Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Advisory Boards

Social Engineering Security

Mobile Employees Are a Security Risk

Not too long ago, the office computer filled an entire room. Now, it fills the palms of one-third of employees—those workers who use only the mobile device for their jobs. Security, however, lags behind in keeping up with this growing trend. This is the BYOD generation: bring your own device (to work). IT departments need to keep one step ahead of this fast-growing trend. It’s here to stay, and one reason is because it’s responsible for signific…

‘Tis the Season for the 12 Scams of the Holidays

Fa la la la la, la la la la. Yes that’s me singing, but thank goodness you can’t really hear me (I save that for the shower). If you can believe it, it’s that time of the year again (even though it seems like we just finished Halloween). Time for holiday parties, family traditions, ugly sweaters, and… scams? Yes, that’s right. Now that the holiday season has begun, many of us are sharing, shopping and booking travel online— even more than we nor…

College bound kids: protect your identity

…ferent password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters. Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot…

What Is a Trojan Horse?

…when you receive suspicious emails Remember that Trojans are common because they are so successful. Hackers use social engineering techniques, such as mentioning a current news topic or popular celebrity, to get you to click on their email. Just being aware of what they are and how they work can prevent you from having to deal with financial loss, identity theft, damage to your computer, and significant downtime. Robert Siciliano is an Online Se…

6 Ways to prevent Social Engineering Attacks

…ve dashboards that show where you’re logged in and what tools or apps are connected. This includes financial and social media accounts. Beware of emails coming from anyone, for any reason that require you to click links for any reason. Social engineering via email is one of the true successful ways to con someone. Just be ridiculously aware. Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft preven…

Identity thieves bombarding Call Centers

…two weeks prior to actual attacks. Many companies also believe that most attacks result from malware rather than social engineering: the tricking of victims into revealing sensitive data. The targets include the staff of the call centers, who are often conned into allowing these smooth-talking worms to get under any door. When businesses focus on the theory that most of these problems are from malicious software, this opens up a huge door for the…

8 Ways to bullet proof your Social Accounts

…vice, then pose as you in your Facebook account. #2 Log out. Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out. #3 Remove apps you don’t use. If your accounts like Facebook and Tw…

10 Tips to Protect Yourself on Social Networks

…d check them regularly in case there are any changes. Be aware of the fact that the information you share on one social network may be linked to another: For instance, a photo you post to Twitter may automatically post to your Facebook profile. Don’t reveal personal information: Be suspicious of anyone who asks for your personal information online and never share your home address, phone number, Social Security number, or other personal identifyi…

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation. In our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financi…

social_engineering

15 Small-Business Social Network Nightmares

You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense. Can you think of five social network nightmares you hope never happen to your business? How about 10? Well, I can top that, because there are at least 15 social network mishaps that can haunt a business owner. Here’s a closer look at 15 types of trouble you can encounter on Facebook, Twitter…

Protecting Your Business’s Data From Organized Crime

…ulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on th…

7 Social Media Security Tips To Protect Your Business

…life could open your business to some serious dangers. Many small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues. Some companies restrict internal access. Others may prevent employees from having any corporate asso…

Credit Card Theft increasing for Banks and Retailers

…40 percent of the top breaches were recorded. Insider mistakes or threats accounted for 31 percent of insiders. Social engineering was responsible for 29 percent of breaches. Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents. The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, fa…

7 Small Business Social Media Risks

Many executives are concerned about social media related risks (e.g., data security and ID theft), but far fewer actually have any social media training. A recent survey of executives puts the concerns into four categories: disclosure of confidential information; damaged brand reputation; ID theft; and legal and compliance violations. Another feature that the survey unveiled was that 71 percent of the participants believed that their company was…

How Data Breaches happen and how to respond

…An inside job. Employees (past or present) can commit data breaches. Also, an innocent employee is tricked by social engineering into revealing confidential information or giving out access to that information. Judgment lapse. An employee may leave data unprotected—not on purpose, but due to an oversight, making it easy prey for villains. Device loss. When a device that contains valuable data is lost or misplaced, a thief could get ahold o…

