Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Advisory Boards

Social Engineering Security

The Security Costs of being too Social

One of the arguments against being very virtually social is that nobody is SO important that everyone wants to know, for instance, that this person is going to be at the local sports bar watching the Super Bowl (or almost nobody; sad to say, some celebrities have half the world following them). Another argument, however, against tweeting and posting your every move is that this tells burglars when you’ll be away from your house. So, you’re impor…

SSN and Its Afterlife

What’s one billion? That’s about the number of possible permutations of the Social Security number. Which begs the question: What happens to an SSN when someone kicks the bucket? Currently, SSN’s are never repeated when they’re issued by the Social Security Administration. As of June 2011, the SSA made the issuance entirely random (previously, for example, the first three numbers were determined by place of birth). With nearly a billion permutat…

Beware of scary WiFi Virus

…t came from a laboratory, cultivated at the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics. Chameleon leaps from one WiFi access point to another. And the more access points that are concentrated in a given area (think of them almost like receptor sites), the more this virus gets to hop around and spread infection. The scientists behind this creation have discovered that the more dense a population…

Social Media Identity Theft leads to Arrest

Are you one who believes you’re too smart, too savvy, to get your identity stolen in the social media world? Nobody thinks this will happen to them, and Stephanie Francis, 24, was no exception to that way of thinking. A report from firstcoastnews.com that the Jacksonville, Florida woman claims her identity was stolen—on social media of all places—and that the thief used it to create a phony Facebook account. This is interesting because there’s p…

Mobile Employees Are a Security Risk

…onduct business, they should also embrace the responsibility that comes with the use of these devices—that of being willing to learn how to keep the sensitive data that’s stored in these devices safe, and also being willing to learn how to recognize social engineering and other cyber criminal tricks. Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures….

‘Tis the Season for the 12 Scams of the Holidays

…at money and personal information floating around, they have a big opportunity. Using techniques like phishing, social engineering, fake charities and infected USB drives, cybercriminals can invade your privacy and drain your bank account. Don’t let these hackers and thieves dampen your holiday cheer. To help you stay safe this season, McAfee has compiled a list of the 12 Scams of the Holidays. Check it out and educate yourself on what scams you…

College bound kids: protect your identity

…erent password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters. Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot,…

What Is a Trojan Horse?

…hen you receive suspicious emails Remember that Trojans are common because they are so successful. Hackers use social engineering techniques, such as mentioning a current news topic or popular celebrity, to get you to click on their email. Just being aware of what they are and how they work can prevent you from having to deal with financial loss, identity theft, damage to your computer, and significant downtime. Robert Siciliano is an Online Sec…

6 Ways to prevent Social Engineering Attacks

…n. A lot of it occurs because people can be so easily tricked into giving up personal information: the craft of social engineering. Example: “Download this video of Kim K fully naked!” How many men would be lured into clicking this gateway to a viral infection? We are a sad species. The victim isn’t always a goofball like this. They can be a tech support agent tricked into resetting a password and handing it over. Often, the victims don’t even kn…

Identity thieves bombarding Call Centers

…wo weeks prior to actual attacks. Many companies also believe that most attacks result from malware rather than social engineering: the tricking of victims into revealing sensitive data. The targets include the staff of the call centers, who are often conned into allowing these smooth-talking worms to get under any door. When businesses focus on the theory that most of these problems are from malicious software, this opens up a huge door for the…

8 Ways to bullet proof your Social Accounts

…ice, then pose as you in your Facebook account. #2 Log out. Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out. #3 Remove apps you don’t use. If your accounts like Facebook and Twi…

10 Tips to Protect Yourself on Social Networks

…the prevalence of mobile devices, more than ever, it’s easy for us to share our lives with the world. And yes, social networks are all about staying in touch with friends and family, and sharing events in your life, but perhaps it’s too easy to share information? With just a few clicks, posts and messages, you could give away enough personal information to compromise your privacy and even open yourself up to identity theft. So that’s why it’s cr…

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation. In our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financi…

social_engineering

15 Small-Business Social Network Nightmares

You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense. Can you think of five social network nightmares you hope never happen to your business? How about 10? Well, I can top that, because there are at least 15 social network mishaps that can haunt a business owner. Here’s a closer look at 15 types of trouble you can encounter on Facebook, Twitter…

