Ransomware Hackers provide Customer Service Dept. to Victims

/in , /by

Yes, believe it or not, ransomware has become such a booming business for thieves, that these cyber thugs even provide bona fide customer service departments to guide their victims!

4DWhen ransomware infects your computer, it holds your files hostage; you can’t access them—until you pay the hacker (usually in bitcoins). Once paid, the crook will give you a decryption “key.” Sometimes the fee will go up if you don’t pay by a deadline. Fees may a few to hundred to several hundred dollars to way more for big businesses.

Thieves typically include instructions on how to pay up, and they mean business, sometimes being “nice” enough to offer alternatives to the tedious bitcoin process. They may even free one file at no cost just to show you they’re true to their word.

As the ransomware business flourished, particularly Cryptolocker and CryptoWall, hackers began adding support pages on their sites to victims.

An article at businessinsider.com mentions that one victim was able to negotiate a cheaper ransom payment.

Why would thieves support victims?

  • It raises the percentages of payments made; the easier the process, the more likely the victim will pay. The businessinsider.com article quotes one ransomware developer as stating, “I tried to be as [much of] a gentleman thief as my position allowed me to be.”
  • It makes sense: If victims are clueless about obtaining bitcoins and are seeking answers, why wouldn’t the crook provide help?

Perhaps the most compelling reason why bad hackers would want to help their victims is to get the word out that if victims pay the ransom, they WILL get their decryption key to unlock their encrypted files.

This reputation puts the idea into the heads of victims to “trust” the cyberthief. Otherwise, if ransomware developers don’t give the key to paying victims, then word will spread that it’s useless to pay the ransom. This is not good for the profit-seeking hacker.

These crooks want everyone to know that payment begets the key. What better way to establish this reliability than to provide “customer” support on websites and also via call centers where victims can talk to live people?

Apparently, at least one ransomware developer has a call center where victims can phone in and get guidance on how to get back their files.

Prevent ransomware by keeping your devices update with the latest OS, antivirus, updated browser, and back up your data both locally and in the cloud.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Parents legally can spy on their Kids

/in , , /by

Just because something is legal, does that mean you should do it? In the case of spying on your kids’ phone activities, some say yes. Though the very same mode of operation is illegal in most states when the eavesdropper is your boss or anyone else and you’re the “eavesdropee,” this same mechanism is legal and encouraged for parents to their kids.

12DYou’re probably envisioning a parent listening in on their boy-crazy teen daughter’s phone conversation. But it’s more than that.

According to a nydailynews.com article, the Court of Appeals in New York ruled that secretly listening in on and even recording a cellphone conversation is legal—after a man recorded a cellphone conversation involving his five-year-old son. The child’s mother’s boyfriend, over the phone, threatened to beat him.

Dad acted in good faith when he wired the phone, and the slime who made the threat, was convicted on three counts. But his attorney claimed that the eavesdropping was illegal and thus, the conversation was not admissible.

The judge in this case pointed out that not all cases come in template form inside a black box. But can a parent eavesdrop on an older child who’s cognizant enough to rationally protest? Again, we can’t apply a cookie cutter to this concept. But in New York, it’s legal to conduct this practice, with the assumption that the parent is acting in the best interest of the minor.

In another case, points out the article, a woman inserted a tape recorder in her autistic son’s backpack to pick up the suspected verbal abuse from the boy’s bus matron.

The line can be very fuzzy over just when it’s ethical for a parent to tap a child’s phone conversations and when it’s done for more self-serving reasons, such as in divorce cases. Again, it’s legal in New York, because it was determined that the potential benefits far outweigh the potential grievances.

At least 12 other states, though, are on board with this doctrine of vicarious consent, including New Jersey, Texas, Arizona, Maine and the Carolinas. Hopefully, not too many parents will abuse this legal right and end up eavesdropping for the fun of it or to show off their “power” as the adult in charge.

But that fact is, kids can get into lots of trouble with their physical and digital lives if their parents are unaware of what’s going on.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The TSA confiscated 2,653 Guns in 2015

/in /by

How dumb can air travelers be, trying to get guns past the TSA? Duhh, don’t they know that the X-ray equipment or pat-downs will detect them? Just last year, over 2,600 guns were detected. More than 80 percent of these guns were loaded. Talk about the world’s dumbest criminals.