Stolen Identities are cheap on the Darknet

…to $300: hack a website $25 to $100: A hacker will steal all the data they can on a person or business by using social engineering or Trojan infiltration. $20: a thousand bots; and $250 will get you 15,000. $4 to $8: one stolen U.S. credit card account including CVV number ($18 for European accounts) What does all this mean to you? It means your identity is at risk. Update your PC with the most current antivirus, antispyware, antiphishing and…

IT Guys get duped Pretty Girl on Social Media

…h them, making the assault more difficult to detect. Recap: The scam began from the ground up, inflating Emily’s social network till it enabled the attack team to suck in security personnel and executives. Most of the people who assisted Emily were men. A similar experiment using a fake male profile had no success. Preventing getting suckered into Social Media Scams For agencies and other organizations, social engineering awareness training is c…

Lessons learned from a Password Attack

…ferent sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft. Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit. Social engineering. This is when a thief tricks a user into…

Oversharing on Social Media Common Amongst 50+

Thanks to social media, societal norms have undergone a seismic shift in the past five years. What was once considered private or even taboo is not only fair game, it’s expected. But this can have serious consequences from the ending of friendships to exposure to physical harm. I’ve talked about the concept of TMI or too much information and how social networking and mobile devices have made sharing so much easier and faster than ever before. Bu…

Socint: disseminating cybercrime through social intelligence

…uch deeper than that. NextGov.com reports, “Criminals, organized crime syndicates, gangs and terrorists also use social media. They post information and share photos and videos, and terrorist groups use the tools to recruit new members, disseminate propaganda and solicit funds.” It seems the next stage to investigate and prevent crime is through social intelligence combined with social analytics, hence “Socint”. Continues NextGov.com: “Officials…

ATMs and student numbers rise across the UAE

The network of ATMs criss-crossing tourist hot-spots Dubai, Abu Dhabi and other popular destinations in the United Arab Emirates (UAE) is obvious testament to the huge strides taken in recent years by the Gulf country’s dynamic and expanding banking industry. However, there’s another sector that has rapidly grown, too, and it’s a success story that’s almost gone unnoticed. The sector in question is education. A recent rep…

Identity Thieves Go After the Deceased

…pens partly because of the availability of public records coupled with the time it takes for credit bureaus, the Social Security Administration, financial institutions and others to process a deceased person’s Social Security number (SSN) in their systems and close all current and future lines of credit. Many states’ vital statistics registries include Social Security numbers in their records and on their certified death certificates. Because the…

Getting Cybersmart and Staying Dutifully Employed

Knowing what I know today, if a 15-year-old asked me what she should be when she grows up, I’d say cybersecurity professional. The unfortunate fact is that bad guys are everywhere—and if you are in the security industry, bad guys are good for business. There are many ways and resources for people, especially young adults, to become cybersmart. It’s more than a trend; it’s an up-and-coming career area. USA Today reports, “For younger people, ther…

Social Media A Big Risk To Banks

…e existing security technologies help protect the consumer and bank from human error like downloading a virus or social engineering tricks like clicking an infected link and alert us to a phish email. But no technology or even security or privacy policy can prevent someone from exposing all their life’s details on a social media site. When criminals target an organization like a bank they start by looking for vulnerabilities in the network infras…

“Old” Malware Attacks Rising Significantly

…k, set in the fourth quarter of 2009. The resurgence demonstrates that the cybercriminal community believes that social networking users constitute a very target-rich environment of potential victims. To avoid falling victim make sure you are careful of what links you click on in social media sites—don’t fall for those too good to be true deals! Mobile Malware:  Android malware continued to skyrocket, increasing by 40% in Q1. Almost 30% of all mo…

Why Your Employer Needs Social in the Workplace

Social media is the fifth form of mainstream media. It encompasses all media, making it the king of all media. At this point, most people know how to use social media and how to navigate the various websites. But many employers are still on the fence. Hootsuites’ CEO says, “The world’s top brands—like Pepsi, Virgin, NHL and American Express—[are] now embracing [social media] company-wide.” MarketingDonut reports, “One of the simplest ways to con…

5 Signs You Are About to be Scammed

…very good at disguising their scams, so it’s often hard to recognize them. Scamming generally involves a form of social engineering. Social engineering is the act of manipulating people into performing actions or divulging confidential information. It relies on human interactions, such as trying to gain confidence of someone through trickery or deception for the purpose of information gathering, fraud, or device access. This can take many forms,…

What Makes My Passwords Vulnerable?