Protecting Your Business’s Data From Organized Crime

…lnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the…

7 Social Media Security Tips To Protect Your Business

…life could open your business to some serious dangers. Many small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues. Some companies restrict internal access. Others may prevent employees from having any corporate assoc…

Credit Card Theft increasing for Banks and Retailers

…40 percent of the top breaches were recorded. Insider mistakes or threats accounted for 31 percent of insiders. Social engineering was responsible for 29 percent of breaches. Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents. The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, fac…

7 Small Business Social Media Risks

Many executives are concerned about social media related risks (e.g., data security and ID theft), but far fewer actually have any social media training. A recent survey of executives puts the concerns into four categories: disclosure of confidential information; damaged brand reputation; ID theft; and legal and compliance violations. Another feature that the survey unveiled was that 71 percent of the participants believed that their company was…

How Data Breaches happen and how to respond

…An inside job. Employees (past or present) can commit data breaches. Also, an innocent employee is tricked by social engineering into revealing confidential information or giving out access to that information. Judgment lapse. An employee may leave data unprotected—not on purpose, but due to an oversight, making it easy prey for villains. Device loss. When a device that contains valuable data is lost or misplaced, a thief could get ahold of…

Stolen Identities are cheap on the Darknet

…to $300: hack a website $25 to $100: A hacker will steal all the data they can on a person or business by using social engineering or Trojan infiltration. $20: a thousand bots; and $250 will get you 15,000. $4 to $8: one stolen U.S. credit card account including CVV number ($18 for European accounts) What does all this mean to you? It means your identity is at risk. Update your PC with the most current antivirus, antispyware, antiphishing and…

IT Guys get duped Pretty Girl on Social Media

…them, making the assault more difficult to detect. Recap: The scam began from the ground up, inflating Emily’s social network till it enabled the attack team to suck in security personnel and executives. Most of the people who assisted Emily were men. A similar experiment using a fake male profile had no success. Preventing getting suckered into Social Media Scams For agencies and other organizations, social engineering awareness training is cr…

Lessons learned from a Password Attack

…erent sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft. Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit. Social engineering. This is when a thief tricks a user into r…

Oversharing on Social Media Common Amongst 50+

Thanks to social media, societal norms have undergone a seismic shift in the past five years. What was once considered private or even taboo is not only fair game, it’s expected. But this can have serious consequences from the ending of friendships to exposure to physical harm. I’ve talked about the concept of TMI or too much information and how social networking and mobile devices have made sharing so much easier and faster than ever before. Bu…

Socint: disseminating cybercrime through social intelligence

…times arrest. The arrest part is very interesting. Law enforcement and government are paying close attention to social media and what is being said. A man in Toronto posts on Twitter he’s looking for a drug dealer, provides a location for where he is, and says, “I need a spliff”—slang for marijuana—and the Toronto police respond, “Awesome, can we come too?” But it goes much deeper than that. NextGov.com reports, “Criminals, organized crime syndic…

ATMs and student numbers rise across the UAE

…universities including Amity, Heriot-Watt and IMT will add an additional 35 degrees in tourism and hospitality, engineering and accounting to their existing portfolio, bringing the total number of degrees to 355. Of the new courses, 11 will be undergraduate, 17 postgraduate and 7 PHD programmes. News of the new programmes follows a record year at DIAC, which has seen the likes of the University of Wollongong Dubai, Middlesex University and Amity…

Identity Thieves Go After the Deceased

…ens partly because of the availability of public records coupled with the time it takes for credit bureaus, the Social Security Administration, financial institutions and others to process a deceased person’s Social Security number (SSN) in their systems and close all current and future lines of credit. Many states’ vital statistics registries include Social Security numbers in their records and on their certified death certificates. Because thes…

Getting Cybersmart and Staying Dutifully Employed

…Force Association to inspire high school students toward careers in cybersecurity or other science, technology, engineering and mathematics (STEM) disciplines critical to our nation’s future. Maryland Cybersecurity Center (MC2): By targeting students as early as middle and high school, MC2 is stimulating early interest in the field of cybersecurity, providing students with the knowledge and preparation they need to be successful in their future p…