7HIt gets better: People have also tried to sneak past the TSA other potentially lethal weapons. In 2015, the TSA confiscated the following potentially deadly instruments:

  • Metal sickle shaped weapon. This could easily dig out someone’s insides.
  • Gun powder; yes, non-metallic weapons can be detected.
  • Lots and lots of knives
  • Ninja climbing claws (yes, don’t know how else to describe these, but what you’re right now picturing is probably pretty accurate)
  • Ninja stars (scads of these, in all shapes and sizes)
  • Cane swords (a sword hidden in a cane that looks like Grandpa’s)
  • Meat slicer, where is someone traveling that they need to bring a meat slicer, and if they really need to do this, why try to bring it on the plane rather than get it checked through with baggage? Although I doubt they had evil intentions with that device.
  • Grenades, real and fake
  • Pepper spray (lots of it)
  • Samurai swords
  • And no kidding: a Klingon sword—you know, that crescent shaped thing. They actually make these things—called bat’leths—Trekkies don’t get special passes on airplanes.
  • Battarangs (can you figure out what these are, based on the name? Hint: “Holy Ravioli, Batman!”)
  • Drugs (hidden in items that you’d think TSA would never suspect to look in, such as peanut butter, candy wrappers and batteries.

Certainly, some of these travelers meant no harm. In fact, maybe the vast majority of them meant no harm with their weapons, and were just innocently (and idiotically) bringing them along, figuring, “As long as it’s not a gun or sword, my Ninja star or can of mace will be okay.”

However, don’t people know by now that anything sharp and metallic, or containing a chemical poison, will be confiscated? See more allowed/prohibited items HERE.

And what were the people with the grenades, handguns and swords thinking? Certainly not “TSA’s gonna get me!” You humans just amaze me.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Hacker for hire a rising Trend

/in , /by

Hackers and wannabe hackers can easily purchase cheap tools of the trade online. The security firm Dell SecureWorks Inc. confirms this in their latest report and adds that underground markets for hackers, including those from Russia, is thriving.

11DThe “Dark Web” is the go-to place for hackers looking for guidance and tools like malware. Yes, you can buy malware. If you don’t want to be the hacker, you can hire a hacker.

There’s any number of reasons why a non-techy person would want to hire a hacker. Maybe that person wants to make money and thus hires a hacker to create a phishing campaign that generates lots of credit card numbers and other personal data for the hacker’s client to then open credit lines in victims’ names.

Maybe another client wants revenge on an ex-lover, their current boss or neighbor; they hire a hacker to crack into the target’s Facebook account, and then the client is able to log in, impersonate the victim and post comments and images that will make the victim look frightfully bad.

Dell SecureWorks Inc., also found:

  • For $129 a hacker will steal e-mails from personal Yahoo or Gmail accounts.
  • For business accounts, however, hackers want $500 per e-mail.
  • Wannabe hackers can buy phishing tutorials as well as other tutorials for $20 to $40.
  • Gee, for just $5 to $10, you can buy a Trojan virus that you can infiltrate someone’s computer with and control it—even if you’re a thousand miles away.

So booming is the hacker for hire and hacker-in-training industry, that these cybercriminals even offer customer service. Makes you wonder why hackers are selling their knowledge, tools and providing customer service, if they can make so much more money just hacking.

Well, maybe deep down inside, these crooks have a kind heart and want to help out people, even if it means helping them commit crimes. Another explanation is ego; they’re so good at what they do that they want to share their knowledge, albeit for a fee.

What else is for sale on the Dark Web? Stolen hotel points and frequent flyer accounts. Buyers can use these to get gift cards on legitimate sites, says the report from Dell SecureWorks Inc.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Should you take active Shooter Training?

/in /by

Gunman Storms Building, Shot Dead by Receptionist

Wouldn’t it be great to see a headline like this for once? More than ever, employees are being trained to react tactically should a gunman go on a rampage.

2BThere has to be a better way, for instance, to protect children in a classroom than the teacher diving between them and the bullets and getting killed. Being hailed a hero is no consolation to the family he or she leaves behind.

In Boston, active shooter training is taking place, says an article at myfoxboston.com. Todd McGhee, a former state trooper, is the instructor. He charges $150 per person for an hour. May sound like a lot, but think of all the ways someone can mindlessly drop $150 over one weekend.

Active shooter training is also offered by some private firms in most metropolitan areas. It’s catching on in this day and cyber-age when every public gunning incident seems to get news.

In a real life scenario, the victim has maybe less than two seconds to make a life altering decision: bolt, dive out a window, hide, put their body between the gunman and children (and often, this results in death), rushing the gunman, playing dead once the bullets start flying (this has actually worked), and who knows what else—like whipping a pistol out of your pocket and shooting back. Reasoning with the gunman has also worked, but these are truly exceptional cases.

In a workplace setting, often the gunman is a former employee. The grievance he has may be towards his boss or someone there he was dating or wanted to date but was rejected.

The myfoxboston.com article notes some risk factors for deviantly violent behavior including divorce, loss of the job, financial woes, being bullied and experiencing child custody issues. However…it stands to reason that anyone who’d bulldoze into a business or public setting and start shooting has at least several of these problems.

