Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Are you Scam Aware or a Sitting Duck?

0
Pin It

You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

Do You and Your Staff Know What To Avoid?

Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

  • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
  • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
  • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

Reporting Scam Attacks

It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: scams

Half of American Adults on FBIs Biometric Database

0
Pin It

Here’s a bit of a shock for you: about half of all adult Americans have a photograph stored in the FBI facial recognition database. What’s even more shocking, it is that these photos are being stored without the consent of the individuals. Approximately 80 percent of the photos the FBI has are of non-criminals, and might take the form of passport or driver’s license photos. Furthermore, there is a 15 percent rate of inaccuracy when matching photos to individuals, and black people are more likely to be misidentified than white people.

You can’t deny that this technology is very powerful for law enforcement, but it can also be used for things like stalking or harassment. There is also the fact that this technology allows almost anyone to scan anyone else. There are no laws controlling it, either.

If you think that’s scary, consider this: The technology to do this has been used since around 2010, and the FBI never informed the public, nor did they file a privacy impact assessment, which is required, for five years. Where is the FBI getting this information? From the states.

Basically, the FBI made arrangements with 18 different states, which gives them access to driver’s license photos. People are not made aware that the FBI has this access, nor are they informed that law enforcement from across the country can access this information.

Just last year, the GAO, which is the US government accountability office, took a look how the FBI is using facial recognition and found that it was lacking accuracy, accountability, and oversight. They also found that there was no test for a false positive nor racial bias.

What’s even more interesting is that several companies that develop this technology admit that it should be more tightly controlled and regulated. For instance, one such company, and the CEO, has said that he is “not comfortable” with this lack of regulation, and that the algorithms that are used commercially are much more accurate than what the FBI has. But, many of these companies are not willing to work with the government. Why? Because they have concerns about using it for biometric surveillance.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: security

Getting Owned or Pwned SUCKS!

0
Pin It

A well done New York Times article recently re-introduced this topic to the masses. Being “owned” isn’t new, but the term is not becoming part of popular culture. If you use the internet or are often on social media, odds are good that you have been OWNED. Whether you are called out for a misspelling on your latest Facebook post, or you were proven wrong after sharing a “fact” or post from another site…you have probably been owned.

The word “owned” comes from the hacker world, and real “ownage” is not just about proving you wrong. You might also see it as “pwned,” which is pronounced “poned.” It is actually about stealing your private information, and then shaming you or diminishing your worth as a person. The best at “owning” can actually control your virtual presence.

Take a look at the email hacking scandal that Hillary Clinton went through during the 2016 presidential campaign. Though there was nothing of consequence found in those emails, the act of being hacked, or owned, alone, could have been the reason she lost the election.

Take a look at President Trump, too. You have surely noticed that he is doing his best to own as many people and even foreign governments as he can. Owning is a form of “one upping” and it can get nasty.

Getting owned is nothing new. In fact, Aristotle even talked about similar acts. Today, we just do it virtually.

In the case of hacking, when a hacker owns someone, they are showing that they have superior abilities. The word is also used in the gaming community to describe the act of mastering game play or besting opponents. Of course, we also use the word owned in the real world, when we drop a well-timed joke or have the opportunity to prove another person wrong. You might have even owned someone yourself.

Ownage equals power, and the concept of ownage is constantly evolving. The most successful owns are those that target the know-it-all; people who think they know more than they actually do. However, if you start owning, you simply set yourself up to be owned…and that really SUCKS.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: online security

Smart and Easy Ways to Protect Your Digital Life

0
Pin It

Even if you don’t realize it, your identity is all over the internet. Whether you posted to an internet forum in 1996 or you ever had a MySpace page, this information is still out there, and you have to protect it. Here are some simple and easy ways that you can protect your digital life:

  1. Change Passwords – The first thing you should do is make sure you are regularly changing passwords. Make your passwords difficult to guess, and a mixture of letters, numbers, and symbols. Also, make sure that you are protecting your account when resetting passwords. For instance, you should have to answer “knowledge based authentication questions” before making a change.
  2. Take a Look at Account Activity – Many companies allow users to check out their recent activity. Google, Facebook, and Twitter are three examples. If something seems out of place, report it, immediately.
  3. Close Accounts You Don’t Use – Do you have an old MySpace page? Did you start a Blogger and never use it? If so, go and delete those accounts before they get hacked.
  4. Don’t Share Too Much – What do you share online? Are you getting too personal? Hackers can use personal information, such as your birthday, or even favorite sports team, to get into your accounts. This is especially the case if you choose to use this information in your passwords or in your password reset or knowledge based authentication questions.
  5. Use a VPN – With all of the talk about internet security making headlines, the safest way to access public Wi-Fi is through a VPN. A VPN, or virtual private network, encrypts your information.
  6. Don’t share account passwords – STOP THE MADNESS! Though you might think it’s cute to share a social media account with your spouse, it’s also dangerous. The more people who have access to your accounts, the higher the chances of getting hacked.
  7. Choose Trusted Contacts – Make sure to choose a couple of friends or family members as trusted contacts. That way, if you get kicked out of your social media accounts, they (meaning their email or mobile#) can help you get back in.
  8. Update All of Your Software – Finally, make sure that you are updating all of your software such as your OS, apps, or even Office docs when prompted. Don’t let those updates wait. Many of them contain important security updates, too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: digital security

Busting Down the Door: 12 Ways to Stop Burglars from Entering Your Home

0
Pin It

There is no such thing as a home that is fully burglar-proof, but there is also no such thing as burglars who have the skills of Ethan Hunt from Mission Impossible. With the right security in place, you can get your home almost burglar-proof.

When most people think of security, they only think of a few devices, and though they are great to have, they don’t protect you fully. Yes, you might have fake looking cameras that deter thieves, but what about those who try to get in anyway. Kicking the door in, which is an easy way a criminal gets into a locked home, can still be done. The only thing separating a burglar from getting in through a locked door is half inch pine molding. A 12 year old boy can kick in a door easy enough. You need to beef up your doors.

Here are some door reinforcement devices that can help:

  • Deadbolt/door knob wraps – these strengthen the immediate area around the lock
  • Door bar jammer – fits snuggly under the doorknob
  • Door brace – device that makes it more difficult to kick a door down
  • Door frame reinforcement – installed on the door jamb and made of steel

You can also use commercial kits like the Door Devil. This is a kit that contains a device made of heavy steel. It is installed over the door jamb, and is screwed directly into the frame. The system is easy to install, and it will add another level of protection to your home. When you combine this with other types of security, such as motion detection lights, surveillance cameras, and a security system, it will be very difficult for burglars to enter.

Here are some more general tips to keep your home more secure than ever before:

  1. Always keep your doors locked. Keep them locked when you are home and even during the day.
  2. Always keep your windows locked. This includes those on the second floor. A burglar can certainly climb.
  3. Keep the blinds and curtains closed. This helps to ensure that no one can look into your home to check out your valuables.
  4. Use top-flight locks and door reinforcements.
  5. Install security films on your windows. These will help to give the panes strength and will prevent penetrating objects from coming in, such as crow bars and baseball bats.
  6. Collect your mail and newspapers as soon as possible when they arrive.
  7. Give your home that ‘lived-in’ look with a system for home automation turning lights on and off.
  8. Place men’s work boots at the front or back door and make sure they look worn and scuffed. If you park your car out in the drive, place men’s gloves on the dash. If burglars see this, they will think twice as they will believe there is a large man in the home.
  9. Place a large dog bowl by the door, and make sure to make it look realistic. Add chewed up dog toys or a leash to the area, too.
  10. Make sure to trim shrubs that are hiding home entry points.
  11. Go to Google News. Type in your city and state along with the phrase “door kicked in.” You will likely be shocked by what you find. This will be more motivation to protect yourself.
  12. Make the investment into a beefy home security system. The best systems offer full alarm and police station monitoring along with cameras providing a clear view of what is happening in your home when you aren’t there. You can watch right on your mobile device.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Filed Under: home security home security system home security tips

Hire an Ethical Hacker NOW!