Social Media A Big Risk To Banks

…existing security technologies help protect the consumer and bank from human error like downloading a virus or social engineering tricks like clicking an infected link and alert us to a phish email. But no technology or even security or privacy policy can prevent someone from exposing all their life’s details on a social media site. When criminals target an organization like a bank they start by looking for vulnerabilities in the network infrast…

“Old” Malware Attacks Rising Significantly

…need to be proactive and protect your mobile devices with comprehensive security software and pay attention to social engineering attempts to get you to give up your personal information. Suspect URLs: Cybercriminals continued their movement away from botnets and towards drive-by downloads as the primary distribution mechanism for malware. At the end of March, the total number of suspect URLs tallied by McAfee Labs overtook 64.3 million, which r…

Why Your Employer Needs Social in the Workplace

Social media is the fifth form of mainstream media. It encompasses all media, making it the king of all media. At this point, most people know how to use social media and how to navigate the various websites. But many employers are still on the fence. Hootsuites’ CEO says, “The world’s top brands—like Pepsi, Virgin, NHL and American Express—[are] now embracing [social media] company-wide.” MarketingDonut reports, “One of the simplest ways to con…

5 Signs You Are About to be Scammed

…ery good at disguising their scams, so it’s often hard to recognize them. Scamming generally involves a form of social engineering. Social engineering is the act of manipulating people into performing actions or divulging confidential information. It relies on human interactions, such as trying to gain confidence of someone through trickery or deception for the purpose of information gathering, fraud, or device access. This can take many forms, b…

What Makes My Passwords Vulnerable?

…breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft. Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into d…

Social Media Security in the Workplace

Why someone would set up a fake social media profile? The answer correlates with news of cyber-attacks on businesses and other organizations being targeted with advanced persistent threats which has risen sharply over the past two years. The Register reports “Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a techniq…

Social Media Security Risks for Small Business

…help protect consumers, banks and small businesses from human errors like accidentally downloading a virus, or social engineering tricks designed to fool targets into clicking infected links, by warning users about potentially dangerous webpages and phishing emails. But no computer security technology or privacy policy can prevent people and employees from exposing all their lives’ details on social media websites. When internet criminals target…

Yahoo! Hacked: 15 Tips To Better Password Security

…s,” “qwerty,” and “abc123.” Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information…

Identity Theft Still On the Rise

…ds, and websites like LinkedIn make it easy for criminals to gather additional intelligence in order to conduct social engineering scams. Meanwhile, smartphones have become the keys to many of our digital lives now that we use them for social media, online shopping, and online banking. Smartphone users are even more likely to be victimized if they neglect to password-protect their devices, which are often lost or stolen. Access to so much sensiti…

Cloud Computing Security: Small Business Data in the Cloud

…sters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering. Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict data security policies, military-grade encryption, and world-class data centers for optimal da…

Social Media Security Tips for Small Business

Corporations know there are long-term marketing benefits of social media and they also know the security issues with employees continue to be a problem. Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time. Follow these social media security tips for small business to prevent security issues: #1 Implement policies. Social media is a great platform for conn…

Protect Yourself from Vishing

…o populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.” Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing. Dumpster Diving: One time and tested “hack”…

Ghosting Identity Theft Scams

…counts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers. Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number. When a creditor issues credit based on these invented numbers and reports…

75 Million Unique Malware Samples By 2012

…are, total numbers are dropping but the severity of the threat and sophistication of the technique remain high. Social engineering: Subject lines used for social engineering spam messages vary depending on geography and language. Bait can include holidays or sporting events, and often differs by month or season. Attackers have shown remarkable insight into what works for specific people at specific times. Spam botnets: New spam botnet infections…

Security Beyond the Desktop

…s and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees. Educating employees on secure practices is not enough—organizations need to install a proper framework to empower and encourage employees to make a habit of using these practices. Mobile is everywhere: Mobile attacks are becoming more sophisticated every year. Instead of ren…

Holiday Phishers Use Social Media

Every social media website in existence depends on advertising for its survival, to some extent. Criminals exploit this by mimicking these familiar platforms when sending millions of phishing emails designed to entice users into clicking malicious links or visiting spoofed websites that resemble legitimate social media. They also create pages within popular social media that are infected with malware, or malicious links designed to infect the PC…