Though issues such as being passed up for a promotion, ridicule by coworkers, being recently fired and other workplace problems normally don’t turn employees into killers, these situations are a common thread among such gunmen.

Sometimes the most meek employee turns out to be the shooter, and employees need to learn how to respond with tactics, strategy and proven methods rather than with panic and screams.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Don’t pick up that USB Drive!

/in , /by

What a very interesting experiment: Researches randomly deposited 297 USB drives (aka USB stick, flash drive, thumb drive) around the University of Illinois Urbana-Champaign campus. They wanted to see just how many, and how soon after dropping them off, they’d be collected by people.

2DTurns out that 48 percent of the drives were taken and inserted into computers. The report at theregister.co.uk says that in some cases, this was done minutes after the drives were left in the public spots.

Picking up a USB drive off the streets and plugging it into your computer is akin to picking up discarded food off a sidewalk and eating it. You just never know what kind of infection you’re going to get.

And what you might get is a virus crashing your computer or stealing your data. That USB stick could contain malware—either left in public as a prank, or innocently lost or discarded without the original owner knowing it’s infected.

Or…it might have been left in a public spot by a hacker with full intent of gaining control of your computer to collect your personal data and committing fraud, such as opening lines of credit in your name or emptying out your bank account.

The USB sticks for the study contained HTML files with embedded img tags. The tags allowed the researchers to track the USB activity, which is how they new that, for instance, one of them was plugged into a computer only six minutes after it was left to be “found.”

Only 16 percent of the people who picked up the sticks actually scanned them to check for viruses before plugging them into their computers. And 68 percent simply inserted them without any regards to what they could get transferred into their computers.

  • Some users trusted that there was no harm.
  • Some plugged in the drive to seek out the owner.
  • Some intended to keep the stick.
  • Conclusion: A cybercriminal could easily take control of a business’s system by leaving a rigged USB drive in the parking lot, let alone get control of a personal computer by leaving the stick in any public place frequented by lots of people.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Remove your Home from Google maps

/in /by

If it unsettles you to see your home displayed on Google Maps, there’s something you can do about this. Why might this be a concern? Information is “intelligence”. Information to some is power. The logistics of your home may empower certain people, like burglars. Example; if you’re in a residentially cluttered area vs. a remote area with nearby woods, these details can mean something to a would-be intruder.

3BIn additional to aerial shots, did you know that Google Maps also shows street level views? Uh ohhh…Ya. That can include cars parked outside, people, etc.

Visit Google Maps and type in your address. In the lower left of the screen you will see a thumbnail image called “Satellite.” Click to reveal the satellite image of your area, and see if your street is in view. Look for your dwelling.

How do these images get into the Google Maps system in the first place? Someone from Google actually drives around in a funky car with a crazy 360’ camera strapped to it taking photos. The camera doesn’t discriminate if your young daughters just happen to be sunbathing in the yard at that time.

Play around with the site’s interactive features to see just how much about your home a snooping stranger could learn. The Google Maps site allows zoom-ins that can pick up pretty clear views of what’s inside your garage (if it was opened the day the Google driver was taking pictures) or inside your home (yes, the images are that close-up).

Note, however, that the license plates of vehicles are blurred out. Google claims they also blur out people, but this tactic doesn’t always work, as at least one person claims he saw his license plate very clearly.

We can’t delete our address from Google Maps. But we can get this behemoth to blur out your house.

  • Locate your property to street view level.
  • In the bottom right-hand corner, click the icon called “Report a problem.”
  • This will take you to “Report inappropriate street view.”
  • Tweak the page to get your home inside the red box and fill out the form.
  • Type the verification code and submit.
  • Wait a few days then check to see if your home is blurred out.

You can even make requests for specific things to be blurred, like the $3,000 water fountain in your front yard.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Never put these Docs in your Wallet

/in , , /by

Yes, believe it or not, you CAN get by in life with a wallet that just has a little cash, a store card or two, one to two credit cards and your ID.  Unless you absolutely need your insurance card or Social Security card, leave those items at home.

1DFor years now, wallets have been on the market that you can stuff everything into, save for the kitchen sink. This doesn’t mean you must carry a ridiculous bulging wallet everywhere you go.

Now you may not mind having to dig through your wallet for five minutes to retrieve things because there’s so much stuff in there, but do you know who actually would enjoy this?

A crook who specializes in identity theft. With just your Social Security card (come on already, just memorize the number), a crook could open up credit lines in your name and make your life a nightmare.

Now you may think it doesn’t matter because your wallet will never be lost or stolen. Everyone must lose their wallet at some point in their lives? But what if you’re in an accident? What if you’re jumped on the street? What if someone brazenly approaches you, grabs the wallet out of your hands and runs?

