Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Getting Rid of an Electronic Device? Do This First…

0
Pin It

A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

Deleting…Really Deleting…Your Devices

Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

Back Up

Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

Wipe

Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac.  If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

Destroy

Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.  

The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

Recycle

If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: digital security

Phishing is Getting Fishier

0
Pin It

If you are like most of us, you have undoubtedly received an email that has asked you to click on a link. Did you click it? If you did, you are like 99% of internet users because clicking links in normal. But in some situations you may have found that the link took you to a new or maybe spoofed website where you might be asked to log in. If you ever did this, you may have been the victim of a likely phishing attack, and these attacks are getting fishier all of the time.

A What? Phish? Fish?

It’s called a phishing attack, and yes, it’s a play on words. When you fish, you throw a hook and worm into the water and hope you catch something. Hackers do the same when they phish. Except, their hook and worm, in this case, is an interesting looking email that they hope you are going to click on…its then, that they can reel you in. There are a few different types of phishing:

  • Spoofed websites – Hackers phish by using social engineering. Basically, they will send a scam email that leads to a website that looks very familiar. However, it’s actually a spoof, or imitation, that is designed to collect credit card data, usernames and passwords.
  • Phishing “in the middle” – With this type of phishing, a cybercriminal will create a place on the internet that will essentially collect, or capture, the information you are sending to a legitimate website.
  • Phishing by Pharming – With phishing by pharming, the bad guys set up a spoof website, and redirect traffic from other legitimate sites to the spoof site.
  • Phishing leading to a virus – This is probably the worst phish as it can give a criminal full control over your device. The socially engineered phish is designed to get you to click a link to infect your device.

Can You Protect Yourself from Phishing?

Yes, the standard rule is “don’t click links in the body of emails”. That being said, there are emails you can click the link and others you shouldn’t. For example, if I’ve just just signed up for a new website and a confirmation email is then sent to me, I’ll click that link. Or if I’m in ongoing dialog with a trusted colleague who needs me to click a link, I will. Otherwise, I don’t click links in email promotions, ads or even e-statements. I’ll go directly to the website via my password manager or a Google search.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Phishing phishing emails

Parents Beware of Finstagram

0
Pin It

You have surely heard of Instagram, the photo sharing social network, but what about “Finstagram?” If you are like most parents, you have rules about the social media practices of your kids. However, once you learn about Finstagram, those might all go out the window.

When you combine the words “fake” and “Instagram,” you get Finstagram. Essentially, these are fake, or alternative, Instagram accounts that are created by teens, for the most part. These accounts can be used for harmless laughs, such as sharing embarrassing pictures with your close circle of friends, or for harmful deeds, such as hiding alcohol or drug use from parents. Finstagram accounts are also commonly used for bullying.

You can look at your child’s Instagram account and see the innocent angel that you believe you have raised. But, do they have a Finstagram account that shows a different side? It’s possible, and you might even be able to find it by using the Find Friends feature on the software. Of course, it’s possible that your child has linked their Finstagram to a new email address or even name.

On top of all of this, kids are using Finstagram accounts to do things that would never be acceptable on their “real” Instagram accounts. For instance, there have been instances where these fake accounts are used to post inappropriate or altered photos of their classmates in inappropriate situations. In some cases, things get so serious that the schools, themselves, have to contact Instagram to get the accounts shut down.

Even if you think that you have nothing to worry about with your own kids, it might be worth it to do a check on them. You can certainly ask your child if they have an account, and they might be forthcoming and tell you. Odds are, however, that they won’t. In fact, about 90% of Finstagram accounts are unknown, so it is the parent’s responsibility to look for the signs.

Parent should have all passcodes to access the device and its applications. Or the child can’t have a phone. Non-negotiable. Done deal.

Sit down with your child to talk about their usage of social media, and the repercussions of their actions on social media. You also might want to talk to other parents you know about Finstagram accounts. These accounts might be for innocent fun, but they could also ruin someone’s life.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: social media privacy

Investigators Using Social Media to Find Missing Children

0
Pin It

Gone are the days when social media is only used to share what you had for dinner or announcing to the world that you are headed to the gym. But social media has become a platform for any and everyone to say what’s on their mind, and sometimes that’s great, but all too often it isn’t. Social is significantly lacking in decorum. But at least some are using social for good.