Social Security Number: All-Purpose Identifier

Your Social Security number was never meant to serve the various functions it is used for today. Over the past 70 years, the Social Security number has become our de facto national ID. The numbers were originally issued in the 1930s, to track income for Social Security benefits. But “functionality creep,” which occurs when an item, process, or procedure ends up serving a purpose it was never intended to perform, soon took effect. Banks, motor ve…

Human Security Weaker Than IT Security

…lso need to start thinking about avoiding Jedi mind tricks. Within the security world, these cons are known as “social engineering.” Whether you receive a phone call, an email, or a visitor at your home or office, always question those who present themselves in positions of authority. You should never automatically place your trust in a stranger. Within your own home or business, set clear guidelines regarding what information should or should no…

Social Web Loaded With Profile Misrepresentation

Social fakes” are invented profiles on social media (often referred to as profile misrepresentation), which can be used to harass or mock victims anonymously. But the more lucrative fake profile is one that imitates a legitimate business, damaging that business’s online reputation. The imposters’ ultimate goal? Spam leading to scams. Social-web security provider Impermium published the results of their recent analysis of the cost of social spa…

What to Look for In Cloud Security

…sters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering. Then there is Murphy, of Murphy’s Law: what can go wrong will go wrong. And with technology, there is much that can go wrong. CNET recently reported that Amazon’s cloud was down for almost two days. “In April, the cloud storage service experienced a two-day outage that brought many Web site operations to a halt. When…

Bill Would Remove Social Security Numbers From Medicare Cards

The most basic advice for protecting your own identity is to protect your Social Security number. The obvious solution is simply never to disclose your number, but this is silly, since, depending on your age, you have probably provided it to hundreds of people, on hundreds of forms. It now sits in hundreds of databases, accessible to thousands, and possibly even available for sale. 40 million Medicare subscribers currently have their Social Secu…

Myth: Apple Products Don’t Get Viruses

…e personal information, including banking details. Mac users are also equally susceptible to phishing and other social engineering scams, if not more so, since they may have an inflated sense of security that can lead to riskier behavior. It’s important for Mac users to be aware of these emerging threats and take the appropriate precautions. To avoid becoming a victim, download Mac updates as soon as they’re available, so you’re protected from th…

Device Intelligence Helps Stop Scammers Targeting Social Media Sites

We’ve heard this story before, but unfortunately it happens over and over again. Social media and dating sites are overrun with criminals who pose as legitimate, upstanding individuals, but are really wolves in sheep’s clothing. In Florida, a man named Martin Kahl met a 51-year-old woman and they developed an online romance. A quick search for the name “Martin Kahl” turns up many men with the same name and no obvious signs of trouble. This part…

Social Networking Security Awareness

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about. Most concerns revolve around online reputation management, identity theft, or physical security issues. Social networking creates a risk of posting content that will be damaging to yourself, your prof…

15 Tips To Better Password Security

…s,” “qwerty,” and “abc123.” Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information…

Judge Says Its OK to Post Social Security Numbers Online

…osting of personal information online. To make this point, she finds politicians’ personal information, usually Social Security numbers, on their own states’ websites, and republishes that information online. Publicly appointed government employees known as Clerks of Courts, County Clerks, or Registrars are responsible for handling and managing public records, including birth, death, marriage, court, property, and business filings for municipalit…

Consumer Fraud No Longer Shocking

…ion website, but then bring communications to outside email or phone. Once the target engages with the scammer, social engineering commences. Craigslist Scams: A scammer responds to a seller, claiming he wishes to purchase an item. He mails the seller a fake check for an amount in excess of the purchase price, with extra money included for shipping, and requests that the buyer deposit the check and then wire the payment to the shippers from the b…

Choosing an Enterprise eBanking Security Solution

…urity solution opens up new business opportunities. Today we worry about malware, spyware, root kits, phishing, social engineering, and a multitude of scams resulting in account takeover, new account fraud, and identity theft. It’s been less than a decade since the widespread use of broadband Internet took online commerce mainstream, and losses resulting from cyber fraud have already topped a trillion dollars. Enterprises under siege by criminal…

How Much Would You Pay For a Fake Girlfriend?

