Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Social Engineering Security

Case allows Employees to run amok on Social Media

…ease tweeting and delete the other tweets. Another violation on Chipotle’s part was the firing of Kennedy, who had refused to stop circulating a petition among coworkers after a manager ordered him to do so. Kennedy’s use of social media was a protected activity under the law, and so was his circulation of the petition. The establishment was ordered to reinstate Kennedy and pay him lost wages. Just what exactly was Chipotle’s rule about…

Be aware of all these Confidence Crimes

Criminals often rely on tricking their victims to gain access to their passwords and other account information. This act of tricking is called social engineering, also known as a confidence crime, and it comes in many forms. A type of phishing e-mail where the criminal targets someone specific is called spearphishing. The spearphishing e-mail will look very much like the typical company e-mail that the real person uses. Example: The thief sends…

Set Privacy on these Social Media Apps

…s not anonymous, thanks to geotagging. Go to your iPhone’s settings and change the location access to “Never.” Kik Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik. Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list. Don’t share usernames. Askfm This…

Phishing attacks Two-Factor Authentication

Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail. How a hacker circumvents two-factor authentication: First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile. Or sends a preliminary phishing e-mail tricking the recipient into revealing login credentials for an…

Social Engineering: How to steal Brand New iPhones from Apple

…. The solution would be for Apple to require a line of tops with a very distinct color pattern, and only two choices (short and long sleeved). The lesson here: Not everything or everyone appears to be what they actually are. Social engineering is a confidence crime. As long as the thief has your confidence either in person, over the phone or via email, you are likely to get scammed. Always be suspect. Always challenge what’s in front of you….

Parents: do You know your Teen’s Social Media Platforms?

With all the apps out there that individualize communication preferences among teens, such as limiting “sharing,” parents should still hold their breath. Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps. Temporary messages do not vanish forever. Are anonymous applications really anonymous? How temporary is…

Three Quarters of a Billion Records breached

…way, this translates to two million stolen or lost records every day. 2015 Breach Level Report 1,673 hacking incidents 398 were triggered from the inside of the attacked company: employees and even IT staff who were tricked (social engineering) by hackers into clicking on malicious links or attachments Government agencies suffered the greatest data leaks. Following that were nation states and healthcare enterprises (remember the big Anthem…

Look out for Shipping E-mail Phishing Scams

…ing the e-mail. Usually, the message is that the delivery has failed, and the recipient is tricked into clicking on an attachment or a link. And that’s when malware gets downloaded to their computer. This technique is called social engineering: tricking people into doing things they shouldn’t. People are too quick to click. I wonder how many of these clicker-happy people ever even gave their e-mail address to UPS. The last time I sent something…

Stop being a blabber on Social Media

…ew thing she’s bragging about, then getting worked up with anger that you can’t match this, such as a new sports car. Solutions Set a timer out for, say, 30 minutes a day, and that’s your limit on Facebook and Twitter. Avoid social media for one week to kill your hunger for obsessing over a family member’s bigger house, fancier car and more prestigious job. Set your privacy settings on high. Stop making inane posts about everything that happens…

Burglars Use Social to target Victims

…tues of Google Street View. 54 percent pointed out how risky it is for social media users to reveal their whereabouts and status. 80 percent said a home alarm system would scare them away. So with everyone and his brother on social media, why wouldn’t burglars also jump on this bandwagon? Why Burglars Love Social Media People share every detail of their vacation—while on vacation. If there’s a photo of you sipping a margarita in Cancun, a…

Sales Staff Targeted by Cyber Criminals

…ter and customer service personnel. People tend to think that the company’s executives are at greatest risk, but look no further than sales, call center and customer service departments as the employees who are most prone to social engineering. It’s not unheard of for businesses to overlook the training of sales employees and other non-technical staff in cybersecurity. Saving costs explains this in some cases, but so does the myth that…

What is a Hacker?