These days, law enforcement is using social media to find missing children.

Washington, DC police are leading the way on this. In 2017, alone, the district is averaging about 190 missing kids a month. By using social media, information about the children is getting out quickly. Previous to this, the district was issuing press releases, but with social media, there are now thousands of people getting information about these children.

This new way of spreading the word is helping to find missing children, for example a Twitter user recently created a screenshot of several missing person’s flyers. She then shared the tweet with her followers, and it received over 108,000 retweets. It also, however, raised the red flag that these girls might be the victims of a human-trafficking scheme.

DC police admits that missing children are vulnerable to this type of exploitation, but are quick to point out that there is no evidence that these missing people were linked to any type of known human trafficking scheme.

Other groups, such as the Black and Missing Foundation, are also using social media to share leads, but still use traditional media, too. For instance, in 2012, a missing teen in New York was found in a matter of hours after her story appeared on the television show, The View.

Thanks to this new way of making the public aware of missing kids, DC police are seeing results. During the last two weeks of March, for instance, eight children were found after their stories were shared on social media.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: social media privacy

Study Shows Millennials Choose Convenience Over Security

0
Pin It

To those of us consider Tom Cruise the movie star of our day or even Grunge as the music we grew up with, looking at millennials, and the way they view life, is fascinating. These “kids” or young adults, many are brilliant. They really do define “disruption”.

However, that doesn’t mean that this tech savvy generation is always right. In fact, a new study shows just the opposite when it comes to internet safety. Though, they can also teach us a few things and are definitely up to speed on the value of “authentication” (which leads to accountability).

Anyway…South by Southwest, or SXSW, is a festival and conference that is held each year in Austin, TX. This year, a survey was done with some good AND scary results. The company that did the survey, SureID, found that 83% of millennials that were asked believed that convenience is more important than safety. That’s not good. But this is not the only interesting finding, however. On a positive note, the study also found the following:

  • About 96% want to have the ability to verify their identity online, which would ensure it was safe from hackers.
  • About 60% put more value on time than they do their money or safety.
  • 79% are less likely to buy something from a person who can’t prove their identity.
  • 70% feel more comfortable interacting with a person online if they can verify that other person’s identity.
  • 91% say they believe that companies “definitely” or “maybe” do background checks on those who work for them. These include on-demand food delivery and ridesharing. However, most companies do not do this.

What does this information tell us? It says that we are very close to seeing a shift in the way millennials are viewing their identities, as well as how they view the people and businesses they interact with.

Millennials have a need to want to better verify another person’s identity. To support this, just look at dating apps. Approximately 88% of people using them find the idea of verifying the identity of the people they might see offsite as appealing. It’s similar with ride sharing, where about 75% of millennials want to know, without a doubt, who is driving them around.

We live in a world today that is more connected than ever before. These days, as much as 30% of the population is working as freelancers, or in another type of independent work. In many cases, this work is evolving from small gigs to large and efficient marketplaces. Thus, the need for extra security and transparency is extremely important. Sometimes, technology helps us act too comfortably with people we don’t really know, and the study shows that having people prove whom they are will help to create higher levels of trust.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: privacy security

These Real-Life Stories Will Show You the Importance of Door Security

0
Pin It

If you are like most people, when you think of burglars, you think that it “won’t happen to me.” But, it very well could happen to you, because it happens each and every day across the country. I have taken some time to gather some recent real-life stories that will not only show you that it can happen to anyone at any time, it will show you how important it is to secure your doors.

Menlo Park, NJ – Series of Burglaries with the Doors Kicked Down

In less than one week, there were three burglaries in Menlo Park, NJ. All three of the homes had the doors kicked in. Jewelry, electronic devices, passports, and computers were all taken.

Milwaukee, WI – New Year’s Eve Break-In

Around 11pm on New Year’s Eve, a Milwaukee woman was the victim of a break-in when several suspects kicked her door in. Her alarm went off, scaring the burglars, and they ran off. She called 911, and police said these suspects had done the same throughout the neighborhood.