…ute. Not everyone can be sophisticated and worldly. Unfortunately, naiveté invites predators and victimization. Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. Essentially it’s a fancier, more technical form of lying. Combine naiveté with predators who use social engineering to manipulate their victims, and you get stories like this one, about an Illinois man who sent mor…

Top 5 Business Security Risks

…bank or credit card company may be hacked, and your sensitive data sold for the purposes of identity theft. 2. Social Engineering: This is the act of manipulating people into taking certain actions or disclosing sensitive information. It’s essentially a fancier, more technical form of lying. At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably…

Lawmakers Push To Shield Last 4 Social Security Numbers

Most of us have become accustomed to giving out the last four digits of our Social Security numbers. But this customary request is becoming increasingly problematic, and two Rhode Island lawmakers are responding by pushing legislation to stop businesses from asking for the last four digits of customers’ Social Security numbers. Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, incl…

Search Engine Doesn’t Need Kids SSN

…ed Doodle-4-Google, in which children can compete to design Google’s homepage logo, they requested contestants’ Social Security numbers in an effort to prevent duplicate entries. Americans have become accustomed to handing over the last four digits of their Social Security number as a password or identifier for various accounts and applications. But with the development of new technologies that have cracked the code for the distribution of Social

10 Social Media Security Considerations

Social media security issues involve identity theft, brand hijacking, privacy issues, online reputation management, and users’ physical security. Social media provides opportunities for criminals to “friend” their potential victims, creating a false sense of trust they can use against their victims through phishing or other scams. Register your full name on the most trafficked social media sites, and do the same for your spouse and kids. If your…

Check Your Password Security

…ced with a little research. Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information…

Social Security Numbers Easily Cracked

It is easier than ever to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft. Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. Original…

10 Types of Criminal Social Media Impersonators

…steals a name or brand that has leverage, such as an employee, celebrity, or Fortune 500 company, as a form of social engineering, in order to obtain privileged access. 8.    An impersonator may be obsessed with you or your brand and simply wants to be associated with you. 9. An impersonator might parody you or your brand by creating a tongue-in-cheek website that might be funny and obviously spoofed, but will most likely not be funny to you. 10…

Man Arrested For Stealing 15,000 Social Security Numbers

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using the numbers to open new financial accounts. Criminals use stolen Social Security numbers to obtain mobile phones, credit cards, and even bank loans. Some victims whose Social Security numbers fell into the hands of identity thieves have even had their mortgages refinanced and their equity stripped. WTEN.com reports an arrest has been ma…

Cross-Site Scripting Criminal Hacks

…g said, after messing with default browser or program settings, the reduced functionality may impede your ability to do anything online. The trick is to have the most updated security software and to avoid social engineering scams that ask you to click links or copy code. Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)…

Top 5 Vishing Techniques

…o populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.” Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing. Dumpster Diving: One time and tested “hack”…

Using Social Media Passwords With Critical Accounts

For some social networking sites, security is not a top priority. Some do not protect your data with the same vigilance you could expect from your bank, for example. Nor do social media require strong passwords. And if you use the same passwords for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well. Last year, 32 million passwords were posted on…

Americans Waking Up to Social Media Privacy

There have been thousands of privacy related news reports over the past year depicting social networks, Google, marketers and advertisers as evil privacy violators who are slowly sucking dry whatever privacy we have left. Facebook has been raked over the coals by advocates and watchdogs who say their tactics violate their own policies. In response, numerous lawsuits have been filed and government agencies have put the pressure on everyone involv…

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

I feel like my head is going to explode. The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.” The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many p…

Leaked Social Security Numbers Put “Personal Security and Safety at Risk”

…ublican Congressional candidate, is speaking out after a mailing from the Florida Democratic Party releases his Social Security number and his wife’s federal employee number. “It’s an attack against me and I think it shows the weakness of the character of Ron Klein and definitely the Florida Democratic party, to put a person’s personal security and safety at risk,” said West, “And also affects my family as well.” The Florida Democratic Party resp…