…rts who specialize in penetration testing and other testing methodologies to ensure that a company’s information systems are secure. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas. Gray hat hackers These are skilled hackers who sometimes act legally, sometimes in good will and sometimes…

Finding out which Employees keep clicking on Phishing E-mails

…ck-prone. Set these people aside and vigorously train them in the art of social engineering. Don’t just lecture what it is and the different types. Actually have each employee come up with five ways they themselves would use social engineering if they had to play hacker for a day. Once or twice a month, send them staged phishing e-mails and see who bites. But let your employees know that they will receive these random phishing tests. This will…

Seniors big Target for Romance Scams

…st). It took only three weeks for Betty L. Davies of Georgia to fall under the spell of Donald Leo Moore. Davies, 62, gave him a whopping amount of money after he claimed he’d been robbed while in Malaysia. Then his chemical engineering project ran into trouble and she gave him $20,000. He then needed $30,000 thanks to Singaporean officials. Total money lost: nearly $300,000. “Script” of the Scammer Build victim’s trust Create sense of urgency…

Stay Safe While Traveling this Summer

…share what we’re doing on social media, especially kids, but avoid using location services when possible. According to the recent Intel Security study : Realities of Cyber Parenting , one in three children who are active on social media turn on location services for some or all of their social media accounts which can alert thieves that you are not home, making you vulnerable to break-ins. Many users are unaware of these features, but the…

Reports say Russians hacked IRS Identities

…total of $50 million in tax refunds, having obtained personal data to get ahold of the data. In other words, this crime wasn’t a hacking job. The Russians didn’t hack into the IRS’s network through some “back door” or social engineering scheme. They actually entered through the front door, using the personal data they had obtained. Just how the breach came about is not yet known. The IRS’s Criminal Investigation Unit, plus the Treasury Inspector…

Social Media Scams on the rise

…hough many people are concerned their personal information will get in the wrong hands, the funny thing is that they continue posting personal information—way too personal. The FBI’s Internet Crime Complaint Center says that social media is a fertile area for criminals to scam people. Phishing You are lured to a phony website that masquerades as your bank or some other important account. The lure might be a warning that you’ll lose your account…

Question: Should You worry about Kids on Social Media?

…There will always be bad people out there—online and offline. An article on commonsensemedia.org lists multiple ways good things can come to kids who use social media. Makes friendships stronger. The site did a study called Social Media, Social Life: How Teens View Their Digital Lives. More than half the participants said that social media has benefited their friendships. Only four percent said it hurt them. And 29 percent reported social media…

How Hackers use LinkedIn to Scam

…Companies need to come up with a way to prevent hackers from sneaking into their network via that bastion of essentiality known as LinkedIn. The penetration-tester, in his article recommends that businesses do the following: Social engineering training. Workers must be aggressively trained in how to sniff out a phishy-smelling e-mail. No corners should be cut with this training program, which should include ongoing staged attacks. A statement…

3 Ways We are Tricked into Cyber Attacks

…tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information). Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other…

6 Tips for Protecting Your Social Media Accounts

…hishing scam or using a weak password that is easy to guess Luckily, there are a few things you can do to protect your social media accounts from hackers. Here are my tips: Discard unused applications. Take inventory of your social media accounts to see if there are any third-party applications that have access to your personal social data. Delete the ones you don’t use or don’t need. And make sure you are ok with what information they are…

Hacking Humans: How Cybercriminals Trick Their Victims

…hishing email appear that it’s gone out to other people in the your circle of friends or acquaintances. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from your social profiles, or even a phony picture he took off of a photo gallery of professional models to win your trust. In order to preventing human hacking via phishing scams, you need to be aware of them. Aware of the scams,…

Stolen Social Security number? Don’t Worry!

Just when you think it was safe to believe your Social Security number can’t get stolen…news breaks of the Anthem data breach. Over 80,000,000 patient records were compromised, including SSNs and home addresses. Like a meteor striking the earth, a disastrous ripple effect is underway, with patients getting hit up with phishing e-mails. If you ever suspect your SSN has been stolen, some suggest contacting the IRS and Social Security…

Very effective Social Engineering Scams

…oisons a computer to steal someone’s files is called ransomware, a type of malicious software (in this case, “Cryptolocker” and “CryptoDefense”). But how does this virus get into your computer in the first place? It’s called social engineering: tricking users into allowing their computer to be infected, or duping them into revealing personal information. Often, a phishing e-mail is used: It has an attention-getting subject line that entices the…

The Security Costs of being too Social

…are letting burglars know they’re away from home and not returning too soon. Why You Should Curb Cyber Socializing It’s true: People have been burglarized because the thieves found out they were on vacation or away via their social media posts. Because posting your whereabouts in social media could lead to a burglary, you’ll have to pay for the natural fallout of the crimes, such as a homeowner’s insurance deductible and a higher premium rate…