…t breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft. Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into…

Social Media Security in the Workplace

Why someone would set up a fake social media profile? The answer correlates with news of cyber-attacks on businesses and other organizations being targeted with advanced persistent threats which has risen sharply over the past two years. The Register reports “Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a techniq…

Social Media Security Risks for Small Business

…s help protect consumers, banks and small businesses from human errors like accidentally downloading a virus, or social engineering tricks designed to fool targets into clicking infected links, by warning users about potentially dangerous webpages and phishing emails. But no computer security technology or privacy policy can prevent people and employees from exposing all their lives’ details on social media websites. When internet criminals targe…

Yahoo! Hacked: 15 Tips To Better Password Security

…ss,” “qwerty,” and “abc123.” Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential informatio…

Identity Theft Still On the Rise

…rds, and websites like LinkedIn make it easy for criminals to gather additional intelligence in order to conduct social engineering scams. Meanwhile, smartphones have become the keys to many of our digital lives now that we use them for social media, online shopping, and online banking. Smartphone users are even more likely to be victimized if they neglect to password-protect their devices, which are often lost or stolen. Access to so much sensit…

Cloud Computing Security: Small Business Data in the Cloud

…asters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering. Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict data security policies, military-grade encryption, and world-class data centers for optimal d…

Social Media Security Tips for Small Business

Corporations know there are long-term marketing benefits of social media and they also know the security issues with employees continue to be a problem. Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time. Follow these social media security tips for small business to prevent security issues: #1 Implement policies. Social media is a great platform for conn…

Protect Yourself from Vishing

…to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.” Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing. Dumpster Diving: One time and tested “hack”…

Ghosting Identity Theft Scams

…ccounts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers. Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number. When a creditor issues credit based on these invented numbers and reports…

75 Million Unique Malware Samples By 2012

…ware, total numbers are dropping but the severity of the threat and sophistication of the technique remain high. Social engineering: Subject lines used for social engineering spam messages vary depending on geography and language. Bait can include holidays or sporting events, and often differs by month or season. Attackers have shown remarkable insight into what works for specific people at specific times. Spam botnets: New spam botnet infections…

Security Beyond the Desktop

…ks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees. Educating employees on secure practices is not enough—organizations need to install a proper framework to empower and encourage employees to make a habit of using these practices. Mobile is everywhere: Mobile attacks are becoming more sophisticated every year. Instead of re…

Holiday Phishers Use Social Media

Every social media website in existence depends on advertising for its survival, to some extent. Criminals exploit this by mimicking these familiar platforms when sending millions of phishing emails designed to entice users into clicking malicious links or visiting spoofed websites that resemble legitimate social media. They also create pages within popular social media that are infected with malware, or malicious links designed to infect the PC…

Social Security Number: All-Purpose Identifier

Your Social Security number was never meant to serve the various functions it is used for today. Over the past 70 years, the Social Security number has become our de facto national ID. The numbers were originally issued in the 1930s, to track income for Social Security benefits. But “functionality creep,” which occurs when an item, process, or procedure ends up serving a purpose it was never intended to perform, soon took effect. Banks, motor ve…

Human Security Weaker Than IT Security

Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement. Despite the amount of criminal hacking that goes on, users who effectively implement the appropriate measures and refrain from risky behaviors enjoy relative security. The Wall…

Social Web Loaded With Profile Misrepresentation

Social fakes” are invented profiles on social media (often referred to as profile misrepresentation), which can be used to harass or mock victims anonymously. But the more lucrative fake profile is one that imitates a legitimate business, damaging that business’s online reputation. The imposters’ ultimate goal? Spam leading to scams. Social-web security provider Impermium published the results of their recent analysis of the cost of social spa…