IRS Fully Reliant on Social Security Numbers

…n the Policy, Practice & Procedures page of their website, the IRS addresses the public’s concern regarding Social Security numbers on checks: “Complete Social Security Numbers (SSN) on Checks or Money Orders Remitted to IRS Issue: Tax Professionals and clients have concerns about taxpayers putting their full SSN on checks remitted to IRS in payment of a balance due. Page 74 of the Form 1040 instructions directs taxpayers to put their full SS…

McAfee Reveals the Top Ten Most Dangerous Places to Leave Your Social Security Number

…expert, on behalf of McAfee Cases of identity theft are skyrocketing, and 32% of all ID theft victims had their social security number compromised according to Javelin’s 2010 Identity Fraud Survey Report.  In honor of National Identity Protection week, McAfee set out to reveal the most dangerous places to leave your social security number. When your Social Security number is used to commit fraud, it feels very personal. It can take hundreds of ho…

Seminar to Feature ISECOM’s OSSTMM v3

…ections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases. On the origins of the OSSTMM, Pete Herzog wrote that, “in the research for factual security…

7 Ways to Combat Scareware

…oad their crappy software. Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure. The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote acce…

Social Media is a Criminals Playground

Social media has become a playground for adults, teens, and tweens. And like on any playground, when you hit the jungle gym or horseplay on the seesaw, there is always a chance that you may go home with an egg on your forehead. Or, if you are like me, a broken collarbone. Twitter and Facebook have become the most popular sites for frolicking, and the most popular sites for identity thieves — the bullies in the playground. These criminal hackers…

Women Proved “Securest” in the Defcon Social Engineering Game

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women who gave up zero data to the social engineers. Computerworld reports, “Contestants targeted 17…

Police Warn Burglars Are Using Social Networks

…For a few years now I’ve been warning people about how vulnerable they are when they post their whereabouts in social media. And it looks like the bad-guy figured it out and is taking advantage of peoples’ naiveté. In Nashua, NH, police busted a bunch of burglars they say used Facebook as a tool to gather intelligence on who is home and who is not home. “ Police said they recovered between $100,000 and $200,000 worth of stolen property as a res…

Seven Social Media Landmines to Watch Out For

…tle with LedZeppelin.com that I regret, but that’s another story. Today that same battle is being played out in social media. Anyone can register any brand or likeness on social media with very little difficulty, and it’s free. Once the scammer owns your name, they can pose as you, blog as you, and comment as you. The basis of much of this social media identity theft, or “impostering,” revolves around social engineering. When a profile claims to…

What is “Social Registration”?

Social media has evolved into the fifth major form of media: print, radio, television, Internet, social. While social media functions on the Internet, there’s no denying that it is its own platform. It encompasses most forms of media in one tight and neat package. Some social networking sites have more users than number of residents in some countries. In the process of this explosive growth, a few social networking websites like Facebook, Twitt…

Stealing Secrets: Telling Lies Over the Phone

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon) I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. At the recent Defcon event, social engineers proved that it doesn’t take much more than asking to get the necessary information that may lead to penetrating a person’s computer. Social engineering is a…

Researcher Proves Your Friend Isn’t Your Friend

…personal information with a fictitious Navy cyberthreat analyst named ‘Robin Sage,’ whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.” Apparently, one of the easiest ways to gain acceptance as a trusted colleague is to be an attractive woman. I recently wrote about “Sandra Appiah,” a curvy lady who sent me a friend request. She had already friended two of my budd…

Social Engineering Security

Toddler Used As Decoy in Burglaries

…oit human characteristics such as greed and dishonesty, and have victimized individuals from all walks of life. Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never…

10 Ways to Prevent Social Media Scams

The trouble with social media revolves around identity theft, brand hijacking and privacy issues.  The opportunity social media creates for criminals is to “friend” their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams. It was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and beg…

Summer Heat: On-line Dating Scams PT II

…217;t know when. So he needed to buy networking equipment to complete a huge project he was working on for Nova Engineering Place. When he finished he would be paid $800,000 and have to paid 10 employees 40k each. But he needed $8k now to buy this equipment. He said I shouldn’t worry because he would pay be right back either when the bank released the hold on his account or when he was paid for the project. I told him I didn’t have th…