SSN and Its Afterlife

…e numbers will stay at nine but be recycled. But for now, your number is as unique as your DNA. But, unlike DNA, a SSN can be used fraudulently. The three credit bureaus maintain a list of the deceased based on data from the Social Security Administration’s Death Master File Index. Sometimes it takes months for bureaus to update their databases with the Social Security Administration’s Death Master File Index. Here’s how to avoid identity theft…

Beware of scary WiFi Virus

…do: literally move through the air, as in airborne—like a biological pathogen. And like some Franken-creation, it came from a laboratory, cultivated at the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics. Chameleon leaps from one WiFi access point to another. And the more access points that are concentrated in a given area (think of them almost like receptor sites), the more this virus gets to hop…

Social Media Identity Theft leads to Arrest

…trip to court to try to resolve the situation. Perhaps this mess could have been prevented: Create a super strong password that would take a hacker’s machine two million years to crack. Think! Think! Think before you post on social media! Make your FB account as private as possible. Seel out your likeness on social and the moment you discover an imposter, report it. Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com…

Mobile Employees Are a Security Risk

…yees rather lazy with security awareness. There’s definitely a human factor involved with all of this that businesses must address. If employees want to use mobiles to conduct business, they should also embrace the responsibility that comes with the use of these devices—that of being willing to learn how to keep the sensitive data that’s stored in these devices safe, and also being willing to learn how to recognize social engineering and other…

‘Tis the Season for the 12 Scams of the Holidays

…ing, shopping and booking travel online— even more than we normally do. And scammers know that with all that money and personal information floating around, they have a big opportunity. Using techniques like phishing, social engineering, fake charities and infected USB drives, cybercriminals can invade your privacy and drain your bank account. Don’t let these hackers and thieves dampen your holiday cheer. To help you stay safe this season,…

College bound kids: protect your identity

…ency to reuse the same password—anything to make college life less hectic. All accounts should have a different password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters. Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads…

What Is a Trojan Horse?

…email getting into your inbox Know the threats. Keep current on the latest threats so you know what to look for when you receive suspicious emails Remember that Trojans are common because they are so successful. Hackers use social engineering techniques, such as mentioning a current news topic or popular celebrity, to get you to click on their email. Just being aware of what they are and how they work can prevent you from having to deal with…

6 Ways to prevent Social Engineering Attacks

…hey can be a tech support agent tricked into resetting a password and handing it over. Often, the victims don’t even know they were targeted until well after the fact, if ever. Just say no—to giving out personal information. Social engineering can occur over the phone: someone pretending to be your bank, asking for your private information. Always contact any institution for verification they want your private data before blindly giving it out….

Identity thieves bombarding Call Centers

…sonal data. One expert says that if contact phone channels were monitored, this could predict criminal behavior two weeks prior to actual attacks. Many companies also believe that most attacks result from malware rather than social engineering: the tricking of victims into revealing sensitive data. The targets include the staff of the call centers, who are often conned into allowing these smooth-talking worms to get under any door. When…

8 Ways to bullet proof your Social Accounts

…site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out. #3 Remove apps you don’t use. If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock…

10 Tips to Protect Yourself on Social Networks

…ly are. Manage your privacy settings: Make sure that you are only sharing information with friends and family and check them regularly in case there are any changes. Be aware of the fact that the information you share on one social network may be linked to another: For instance, a photo you post to Twitter may automatically post to your Facebook profile. Don’t reveal personal information: Be suspicious of anyone who asks for your personal…

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation. In our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’…

social_engineering

15 Small-Business Social Network Nightmares

…uthentic messages when, in fact, the fraudster’s motive is to get money or sensitive data. 3. Bullying on Facebook. Bullying doesn’t just happen among kids; workplace bullying also exists, and what better place than on social media? Sometimes employees who manage a company’s social media get frustrated with the public’s comments and fight back with below-the-belt comments. 4. Online reputation management. Make sure you and your…

Protecting Your Business’s Data From Organized Crime

…ifferent forms of hardware and software that seek out vulnerabilities within a small business’s network. Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have…

7 Social Media Security Tips To Protect Your Business

…represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization. Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are…