What to Look for In Cloud Security

…asters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering. Then there is Murphy, of Murphy’s Law: what can go wrong will go wrong. And with technology, there is much that can go wrong. CNET recently reported that Amazon’s cloud was down for almost two days. “In April, the cloud storage service experienced a two-day outage that brought many Web site operations to a halt. Whe…

Bill Would Remove Social Security Numbers From Medicare Cards

The most basic advice for protecting your own identity is to protect your Social Security number. The obvious solution is simply never to disclose your number, but this is silly, since, depending on your age, you have probably provided it to hundreds of people, on hundreds of forms. It now sits in hundreds of databases, accessible to thousands, and possibly even available for sale. 40 million Medicare subscribers currently have their Social Secu…

Myth: Apple Products Don’t Get Viruses

…se personal information, including banking details. Mac users are also equally susceptible to phishing and other social engineering scams, if not more so, since they may have an inflated sense of security that can lead to riskier behavior. It’s important for Mac users to be aware of these emerging threats and take the appropriate precautions. To avoid becoming a victim, download Mac updates as soon as they’re available, so you’re protected from t…

Device Intelligence Helps Stop Scammers Targeting Social Media Sites

…oney wire transfer (red flag). All told, she sent the scammer at least $15,000 during their relationship. Sadly, social media sites can do more to protect their users, and should take advantage of information that readily exists for them to use — the known reputations on over 650 million devices in iovation’s device reputation knowledge base. Computers that are new to these social networks dealing with scammers and spammers are rarely new t…

Social Networking Security Awareness

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about. Most concerns revolve around online reputation management, identity theft, or physical security issues. Social networking creates a risk of posting content that will be damaging to yourself, your prof…

15 Tips To Better Password Security

…ss,” “qwerty,” and “abc123.” Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential informatio…

Judge Says Its OK to Post Social Security Numbers Online

…cords by federal agencies. Over the years, many have interpreted this law to allow public information, including Social Security numbers, to be posted online. I’ve seen Social Security numbers for Jeb Bush, Colin Powell, former CIA Director Porter Goss, Troy Aiken, and Donald Trump, all published on the Internet. Ostergren so embarrassed the Virginia lawmakers that they passed a law known by some as the “anti-B.J. law,” prohibiting her from doing…

Consumer Fraud No Longer Shocking

…tion website, but then bring communications to outside email or phone. Once the target engages with the scammer, social engineering commences. Craigslist Scams: A scammer responds to a seller, claiming he wishes to purchase an item. He mails the seller a fake check for an amount in excess of the purchase price, with extra money included for shipping, and requests that the buyer deposit the check and then wire the payment to the shippers from the…

Choosing an Enterprise eBanking Security Solution

…curity solution opens up new business opportunities. Today we worry about malware, spyware, root kits, phishing, social engineering, and a multitude of scams resulting in account takeover, new account fraud, and identity theft. It’s been less than a decade since the widespread use of broadband Internet took online commerce mainstream, and losses resulting from cyber fraud have already topped a trillion dollars. Enterprises under siege by criminal…

How Much Would You Pay For a Fake Girlfriend?

…nute. Not everyone can be sophisticated and worldly. Unfortunately, naiveté invites predators and victimization. Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. Essentially it’s a fancier, more technical form of lying. Combine naiveté with predators who use social engineering to manipulate their victims, and you get stories like this one, about an Illinois man who sent mo…

Top 5 Business Security Risks

…ince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information. All five holdouts were women who gave up zero data to the social engineers. 3. Failure to Log Out: Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or,…

Lawmakers Push To Shield Last 4 Social Security Numbers

Most of us have become accustomed to giving out the last four digits of our Social Security numbers. But this customary request is becoming increasingly problematic, and two Rhode Island lawmakers are responding by pushing legislation to stop businesses from asking for the last four digits of customers’ Social Security numbers. Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, incl…

Search Engine Doesn’t Need Kids SSN

…hed Doodle-4-Google, in which children can compete to design Google’s homepage logo, they requested contestants’ Social Security numbers in an effort to prevent duplicate entries. Americans have become accustomed to handing over the last four digits of their Social Security number as a password or identifier for various accounts and applications. But with the development of new technologies that have cracked the code for the distribution of Socia…