Elmwood Park, NJ – Burglar Kicks Down the Door and Steals Valuables

A woman came home to find her door kicked in and the bedroom light on. She immediately went to her neighbor’s home to call police. The burglars took jewelry and ransacked the home.

Torridge, North Devon, UK – Woman Comes Home to Find Door Kicked In

A woman came home to find her front door kicked down and her Xbox console missing. As you can see, these crimes don’t just happen in the US. This is a worldwide problem.

Lafayette, IN – Four Suspects Kick in Door

Four men kicked down an apartment door and began rummaging through a desk looking for money and marijuana. The tenant, who was home at the time, tackled one of the men, who was arrested; the other three ran away.

Chesterfield County, VA – Grandma as a Victim

An 80-year old grandmother was the victim of a home invasion in the middle of the afternoon. A group of boys kicked her door right down while she was sitting on the couch playing cards.

Boston, MA – Man Loses $4,000 in Valuables

A Boston man came home from work one day to find his door kicked in and almost $4,000 of valuables gone. This included a television, appliances, and furniture. He reported a shoe impression on the front door where burglar kicked the door.

Edmond, OK – Family Heirloom Stolen

An Oklahoma woman came home to find her door kicked in, her dogs locked up, and a treasured family heirloom missing. In addition, they took her gun, her laptop, and even the pillowcase off of her bed.

Decatur, GA – Woman Kidnapped After Her Door is Kicked Down

A daughter arrived to her mother’s home to find the door kicked down, the home ransacked, and her mother missing. She was later found safe in an adjacent county, and she claims she was kidnapped.

Portland, OR – Businesses Targeted by Thieves

Three businesses were broken into in Portland, OR at the end of January. All three of them had the doors kicked in, giving the thieves access to the stores.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Filed Under: home security

Hey Kids, the Internet is FOS

0
Pin It

The internet is a beautiful place. It is the way we communicate, the way we create, and the biggest business platform that has ever been generated. However, it is also a hazard, as anyone can put anything on it, and it’s extremely difficult to tell fact from fiction…especially if you are a kid.

A Stanford study looked at the ability, or inability in this case, of almost 8,000 students to tell fake news stories from real ones. The results, to be blunt, are terrible. When focusing on the students who were in middle school, 80 percent of them were unable to tell the fake news from the real stories, and they didn’t get better as they got older. When the researchers looked at high schoolers, they really fared no better, and more than 80 percent of them accepted that fake pictures were true without question. The results of this study should scare us all.

Part of the problem here is that we don’t have enough gatekeepers to fact check, edit, or vet the news that is going out there. Anyone with a computer can create a very realistic looking news site, and essentially, they can create stories about whatever they want. As you have probably noticed during the election, many adults also get caught up in the fake news that’s out there, and if adults can’t discriminate between what’s real and what’s fake, how can we expect children to?

The writers who create these fake news stories are very skilled, and when you put them up against the minds of others, especially children, it’s really not a fair fight. These students have to be taught how to use the internet, and it has to be soon. Kids are using the internet as young as two or three years old, and by the time they get to school, they can navigate the pages of the web better than many adults.

Speaking of school, how does the concept of internet literacy fit in with the typical curriculum in schools? Internet literacy, online behavior, reputation management, security and fake news are part of the same puzzle.

When computers first began to be commonplace in schools, most students took a class to learn how to use the mouse, keyboard, and basic programs. Now, these acts are usually learned before a child even gets to school, and the classes that are taught teach kids how to not only work a computer, but also how to be a good online citizen. The problem is, however, is that these classes are not given the same focus as other educational standards.

Further complicating things is that many teachers believe that teaching these concepts is not their responsibility. Instead, they believe that it is the job of others, such as the librarian, teacher’s assistant, or IT person.

If students are taught to consider what the intentions of the writer, or even the sources are, they will be able to eventually learn to sense the bias they have. When children can understand this concept, they can then learn about how news and other information gets from the writer to the readers. The internet creates a totally new concept for how news travels, and we all must recognize that when we click, we ultimately create a trail for more information to follow.

Will this new instruction be enough? We have reason to have hope. For instance, some social media outlets, such as Facebook, have recently announced that they will take steps to eliminate a lot of this fake news. Additionally, if we look at the history of humanity, when new innovations are introduced, such as when the printing press was invented, we, as humans, saw improvements in our lives.