Credit Card Theft increasing for Banks and Retailers

…could have been thwarted. 76 percent of breaches were due to stolen or weak account credentials. In 2013 alone, 40 percent of the top breaches were recorded. Insider mistakes or threats accounted for 31 percent of insiders. Social engineering was responsible for 29 percent of breaches. Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents. The 2014 Data…

7 Small Business Social Media Risks

…ring benefits to businesses, namely in the realm of marketing exposure, they can also bring in lots of trouble as far as security issues. How can companies find the right balance in between the two extremes of either banning social media altogether and allowing free reign of social media? Below are some solutions. #1. Ban the ban. First of all, don’t outright ban access to social media. Otherwise, this can lead to other security issues….

How Data Breaches happen and how to respond

…er hacking or infecting computers with viruses, Trojans or worms—leading to stolen data or malfunctioning systems. An inside job. Employees (past or present) can commit data breaches. Also, an innocent employee is tricked by social engineering into revealing confidential information or giving out access to that information. Judgment lapse. An employee may leave data unprotected—not on purpose, but due to an oversight, making it easy prey for…

Stolen Identities are cheap on the Darknet

…bought a stolen overseas ID (as of 2011). Currently, these IDs cost 33 to 37 percent less. Other Crime Fees $100 to $300: hack a website $25 to $100: A hacker will steal all the data they can on a person or business by using social engineering or Trojan infiltration. $20: a thousand bots; and $250 will get you 15,000. $4 to $8: one stolen U.S. credit card account including CVV number ($18 for European accounts) What does all this mean to you? It…

IT Guys get duped Pretty Girl on Social Media

…rsonnel and executives. Most of the people who assisted Emily were men. A similar experiment using a fake male profile had no success. Preventing getting suckered into Social Media Scams For agencies and other organizations, social engineering awareness training is crucial, and must be done constantly, not the typical annually. Suspicious behavior should always be questioned. Suspicious behavior should be reported to the human relations…

Lessons learned from a Password Attack

…dentity theft. Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit. Social engineering. This is when a thief tricks a user into revealing a password (often by sending an “urgent” e-mail informing the user to visit a site where he “must” type in his password). There is still hope that one day…

Oversharing on Social Media Common Amongst 50+

…k about some hard consequences of sharing too much personal information. Thinks about it…is that friend really a friend if you haven’t seen them in 25 years? McAfee’s Fifty Plus Booms Online study found despite the fact that social networks have a reputation among the younger generation as a hub for drama among friends, this is also the case among other demographics—even in the 50-and-over age group. According to respondents, 16% of those who…

Socint: disseminating cybercrime through social intelligence

…ia. They post information and share photos and videos, and terrorist groups use the tools to recruit new members, disseminate propaganda and solicit funds.” It seems the next stage to investigate and prevent crime is through social intelligence combined with social analytics, hence “Socint”. Continues NextGov.com: “Officials can use this type of social media-driven intelligence to gain insight, investigate, construct countermeasures and refocus…

ATMs and student numbers rise across the UAE

…f courses on offer by more than 10 percent for the 2013/14 academic year. In direct response to industry demand, universities including Amity, Heriot-Watt and IMT will add an additional 35 degrees in tourism and hospitality, engineering and accounting to their existing portfolio, bringing the total number of degrees to 355. Of the new courses, 11 will be undergraduate, 17 postgraduate and 7 PHD programmes. News of the new programmes follows a…

Identity Thieves Go After the Deceased

…the person’s information from the inside, and in other cases the scammer contacts a relative posing as any of the above or a government agency. The three credit bureaus maintain a list of the deceased based on data from the Social Security Administration’s Death Master File Index. Sometimes it takes months for bureaus to update their databases with the Social Security Administration’s Death Master File Index. Relatives who learn of identity…

Getting Cybersmart and Staying Dutifully Employed

…onal. CyberPatriot: This is the premier national high school cyberdefense competition. It was created by the Air Force Association to inspire high school students toward careers in cybersecurity or other science, technology, engineering and mathematics (STEM) disciplines critical to our nation’s future. Maryland Cybersecurity Center (MC2): By targeting students as early as middle and high school, MC2 is stimulating early interest in the field of…