10 Social Media Security Considerations

Social media security issues involve identity theft, brand hijacking, privacy issues, online reputation management, and users’ physical security. Social media provides opportunities for criminals to “friend” their potential victims, creating a false sense of trust they can use against their victims through phishing or other scams. Register your full name on the most trafficked social media sites, and do the same for your spouse and kids. If your…

Check Your Password Security

…uced with a little research. Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential informatio…

Social Security Numbers Easily Cracked

It is easier than ever to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft. Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. Original…

10 Types of Criminal Social Media Impersonators

Social media is the fifth form of mainstream media. At this point, most people know how to use social media, and how to navigate the various websites. But what most users don’t yet realize is how social media can be used against them. Social media identity theft occurs for a number of reasons. 1.    An online impersonator may attempt to steal your clients or potential clients. 2.    Impersonators may squat on your name or brand, hoping to profit…

Man Arrested For Stealing 15,000 Social Security Numbers

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using the numbers to open new financial accounts. Criminals use stolen Social Security numbers to obtain mobile phones, credit cards, and even bank loans. Some victims whose Social Security numbers fell into the hands of identity thieves have even had their mortgages refinanced and their equity stripped. WTEN.com reports an arrest has been ma…

Cross-Site Scripting Criminal Hacks

Secure computing requires an ongoing process, as you learn about risks and then implement processes and technology to protect yourself. Without a concerted effort to defend your data, you will almost certainly by victimized by some type of cyber-invasion. JavaScript is everywhere, making the Internet pretty and most websites user friendly. Unfortunately, hackers have learned to manipulate this ubiquitous technology for personal gain. Java can be…

Top 5 Vishing Techniques

…to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.” Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing. Dumpster Diving: One time and tested “hack”…

Using Social Media Passwords With Critical Accounts

For some social networking sites, security is not a top priority. Some do not protect your data with the same vigilance you could expect from your bank, for example. Nor do social media require strong passwords. And if you use the same passwords for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well. Last year, 32 million passwords were posted on…

Americans Waking Up to Social Media Privacy

There have been thousands of privacy related news reports over the past year depicting social networks, Google, marketers and advertisers as evil privacy violators who are slowly sucking dry whatever privacy we have left. Facebook has been raked over the coals by advocates and watchdogs who say their tactics violate their own policies. In response, numerous lawsuits have been filed and government agencies have put the pressure on everyone involv…

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

I feel like my head is going to explode. The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.” The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many p…

Leaked Social Security Numbers Put “Personal Security and Safety at Risk”

…ing, but West says he will not accept their money. Meanwhile, in Virginia, a judge has ruled it is legal to post Social Security numbers on websites. Every city, state, and town has its own set of regulations determining the collection and management of public records, including birth, death, marriage, court, property, and business filings. Many of these documents include Social Security numbers. And many are posted on the Internet. The Privacy A…

IRS Fully Reliant on Social Security Numbers

…On the Policy, Practice & Procedures page of their website, the IRS addresses the public’s concern regarding Social Security numbers on checks: “Complete Social Security Numbers (SSN) on Checks or Money Orders Remitted to IRS Issue: Tax Professionals and clients have concerns about taxpayers putting their full SSN on checks remitted to IRS in payment of a balance due. Page 74 of the Form 1040 instructions directs taxpayers to put their full S…

McAfee Reveals the Top Ten Most Dangerous Places to Leave Your Social Security Number

…expert, on behalf of McAfee Cases of identity theft are skyrocketing, and 32% of all ID theft victims had their social security number compromised according to Javelin’s 2010 Identity Fraud Survey Report.  In honor of National Identity Protection week, McAfee set out to reveal the most dangerous places to leave your social security number. When your Social Security number is used to commit fraud, it feels very personal. It can take hundreds of h…

Seminar to Feature ISECOM’s OSSTMM v3

…sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases. On the origins of the OSSTMM, Pete Herzog wrote that, “in the research for factual security…

7 Ways to Combat Scareware

…load their crappy software. Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure. The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote acc…