0
Pin It

You might think it’s crazy to actually hire a hacker, but if you don’t have an ethical hacker on your security team, you could be playing a dangerous game.

Ethical hackers are called “white hat hackers” and are legal hackers, that help businesses find security problems in their networks. Developer and security teams, who build out codes, should have a white hat hacker on their side. This way, they will know from the start if the code is vulnerable. This is also known as “application security”.

How Important are Ethical Hackers?

How important is this? It’s so important that even the largest companies in the world are using this practice. Take Microsoft, for instance. They host a competition for white hat hackers, and challenge them to find any bugs present in their codes. This is called a “bounty”. On participant, was able to bypass every single security measure that Microsoft had in place. Can you imagine what would happen if he was one of the bad guys?

This type of security solution should be the first line of defense for your company, as they expose the risks that your company might have. Additionally, many companies used white hat hackers to ensure that they are complying with legal standards, such as HIPAA.

Wouldn’t Security Audits Work?

A security audit is basically a checklist for what a network has and doesn’t have in place. There’s not rubber on the road. Ethical hacking is a real world test. A security audit isn’t. The job of a white hat hacker is to find as many holes in the code as possible, and then report them back to the company. Another benefit of using an ethical hacker is that the information they provide helps to enhance the detection quality of products. An audit probably wouldn’t find this information.

What Does it Mean For Your Company?

Before anything, it’s important that you realize that an ethical hacker can help you and your business. A strong security program must focus on both the security of the code and the program’s security as it runs. This is where an ethical hacker will be most beneficial. Of course, it’s best to get the coding right the first time, but mistakes happen, and this is where a white hat hacker can make a huge difference.

So, the next time you talk about staffing, remember to bring up the addition of a white hat hacker. It could be the difference between keeping your data safe or being the victim of a real hacker.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: hackers

The Best Gmail Phishing Scam Ever!

0
Pin It

If you use Gmail, pay attention! Security experts have announced that there is a very effective phishing scam out there, and you are a target. This scam, which has only been growing over the past couple of months, is also hitting other email providers, too. However, it’s quite difficult to detect.

According to researchers at WordFence, who make a security tool for WordPress, this is a pretty serious attack and can have quite an impact, even for those who are up on security.

Here’s how it works:

You get an email from someone you trust…like a friend or family member or Google. The email, however, is actually not from them. It just looks like it is. Attached to the email is an attachment, which, when opened, links to a fake Google sign-in page. Everything about this Google sign-in page looks legit…but the address in the address bar is not…and here’s where it gets tricky. The address bar actually has a URL that looks real: https://accounts.google.com. However, before that address is whats called a “data URI”. Google it. This is NOT a URL. Instead, it allows the hackers to get your username and password as soon as you enter them into the fake login screen. To make things even worse, once they sign into your actual inbox, they use your information, including attachments and emails, to target your contacts.

Protecting Yourself From This Scam

If you are a Google Chrome user, you can protect yourself by taking a look at the address bar before clicking anything. A green lock symbol is your indicator that it is safe to browse. However, there are some scammers out there who have created their own site that are HTTPS-protected…which also means they will have a green lock. So, also take a look at the address.

Another thing that you can do is add in two-step authentication, which is an extra layer of security. Ultimately, it will help to lower the odds that your account will be compromised. You also might want to consider a security token, as well. If you don’t use two-step authentication with every account that offers it (Facebook, Twitter, iCloud etc), you’re a bit foolish my friend.

Google is aware of the issue, and they are working on improving security for their users. In the meantime, remain vigilant as you browse.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Phishing phishing emails

Top 12 Tips to Destroy Your Sensitive Data

0
Pin It

Believe it or not, you just can’t shred too much. If you aren’t destroying your sensitive data, my best advice is for you to start now. There are people out there who make a living diving into dumpsters in search of credit card info, bank account number, mortgage statements, and medical bills; all things they can use to steal your identity.  