Social Media A Big Risk To Banks

…provided on the corporate site, and via social media. Once they gather enough information about their target they use that data to circumvent all the security technologies meant to prevent a user from downloading a virus or social engineering tricks like clicking an infected link and alert us to a phish email. This is where banks need to step it up and incorporate complex device identification. iovation, an Oregon-based security firm, goes a…

“Old” Malware Attacks Rising Significantly

…le malware declined slightly this quarter, McAfee Labs expects to see another record year for mobile malware. You need to be proactive and protect your mobile devices with comprehensive security software and pay attention to social engineering attempts to get you to give up your personal information. Suspect URLs: Cybercriminals continued their movement away from botnets and towards drive-by downloads as the primary distribution mechanism for…

Why Your Employer Needs Social in the Workplace

…n place to regulate employee access and guidelines for appropriate behavior, social media could be problematic. Teach employees effective use by providing training on proper use—including, especially, what not do, too. Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Train…

5 Signs You Are About to be Scammed

…t can’t happen to them or they just aren’t aware of the scams. And the scammers have gotten very good at disguising their scams, so it’s often hard to recognize them. Scamming generally involves a form of social engineering. Social engineering is the act of manipulating people into performing actions or divulging confidential information. It relies on human interactions, such as trying to gain confidence of someone through trickery or deception…

What Makes My Passwords Vulnerable?

…an often be used to hack into users’ other accounts. Two recent breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft. Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional…

Social Media Security in the Workplace

…ial media profile? The answer correlates with news of cyber-attacks on businesses and other organizations being targeted with advanced persistent threats which has risen sharply over the past two years. The Register reports “Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies…

Social Media Security Risks for Small Business

…nce they have gathered enough information about a target, hackers use that data to circumvent all the IT security technologies meant to protect users. Below are some things you can do as a small business owner to reduce your social media security risks. Implement IT Security Policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access…

Yahoo! Hacked: 15 Tips To Better Password Security

…y,” and “abc123.” Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Tips to…

Identity Theft Still On the Rise

…Facebook certainly provide a great deal of data that can be used to help criminals crack knowledge-based passwords, and websites like LinkedIn make it easy for criminals to gather additional intelligence in order to conduct social engineering scams. Meanwhile, smartphones have become the keys to many of our digital lives now that we use them for social media, online shopping, and online banking. Smartphone users are even more likely to be…

Cloud Computing Security: Small Business Data in the Cloud

…eft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering. Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for…

Social Media Security Tips for Small Business

…e training on proper use and especially what not do too. #2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder. #3 Limit social networks. In my own research about social media security, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and…

Protect Yourself from Vishing

…ing. VoIP has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.” Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers…

75 Million Unique Malware Samples By 2012

…targeted spam, or what’s often called “spear phishing.” Much like malware, total numbers are dropping but the severity of the threat and sophistication of the technique remain high. Social engineering: Subject lines used for social engineering spam messages vary depending on geography and language. Bait can include holidays or sporting events, and often differs by month or season. Attackers have shown remarkable insight into what works for…

Security Beyond the Desktop

…sive security strategy: The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees. Educating employees on secure practices is not enough—organizations need to install a proper framework to empower and encourage employees to make a habit of…

Holiday Phishers Use Social Media

…some extent. Criminals exploit this by mimicking these familiar platforms when sending millions of phishing emails designed to entice users into clicking malicious links or visiting spoofed websites that resemble legitimate social media. They also create pages within popular social media that are infected with malware, or malicious links designed to infect the PCs of anyone who clicks. McAfee has exposed numerous Christmas-related scams. To…

Social Security Number: All-Purpose Identifier

…e. The IRS adopted our Social Security numbers as identifiers for our tax files about 50 years or so ago. Around the same time, banks began using Social Security numbers to report interest payments, and so on. All the while, Social Security numbers were required for all workers, so their Social Security benefits could be paid. Most people were assigned a number when they applied, sometime around the age of 16. This was until the 1980s, when the…

Human Security Weaker Than IT Security

…a pretty good job with information security to prevent identity theft, at least on the consumer level. But you also need to start thinking about avoiding Jedi mind tricks. Within the security world, these cons are known as “social engineering.” Whether you receive a phone call, an email, or a visitor at your home or office, always question those who present themselves in positions of authority. You should never automatically place your trust in…