Social Media is a Criminals Playground

Social media has become a playground for adults, teens, and tweens. And like on any playground, when you hit the jungle gym or horseplay on the seesaw, there is always a chance that you may go home with an egg on your forehead. Or, if you are like me, a broken collarbone. Twitter and Facebook have become the most popular sites for frolicking, and the most popular sites for identity thieves — the bullies in the playground. These criminal hackers…

Women Proved “Securest” in the Defcon Social Engineering Game

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women who gave up zero data to the social engineers. Computerworld reports, “Contestants targeted 17…

Police Warn Burglars Are Using Social Networks

…tigation.  Police said there were 50 home burglaries in the city in August. Investigators said the suspects used social networking sites such as Facebook to identify victims who posted online that they would not be home at a certain time. “Be careful of what you post on these social networking sites,” said Capt. Ron Dickerson. “We know for a fact that some of these players, some of these criminals, were looking on these sites an…

Seven Social Media Landmines to Watch Out For

…ttle with LedZeppelin.com that I regret, but that’s another story. Today that same battle is being played out in social media. Anyone can register any brand or likeness on social media with very little difficulty, and it’s free. Once the scammer owns your name, they can pose as you, blog as you, and comment as you. The basis of much of this social media identity theft, or “impostering,” revolves around social engineering. When a profile claims to…

What is “Social Registration”?

Social media has evolved into the fifth major form of media: print, radio, television, Internet, social. While social media functions on the Internet, there’s no denying that it is its own platform. It encompasses most forms of media in one tight and neat package. Some social networking sites have more users than number of residents in some countries. In the process of this explosive growth, a few social networking websites like Facebook, Twitt…

Stealing Secrets: Telling Lies Over the Phone

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon) I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. At the recent Defcon event, social engineers proved that it doesn’t take much more than asking to get the necessary information that may lead to penetrating a person’s computer. Social engineering is a…

Researcher Proves Your Friend Isn’t Your Friend

…g personal information with a fictitious Navy cyberthreat analyst named ‘Robin Sage,’ whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.” Apparently, one of the easiest ways to gain acceptance as a trusted colleague is to be an attractive woman. I recently wrote about “Sandra Appiah,” a curvy lady who sent me a friend request. She had already friended two of my bud…

Social Engineering Security

Toddler Used As Decoy in Burglaries

…loit human characteristics such as greed and dishonesty, and have victimized individuals from all walks of life. Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never…

10 Ways to Prevent Social Media Scams

The trouble with social media revolves around identity theft, brand hijacking and privacy issues.  The opportunity social media creates for criminals is to “friend” their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams. It was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and beg…

Summer Heat: On-line Dating Scams PT II

After my recent post Summer Heat: On-line Dating Scams a reader responded with the following: “I just had a similar experience that you described in your blog “Summer Heat: On-line Dating Scams”. I had joined Plenty of Fish and upgraded my profile to have more exposure. I received an email from “exquisitedaddy” a few weeks ago. We started sending emails back and forth. Then he asked me to IM on Yahoo Messenger. His IM email address w…

Identity Theft – Common Consumer Errors

…. Her real estate license was suspended and her life was turned upside down. Awareness is key: Do you carry your Social Security number or a Social Security card in your wallet? Do you provide this number to anyone who asks for it? The most commonly dispensed advice in response to these questions is: don’t carry the card and don’t give out the number. But in reality, there are many times when you have to use your Social Security number. Because t…

Hackers Play "Social Engineering Capture The Flag" At Defcon

Social engineering is a fancier, more technical form of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to identify and resist the more common attempts to…

Published Articles

…site PleaseRobMe.com re-posts messages, gives location of users; expert says public “in dark” about social media networks) http://www.cbsnews.com/stories/2010/02/26/earlyshow/leisure/gamesgadgetsgizmos/main6246127.shtml (quoted February 2010 Social Media Messages Telling Too Much?) http://sondraroberts.wordpress.com/2010/02/24/excuse-me-can-you-respect-my-privacy/#comment-12 (quoted February 2010 Excuse me, can you respect my priva…

