, etc. But these will typically ask you do things the IRS and your bank would not. It’s unlikely that your bank lost your account information, and now needs it urgently. Also ignore any email claiming you won a prize, or inherited money. Make sure not to click on any attachments in an email. Attachments are a common way that cybercriminals spread ransomware.
- Use 2FA when available. Always choose 2FA – two-factor authentication – option whenever it’s available. Two-factor authentication is when a login attempt to an account prompts a text known as a One-Time Password (OTP) or voice-call to your phone with a unique numerical code that you can enter in a login field. Sign up for it if your account offers it. Yes, hackers have been known to lure users into texting them that special code. Always be suspect of any requests for your OTP.
- Protect online profiles. Many hackers get personal information from social media and then use those data pieces to figure out user names and your answers to security questions on your various accounts. Think about it: Do you really need to post the names of all your kids and pets, your wedding anniversary date (which you then might use in a password combination) and tell everyone where you work? It might be time to consider more carefully what you make public. And always make sure your settings are kept private, not public.
- Web and Wi-Fi safety. Consider multiple email addresses – not just multiple passwords – to distinguish from business and social contacts. Avoid Wi-Fi at hotels, coffee shops, etc. These are prevalent and convenient, yes, but extremely vulnerable. Never conduct financial transactions on public Wi-Fi. Use a VPN to secure Wi-Fi in remote locations. Your home network should use WPA-2 and not WEP connection. Ignore pop-ups.
A new level of awareness is needed as computer users navigate their professional and personal lives, and realize they are vulnerable – and their data is at risk – every time they log on to a system. Keep simple tips like this close by in order to avoid ransomware and other cyber threats.
Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.Filed Under: Ransomware
Tags: social media, Social Media privacy, social media safety, social media scams, Social Media security
Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.
Parents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.
Applications have safety settings. Do you know what they are? How they work?
- A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”
- Enable the self-destruct feature to destroy communications quickly after they are sent.
- But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
- Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.
- Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
- Go to your iPhone’s settings and change the location access to “Never.”
- Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
- Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
- Don’t share usernames.
- This question-and-answer service attracts cyberbullies.
- In the privacy settings, uncheck “Allow Anonymous Questions.”
- The user should remain anonymous.
- This video-chatting service is a draw for pedophiles.
- It should never be linked to a Facebook account.
Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.
- If you use a cane, take “cane-fu” classes if possible. Yes, it’s a thing.
- A sturdy cane with a strong handle works best.
- Do not assume you can fight with a cane just because you need one to walk.
- Avoid a cane with a hidden knife or sword unless you specifically train to fight with a blade.
- A person’s first instinct with a cane-like device for self-defense is to wield it in a horizontal path as though swinging a baseball bat. This is wrong, as it can easily be seen in progress by the person you’re trying to ward off; that person could dodge it, deflect it or grab the cane from you. This is why a cane self-defense class is crucial.
- Swatting someone with an unrolled magazine is worthless, even the most tightly rolled magazine won’t stop an assailant—because swatting is the wrong way to use a rolled-up magazine as a weapon.
- The proper way to strike is with a hammer motion, your arm as the handle and the magazine as the head, so that the end of the roll is struck into the assailant; the roll, ideally, is perpendicular to the surface it strikes, concentrating as much impact as possible into a small area. But if this small area is his neck, nose, temple or groin, it will stop him long enough for you to either follow up with another blow or to escape.
- A pre-rolled magazine, fastened tightly with several thick rubber bands, is something you should have on hand, just in case. Otherwise, pray you don’t let panic make you fumble as you’re trying to roll up a magazine when an assailant approaches.
- A flashlight, being shaped like a rolled-up magazine, is used in the same way as a magazine roll.
- But because it’s more solid, it will be more effective.
- You’re probably already picturing a pen sticking out of the assailant’s eye.
- A pen jabbed into the temple, nose and neck hard enough will disable the attacker; the more perpendicular the pen to the strike surface, the better.
- A pen jammed hard enough into the collarbone will also stop the assailant.
- Other body parts worth mentioning: ear, cheek, top of hand, groin.
- The key is being able to quickly pull the belt off your pants.
- And that’s it: whip at him with the buckle as the striking end. Don’t try to strangle him; that only works in the movies, then run!