Social Web Loaded With Profile Misrepresentation

…with fraudulent accounts ranging from a low of 5% to 40% of users. “Scammers are registering accounts by the millions as they perpetrate fake “friend requests,” deceptive tweets, and the like, while the black market for bulk social networking accounts is growing exponentially.” They also warned about social web abuse, describing current “sleeper cells” as “a ticking time bomb.” Last month, more than 30,000 fraudulent accounts coordinated an…

What to Look for In Cloud Security

…have, like an ATM card, and something you know like a PIN code. Computer users are responsible for the security of locally stored data, and data that is transmitted via their Internet connection. They can avoid phishing and social engineering scams. But beyond that, they are reliant on the cloud provider to adequately secure their data. Have you checked with your cloud provider yet on their security measures? Robert Siciliano, personal security…

Bill Would Remove Social Security Numbers From Medicare Cards

…ibiting Social Security numbers from appearing on Medicare cards or on any communications to Medicare beneficiaries, as well as requiring the Department of Health and Human Services to eliminate the unnecessary collection of Social Security numbers. Social security numbers should certainly be removed from Medicare cards and any other cards, for that matter. But while this bill is a step in the right direction, it cannot protect any of those 40…

Myth: Apple Products Don’t Get Viruses

…us software are actually downloading malicious software. This malware can damage the user’s computer or compromise personal information, including banking details. Mac users are also equally susceptible to phishing and other social engineering scams, if not more so, since they may have an inflated sense of security that can lead to riskier behavior. It’s important for Mac users to be aware of these emerging threats and take the appropriate…

Device Intelligence Helps Stop Scammers Targeting Social Media Sites

…ir users, and should take advantage of information that readily exists for them to use — the known reputations on over 650 million devices in iovation’s device reputation knowledge base. Computers that are new to these social networks dealing with scammers and spammers are rarely new to iovation. They have seen these devices on retail, financial, gaming or other dating sites and will help social sites know in real-time, whether to trust…

Social Networking Security Awareness

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about. Most concerns revolve around online reputation management, identity theft, or physical security issues. Social networking creates a risk of posting content that will be damaging to yourself, your…

15 Tips To Better Password Security

…y,” and “abc123.” Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. How to…

Judge Says Its OK to Post Social Security Numbers Online

…llection, maintenance, use, and dissemination of personally identifiable information maintained in systems of records by federal agencies. Over the years, many have interpreted this law to allow public information, including Social Security numbers, to be posted online. I’ve seen Social Security numbers for Jeb Bush, Colin Powell, former CIA Director Porter Goss, Troy Aiken, and Donald Trump, all published on the Internet. Ostergren so…

Consumer Fraud No Longer Shocking

…g payments, with no intention of ever shipping any items. Scammers often contact potential victims within an auction website, but then bring communications to outside email or phone. Once the target engages with the scammer, social engineering commences. Craigslist Scams: A scammer responds to a seller, claiming he wishes to purchase an item. He mails the seller a fake check for an amount in excess of the purchase price, with extra money…

Choosing an Enterprise eBanking Security Solution

…dentify themselves. Address change notifications, contract signing and more. Experience shows that a reliable security solution opens up new business opportunities. Today we worry about malware, spyware, root kits, phishing, social engineering, and a multitude of scams resulting in account takeover, new account fraud, and identity theft. It’s been less than a decade since the widespread use of broadband Internet took online commerce mainstream,…

How Much Would You Pay For a Fake Girlfriend?

…on. Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. Essentially it’s a fancier, more technical form of lying. Combine naiveté with predators who use social engineering to manipulate their victims, and you get stories like this one, about an Illinois man who sent more than $200,000 to an “online girlfriend,” who didn’t actually exist. The man believed he had been in a…

Top 5 Business Security Risks

…ore technical form of lying. At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information. All five holdouts were women who gave up zero data to the social engineers. 3. Failure to Log Out: Web-based email services, social networking sites, and…

Lawmakers Push To Shield Last 4 Social Security Numbers

…s are responding by pushing legislation to stop businesses from asking for the last four digits of customers’ Social Security numbers. Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, including the first five digits, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security…

Search Engine Doesn’t Need Kids SSN

…four digits of children’s Social Security numbers is probably someone who readily shares his or her own number, which is not a good idea. Researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. The New York…