Here are 12 tips that you can use to help you destroy your sensitive data:

  1. Buy a shredder. That said, I don’t own a shredder. I’ll explain shortly. There are a number of different brands and models out there. Some even shred CDs. This is important if you keep your documents saved on a computer, which you then saved to a CD. Don’t, however, try to shred a CD in a shredder that isn’t equipped to do this job. You will definitely break it.
  2. Skip a “strip-cut” shredder. These shredders produce strips that can be re-constructed. You would be surprised by how many people don’t mind putting these pieces together after finding them in trash. Yes, again, people will go through dumpsters to find this information. Watch the movie “Argo” and you’ll see what I mean.
  3. Shred as small as you can using a cross cut shredder. The smaller the pieces, the more difficult it is to put documents together again. If the pieces are large enough, there are even computer programs that you can use to recreate the documents.
  4. Fill a large cardboard box with your shreddables. You can do this all in one day, or allow the box to fill up over time.
  5. When the box is full, burn it. This way, you are sure the information is gone. Of course, make sure that your municipality allows burning.
  6. You should also shred and destroy items that could get you robbed. For instance, if you buy a huge flat screen television, don’t put the box on your curb. Instead, destroy, shred, or burn that box. If it’s on the curb, it’s like an invitation for thieves to come right in.
  7. Shred all of your documents, including any paper with account numbers or financial information.
  8. Shred credit card receipts, property tax statements, voided checks, anything with a Social Security number, and envelopes with your name and address.
  9. Talk to your accountant to see if they have any other suggestions on what you should shred and what you should store.
  10. Shred anything that can be used to scam you or anyone. Meaning if the data found in the trash or dumpster could be used in a lie, over the phone, in a call to you or a client to get MORE sensitive information, (like a prescription bottle) then shred it.
  11. Try to buy a shredder in person, not online. Why? Because you want to see it and how it shreds, if possible. If do buy a shredder online, make sure to read the reviews. You want to make sure that you are buying one that is high quality.
  12. Don’t bother with a shredder. I have so much to shred (and you should too) that I use a professional document shredding service.

I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Most businesses have shredding that needs to be done regularly. We provide free shredding bins placed in your office. You simply place all documents to be shredded in the secure bin. Your private information gets properly destroyed, avoiding unnecessary exposure.”

Does your local service offer that? Shredding myself takes too much time. And I know at least with Highlands equipment (check your local service to compare) their equipment randomly rips and tears the documents with a special system of 42 rotating knives. It then compacts the shredded material into very small pieces. Unlike strip shredding, this process is the most secure because no reconstruction can occur.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Data Breaches Data Security data theft

Malware Hack Attacking the Grid…BIGLY

0
Pin It

For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

The malware was first hinted at in 2013, but at that time, it was not seen as dangerous, and many anti-virus programs were flagging it as dangerous, but it was considered a false positive. Eventually, it was seen as a type of basic malware, and upon further inspection, it was found that there are several variations. The most recent flag was in March 2017.

This particular infestation is only one of many malware infections that target industry. Approximately 3,000 industrial locations are targeted with malware each year, and most of them are Trojans, which sometimes can be brought in by staff on found or compromised USB sticks.

Most of these programs aren’t extremely harmful, meaning they won’t shut down production. However, what they could do is pave the way for more dangerous threats down the road. It also allows for sensitive information to be released.

It is not easy for hackers to infiltrate an industrial plant, and it takes good knowledge of layout, industrial processes, and even engineering skills to pull something like that off. This goes way beyond a simple malware attack.

However, these attacks have also brought to light the issue of how many legitimate files are being flagged as malware and vice versa. This means that the files can be used by the bad guys, who can then target a specific industrial site. There are thousands of these programs out there, ripe for the picking by observant hackers.

What can they do if they get this information? They could find out where the site is, who operates it, the layout and configuration, what software they have, and even what equipment they are using. Though this wouldn’t give them everything they need, it would be enough to plan a bigger, more dangerous attack.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: malware

Second Hand and Discarded Devices Lead to Identity Theft

0
Pin It

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data.  What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

  • Back It Up – Before doing anything, back up your device.
  • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
  • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
  • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Identity Theft
Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category