It is also quite promising that children are not making the same mistake that their parents have made…they aren’t on Facebook much, which is where most of these fake news stories are found. Instead, children are in Instagram, YouTube, SnapChat and others. This information has been backed by a number of sources, and one study shows that teens are not using Facebook for their news. Instead, they are getting news from television or on Snapchat, which has recently rolled out a news delivery feature.

The bottom line here is that the original study from Stanford is disheartening, but there is a glimmer of hope since kids these days aren’t getting their news from the same places as the previous generation, like Facebook. Instead, they are using a mixture of traditional and digital sources that will likely help them to become more informed.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: facebook

Researchers Say Office of Personnel Management Hack Leads to Ransomware

0
Pin It

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Criminal Hackers cyber crime hackers Ransomware

How to Digitally Secure The Remote Teleworker

0
Pin It

If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.

New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.

Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s security plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:

  1. Use Cloud-Based Storage – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.
  2. Encrypt Devices When You Can – When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.
  3. Set Up Automatic Updates – You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.
  4. Use Best Practices for Passwords – You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.
  5. Create Secure Network Connections – Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.
  6. Increase Awareness – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.
  7. Use Encrypted Email Software – Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.
  8. Use an Endpoint Security Program – Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.

Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: online safety online security privacy telemarketing scams

The Mind of the Misunderstood Cybercriminal

0
Pin It

There are a number of misconceptions about cybercrime and those who engage in it. To a cybercriminal, there is no target that is special unless they have a grudge or beef with a particular entity, and as a rule, they will often cast their net wide and then move to attack the easiest prey they find.

11DSecurity specialists must never underestimate the actions of a cybercriminal. Records are easily shared and sold, and they are highly valued. This is especially the case when personal and medical information is the focus.

Any plan that the security professionals design must be focused on these types of crimes. They must also be aware of any upcoming threats and ensure that all proper backups of data are in place.

What are the Common Misconceptions Associated with Cybercrime and Cybercriminals

The most common misconception about cybercriminals that is often observed is that these people have diverse experience and skills, which allow them to initiate a huge range of cyberattacks. This would mean that they would earn a large amount of money as a result. However, the truth is, many of the cybercriminals out there use automated software, which means they don’t require much training at all. According to a recent survey, the vast majority only make from $1,000 to $2,000 a month. But as many as 20 percent of cybercriminals are making more than $20,000 a month.

Who are the Criminals Behind Cyber Crimes?

For the most part, those who commit cybercrimes have a clean criminal record and do not have any ties to any organized groups. These criminals usually also have a stable job during the day and participate in these cybercrimes in their free time. Often, these people are introduced to cybercrimes during college, and many remain active in the industry for several years after they begin.

The other cybercriminals have a bit of a different background. These people belong to cybercriminal syndicates that work within a hierarchy. There are highly skilled members of these groups, and each have certain responsibilities to ensure the success of their organization.

Generally, these groups are controlled by a “boss,” who is the mastermind. They are typically highly educated, intelligent, and some are often connected with the banking industry, as they must arrange for things like money laundering. Additionally, these groups often include people who are professional forgers, as they often require fake documents to serve as paperwork to “prove” their schemes, and then the group needs those skilled in hacking, software engineering, and other technical operations. Some of the groups also include those familiar with law enforcement, as they are skilled with things such as gathering information and counter-intelligence.

What is often so surprising is that members of these groups are often highly respected members of their communities, and many are seen as successful people in business. These people are also often connected to hospitality, real estate, or the automotive industry.

These people do not think of themselves as regular criminals, and they rarely cross paths with others whom the general public might deem as “criminal.” They usually hide in the shadows and avoid any actions that might bring attention to them.

To avoid all of this, it is best to use the assistance of a professional. They are familiar with how these communities run and how they react to certain actions. There are a number of way to research the dark web in a secure and safe manner without risking the integrity of your organization, but the professionals are best for this job. It is also important for businesses to utilize security teams. This ensures that they are capable of obtaining the data and stimulating the environment.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: cyber crime cybersecurity
Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category