10 Social Media Security Considerations

…, possibly including your employer. Maintain updated security . Make sure your hardware and your software are up to date. Update your antivirus definitions, your critical security patches, and so on. Lock down settings. Most social networks have privacy settings. Don’t rely on the defaults. Instead, set these preferences as securely as possible. The main social media websites offer tutorials, which you should use. Always delete messages from…

Check Your Password Security

…little research. Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. There…

Social Security Numbers Easily Cracked

…s easier than ever to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft. Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. Originally,…

10 Types of Criminal Social Media Impersonators

…. 6. Impersonators harass you or someone you know, perhaps as revenge over a perceived slight. 7. An impersonator steals a name or brand that has leverage, such as an employee, celebrity, or Fortune 500 company, as a form of social engineering, in order to obtain privileged access. 8. An impersonator may be obsessed with you or your brand and simply wants to be associated with you. 9. An impersonator might parody you or your brand by creating a…

Man Arrested For Stealing 15,000 Social Security Numbers

…the hands of identity thieves have even had their mortgages refinanced and their equity stripped. WTEN.com reports an arrest has been made of an individual alleged to have illegally downloaded personal information, including Social Security numbers of about 15,000 people. Police arrested a man “for stealing the collection of Social Security numbers from computers belonging to contractors working for the Office of Disability and Temporary…

Cross-Site Scripting Criminal Hacks

…erences.” That being said, after messing with default browser or program settings, the reduced functionality may impede your ability to do anything online. The trick is to have the most updated security software and to avoid social engineering scams that ask you to click links or copy code. Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)…

Top 5 Vishing Techniques

…ing. VoIP has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.” Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers…

Using Social Media Passwords With Critical Accounts

…, having your social networking account compromised can make those other accounts vulnerable as well. Last year, 32 million passwords were posted online after a data breach at RockYou, a company that creates applications for social networking sites. The breach revealed the weakness of most people’s social networking passwords. InformationWeek reports, that all the major sites have the same minimum password length of six characters. And password…

Americans Waking Up to Social Media Privacy

…to affect ones security position. Now as a result of all this attention to privacy, in a recent study published in the Wall Street Journal, about 36% of American adults said they were “very concerned” about their privacy on social-networking sites in 2010, compared with 30% who felt that way last year. The shift was particularly noticeable among people over age 44; 50% of people age 54 to 64 described themselves as “very concerned,” compared…

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

…ode. The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.” The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many pieces of identifying information, he…

Leaked Social Security Numbers Put “Personal Security and Safety at Risk”

…code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information in federal record systems. Back in 1974, identity theft wasn’t an issue, so having your Social Security number on your driver’s license, school ID, and most other documents wasn’t a big deal. Then someone figured out how to use a Social Security number to pose as someone else, and from there, identity theft…

IRS Fully Reliant on Social Security Numbers

…x evader, you don’t have much of a choice about including your Social Security number on checks and money orders. The IRS sent 201 million notices to taxpayers during the fiscal year 2009, and most of those mailings included Social Security numbers. Social Security numbers may also appear in more than 500 computers systems and 6,000 internal and external forms. According to the Treasury Department Inspector General, “this is because Social

McAfee Reveals the Top Ten Most Dangerous Places to Leave Your Social Security Number

…t victims had their social security number compromised according to Javelin’s 2010 Identity Fraud Survey Report. In honor of National Identity Protection week, McAfee set out to reveal the most dangerous places to leave your social security number. When your Social Security number is used to commit fraud, it feels very personal. It can take hundreds of hours and sometimes thousands of dollars to rectify this violation. Criminals find these…

Seminar to Feature ISECOM’s OSSTMM v3

…iewed methodology for performing security tests and metrics, and the test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and…

7 Ways to Combat Scareware

…pages may be infected or built to distribute scareware. The goal is to trick you into clicking on links and download their crappy software. Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure. The rogue software comes equipped with a customer support link leading to…

Social Media is a Criminals Playground

…simply can’t protect every user. New technology is developed at a rate that vastly outpaces the security necessary to keep those technologies bulletproof. Essentially, you’re on your own. While it is rare for a user to post Social Security numbers, which can directly lead to identity theft, on a social networking website, these websites or their users’ actions can compromise PCs, which does ultimately lead to identity theft. Always make sure to…

Women Proved “Securest” in the Defcon Social Engineering Game

…al Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women who gave up zero data to the social engineers. Computerworld reports, “Contestants targeted 17 major corporations over the course…

 

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in