If my wallet is lost or stolen I won’t care because there’s nothing in my wallet that the thief could easily use to steal my identity, nor is there anything I couldn’t easily name or easily replace.

Keep the following items out of your wallet:

  • Anything with your Social Security number; again, just memorize it already.
  • Home address
  • Keys
  • PINs and passwords (if you need an assortment of these to function while away from home, use an encrypted app—assuming you have a smartphone).
  • Checks
  • Credit cards you won’t be using on any given day you’re out in the community (though one emergency credit card at all times is a smart move).
  • Birth certificate
  • Credit card receipts
  • Medical cards unless you are going to the doctor
  • Store cards unless you are going to that store

Make photo copies of all docs in your wallet and upload them to your secure email account. Consider an app like “Key Ring” and enter the cards into your mobile device. Put ALL your loyalty cards there and copies of most cards you might need in a pinch.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Woman Drives her Sleeping Assailant to Police Station

/in /by

You don’t always have to outmuscle a assailant to beat him at his game. This is what a New Zealand woman learned after Vipul Romik Sharma abducted her. At first, things seemed fine; she exited a bar in Otahuhu with the 22-year-old and another man. Then they kidnapped and raped her.

Sharma then told her he was going to drive her home. The car began weaving due to Sharma’s sleepiness. The woman told him he was going to kill her first with his driving, and amazingly, Sharma gave control of the car to her.

At first, she intended on driving straight to her home with Sharma as a passenger. This occurred very early in the morning, and she figured that upon entering her driveway and tooting the horn, her roommate—a “big Islander guy”—would come out and take care of Sharma. But she realized he would have already departed for work.

That’s when she decided to drive straight to the Auckland Central police station—with Sharma snoozing and unaware.

But then the slime awakened, realizing where he was and repeatedly said “I’m sorry.” Too late, Tough Guy—you did the crime, you do the time. The woman told him: “You will be sorry; just wait.” Officers quickly placed Sharma on the ground.

During court, he claimed that the victim consented to the sex. This all happened in 2006, reported in the New Zealand Herald online, and Sharma was found guilty. As for the second man, he too was convicted.

Well, is there anything the woman should have done differently? It depends on what point of time in this chain of events. Certainly, she did everything right when Sharma began driving erratically. But what was she doing exiting a bar late at night with two men she didn’t know in the first place?

This is dangerous because once you’re outside late at night, it’s not difficult for a man to whisk an unwilling woman away into a vehicle and drive off with her, no witnesses. Think before you decide the best thing you can do for yourself at 1 a.m. is exit a bar with a man you just met.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Google Alert Scams

/in , /by

If you want to know the latest on “any topic”, just sign up for Google Alerts. Google will e-mail you notifications of new information coming online. I have Google Alerts for “Home Invasion” “Identity Theft” “Burglary” “Computer Security” and many more.

So what could be so harmful about receiving alerts about topics or people who are famous for being famous or your favorite presidential candidate?

  • A scamster creates a website and inserts popular search terms such as “Kate Middleton” or “Donald Trump.”
  • If you signed up for Donald Trump, you’ll not only receive legitimate alerts from Google, but also links originating from the scammer’s site. You won’t know which is which.
  • These fraudsters have figured out a way to circumvent Google’s security.
  • Clicking on these links could download malware into your computer.

In another example Intel Security’s McAfee does the “Most Dangerous Celebrity” survey based on malicious search results. They then determine which searched celebrity sites produce the most malware.

What can you do?

  • A tell-tale clue of a scam is that when you hover over the link inside your e-mail, the URL doesn’t correlate to the alleged source of the news. If it doesn’t match up, skip it. A scammer’s URL isn’t going to have what appears to be a legitimate news outlet address.
  • Narrow your search down. So if you want the latest in Trump’s polls, type “Donald Trump polls” in the Google Alert field. Otherwise, just leaving it as “Donald Trump” will not only flood your in-box, but it will be much more likely that some of those “alerts” will be fraudulent.
  • Another way to narrow the parameters is to set the alerts for “news,” “blogs,” “best results” and “United States.”
  • Be very suspicious of URLs that do not end in a dot-com, net, org or other familiar suffix. Often, scammy URLs come from foreign countries where the suffix is different, such as “fr” for France or .ru for Russia or .cn for China.
  • If a link appears to be fraudulent, report it to Google.com/alerts.

If you’re signed up for Google Alerts for numerous topics, consider cancelling some of these, especially if it’s a hot topic that makes headlines nearly every day, such as the presidential race—which you’re bound to see anyway simply by visiting a reputable news site.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.