Identity Theft – Common Consumer Errors

…had climbed the ranks from sales to broker/owner and oversaw dozens of employees. A former boyfriend stole her Social Security number and his new girlfriend used it to assume her identity. Over the course of five years the ex-boyfriend and his new girlfriend traveled the world on stolen credit and destroyed the real estate agent’s ability to buy and sell property. Her real estate license was suspended and her life was turned upside down. Awarene…

Hackers Play "Social Engineering Capture The Flag" At Defcon

Social engineering is a fancier, more technical form of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to identify and resist the more common attempts to…

Published Articles

…tp://robertsiciliano.vox.com/library/post/fake-bp-twitter-account-in-response-to-spill-httpowly1pyx5-results-in-social-media-identity-the.html?_c=feed-atom http://www.homesafetyproductsreview.com/24188/10-home-security-tips-you-never-thought-of-2/ http://knowem.com/blog/2010/05/25/fake-bp-twitter-account-in-response-to-spill/ http://www.huffingtonpost.com/robert-siciliano/home-security-stalker-fra_b_588366.html http://blogs.transworldnews.com/Rob…

Scareware Incorporates Customer Service

…it immediately for $49.95. Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure. The rougue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remo…

Parents Navigating the Social Media Mess

…At one point political correctness crept into our culture and the fear of a child calling the Department of Social Services (DSS) on their parents because of a deserved fanny smack sent a cold chill down every parent’s spine. I’m certainly not saying it’s OK to beat your kids, or cage them for that matter. And when a child has zero fear of a parent, they tend to walk all over them. It’s in their nature to manipulate until they get their w…

Self-revelation Can Help Assemble a Social Security Number

…not done nor will I ever be done sounding that alarm, ringing that bell and informing you about how ridiculous social media is. I was asked in a radio interview today what it will take to get people to recognize they are sharing too much data. In a word, tragedy . When a home is broken into, they install a home security alarm . When someone is mugged, they take a self defense course. When planes fly into buildings, we get frisked. Being smar…

Social Media Security: Using Facebook to Steal Company Data

…com. He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his companie’s Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers’ network. Steve says: – Officially sponsor the social netw…

Is That Portable Device a Data Hazard?

…t are an issue. Found ones can be scary too. Dark reading reports an oldie but goodie from Steve Stasiukonis, a social engineering master, he says those thumb drives can turn external threats into internal ones in two easy steps. When hired to penetrate a network he says “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Troja…

National Identity Card Focuses on US Workers & Immigrants

…too many forms of identification floati ng around right now that lack standards an d overall security. The Social Security card is currently our national identification card that’s not supposed to be used for identification. From a NY Times article from 1998 it states: WASHINGTON — FOR many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identificatio…

Social Media Security in a Corporate Setting

…ter for the IT manager.  While corporations are still trying to figure out the  long term marketing benefits of social media, the security issues faced are a right now a problem. Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time. All of a sudden we’ve gone from print media, radio, television, Internet and now social media. This isn’t a fad or craze th…

Hacking Humans Naiveté

…ure to do so. Control and money top the list of motivations. In the world of Information Security the “how” is “social engineering”. Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying). Social engineering or “social penetration” techniques are used to bypass sophistic…

The State of Information Security Sucks

…ave much trouble getting in. The hacks may have occurred via unsecured wireless networks, SQL injections or via social engineering though a phishing email with infected links. While IT security professionals and white-hat hackers are fighting the battle with newer, better, faster, more robust technologies to keep the bad-guy out, the bad guy still gets in via the path of least resistance, which may be human error, laziness or a zero-day attack co…

Search Engines Link to Malware in Social Media Search

…Expert Now that the 3 major search engines Google, Bing and Yahoo index real-time search for Twitter and other social networks, consumers must be aware that not all relevant search is a safe click. Scammers and identity thieves see this as real-time free advertising for their malware. When news breaks, the social media is now considered a trusted source for cutting edge information. The search engines trust that data and place those keyword sear…

Diploma Mills Facilitate Identity Theft

…rofessional or used to assist as a breeder document leading to “real” fake ID’s. A fake diploma is an effective social engineering tool used to gain access to your corporate networks. From Wikipedia “A diploma mill (also known as a degree mill) is an organization that awards academic degrees and diplomas with substandard or no academic study and without recognition by official educational accrediting bodies. The purchaser can then claim to hold a…

 

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in