Scareware Incorporates Customer Service

…it immediately for $49.95. Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure. The rougue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live rem…

Stealing Identities of the Dead

…federal law that reformed welfare in the 1990’s also created a loophole that could allow swindlers to obtain the Social Security numbers of the recently deceased. In some state’s, Registry of Vital Records and Statistics include Social Security numbers on all certified death certificates. And anyone can obtain a death certificate from the registry for $18. Wired reports Identity thieves filed for $4 Million in tax refunds using names of living an…

Parents Navigating the Social Media Mess

Robert Siciliano Identity Theft Expert Children say and do things that make them vulnerable to dangers in the outside world. A parent can parent all day long and do everything possible to protect their kids from themselves, but a child’s persistence to have their way can wear a parent down. It’s a constant fight that makes a parent adopt a philosophy where they “pick their battles . ” Growing up, it wasn’t all that uncommon for a parent to…

Self-revelation Can Help Assemble a Social Security Number

…be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number. So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.” SearchSecurity.co m reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social

Social Media Security: Using Facebook to Steal Company Data

….com. He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his companie’s Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers’ network. Steve says: – Officially sponsor the social net…

Is That Portable Device a Data Hazard?

…at are an issue. Found ones can be scary too. Dark reading reports an oldie but goodie from Steve Stasiukonis, a social engineering master, he says those thumb drives can turn external threats into internal ones in two easy steps. When hired to penetrate a network he says “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Troj…

If You Want To Be an Identity Thief, Go To Jail

…prisoners to work while incarcerated, we question whether prisoners have a need to know other individuals’ Social Security numbers,” the audit says. “Allowing prisoners access to Social Security numbers increases the risk that individuals may improperly obtain and misuse (the data).” State s where prisoners have direct access to Social Security numbers : Alabama , Arkansas , Kansas , Nebraska , Oklahoma , South Dakot…

National Identity Card Focuses on US Workers & Immigrants

…too many forms of identification floati ng around right now that lack standards an d overall security. The Social Security card is currently our national identification card that’s not supposed to be used for identification. From a NY Times article from 1998 it states: WASHINGTON — FOR many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identificati…

Social Media Security in a Corporate Setting

…hter for the IT manager.  While corporations are still trying to figure out the  long term marketing benefits of social media, the security issues faced are a right now a problem. Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time. All of a sudden we’ve gone from print media, radio, television, Internet and now social media. This isn’t a fad or craze t…

Hacking Humans Naiveté

…do so. Control and money top the list of motivations. In the world of Information Security the “how” is “social engineering”. Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying). Social engineering or “social penetration” techniques are used to bypass sophisticated a…

The State of Information Security Sucks

…have much trouble getting in. The hacks may have occurred via unsecured wireless networks, SQL injections or via social engineering though a phishing email with infected links. While IT security professionals and white-hat hackers are fighting the battle with newer, better, faster, more robust technologies to keep the bad-guy out, the bad guy still gets in via the path of least resistance, which may be human error, laziness or a zero-day attack c…

Search Engines Link to Malware in Social Media Search

…t Expert Now that the 3 major search engines Google, Bing and Yahoo index real-time search for Twitter and other social networks, consumers must be aware that not all relevant search is a safe click. Scammers and identity thieves see this as real-time free advertising for their malware. When news breaks, the social media is now considered a trusted source for cutting edge information. The search engines trust that data and place those keyword sea…

Diploma Mills Facilitate Identity Theft

…professional or used to assist as a breeder document leading to “real” fake ID’s. A fake diploma is an effective social engineering tool used to gain access to your corporate networks. From Wikipedia “A diploma mill (also known as a degree mill) is an organization that awards academic degrees and diplomas with substandard or no academic study and without recognition by official educational accrediting bodies. The purchaser can then claim to hold…

10 Ways to Manage Your Online Social Media Reputation

Robert Siciliano Identity Theft Expert The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU. A colleague o…

Top 8 Worst Twitter Social Media Hacks

…l to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. Invest in social media protection @ Knowem.com Go to my website and get my FREE ebook on how to protect yourself from the bad guy. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft prot…

 

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in