Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

April 16 2015

robertsiciliano

It's a Security System and More

WARNING: Removing this video surveillance camera to kill evidence of your robbery will do you chickenfeed because the video of you is being stored in the cloud!

Today’s security systems are so much more evolved than they were 20 years ago, even 10 years ago.

We’ve all heard of the bright light that goes on over the garage when someone steps onto the driveway. That’s so old that some burglars aren’t miffed by this in the least. However…such a motion detection system can also trigger video surveillance and notify the police. And there’s so much more that today’s security technology can do:

  • Send an alert to your smartphone that something anomalous has been detected inside your house; you can then view the interior in real time where this detection occurred, even if you’re across the country. Don’t be surprised if in the future, the homeowner could—with a single tap of a smartphone key—activate a net from the ceiling to deploy and engulf an intruder, holding him till the cops come. I WANT THAT.
  • Even if you live in a virtually crime-free neighborhood and have no valuables…you can still be endangered by non-human threats like gas leaks, fires and trip-and-fall hazards in dark areas with triggered lighting. A home security system can protect you from these variables.
  • Burglars aren’t fooled by the constant light that’s on to make it seem like you’re home when you’re not. However, security systems can create a pattern of on-and-off light use when you’re away, simulating that someone’s actually home.
  • If you still have an old-fashioned wireful security system, it’s time to switch to wireless. Wireless eliminates the possibility of a burglar cutting the wires. Furthermore, a wireless system can include a small remote that can activate and deactivate the system, like when you want to go outside at night with the dog to do its business.

If you were to ask 1,000 home burglary and invasion victims, “Did you think the crime could ever happen to YOU?” What do you think they’d all say? Stop making excuses and get a home security system if you already don’t have one.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

April 15 2015

robertsiciliano

Identity Theft Protection 101

What’s it called if, for example, someone runs up your credit card line without your permission? Identity theft. ID theft isn’t necessarily someone going around impersonating you. But it is considered someone taking over your accounts.

Account takeover is also someone hacking into your computer and getting the password for your PayPal account, then sucking it dry. ID theft is an extremely common occurrence. The damage incurred by ID theft runs along a continuum, from light to heavy. At its worst it can:

  • Cost thousands of dollars to repair the fallout
  • Take months to fix this
  • Destroy reputation
  • Cause difficulty finding employment
  • Cause rejection of loan applications
  • Cause the victim to be arrested because the identity thief committed a crime in their name

There are tons of ways one can become a victim. It used to be that ID thieves would steal a wallet and gain information that way, or dig through your rubbish for bank statements. But these days, ID theft is prolifically committed in cyber space by thieves thousands of miles away.

For example, a thief halfway around the globe could trick you into giving your bank account information by sending an e-mail that looks like it’s from your bank, telling you that your online account has been compromised and that you need to supply your account information to repair the problem.

Or, clicking on a link that promises to show you a nude celebrity instead downloads a virus to your computer.

ID theft can also occur through no lapse in judgment of your own: when the retailer you buy things from with a credit card is hacked.

Protect Yourself

  • All of your computer devices should have software: antivirus, antimalware and a firewall, and always updated.
  • Educate yourself on recognizing scams. Some are ingenious and look legitimate. One way to drastically reduce the odds of being tricked by a ruse is to never, never, never click on any links in an e-mail. Never.
  • Make all of your passwords unique, over 10 characters and a mix of numbers, letters and symbols: gibberish rather than the name of your favorite rock band or sport.
  • View your credit report (it’s free) once a year from each of the three credit reporting agencies. Look for odd things like new accounts opened that you never opened and other false information.
  • If you’re sure you won’t be applying for a loan for a long time, freeze your credit.
  • Use only reputable merchants for online shopping when possible (we all know this rule doesn’t apply when you want to buy those big clumpy home-baked chocolate cookies from “Denise’s Gourmet Cookies”).
  • Missing snail mail bills? Report this to the associated companies because a thief may have changed your billing address.
  • Use a VPN. A virtual private network such as Hotspot Shield is one significant layer to protect your data and your identity by encrypting your information.

Consider it a red flag if you receive credit cards you didn’t apply for, especially if they have high interest rates.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

April 14 2015

robertsiciliano

How to identify Tax Scams

The IRS isn’t your biggest enemy during tax season. It’s the criminals who pretend to be IRS reps and then con people out of their money. They contact potential victims chiefly through phone calls and text messages.

Typically, the message is threatening in tone and/or content, informing the target they’ll be arrested if they don’t immediately send the IRS owed money. The threat may also be deportation or a driver’s license suspension (that last one is really silly, but people actually do fall for these cons).

The money must be wire transferred or sent via a pre-paid card—and this is one of the tip-offs it’s a scam: Why wouldn’t the IRS accept a personal check like they normally do? The wire transfer or pre-paid card guarantees the crook will never be tracked.

Identifying tax scams is easy! It’s a scam if the scammy “IRS”:

  • Requests a credit card number over the phone or email
  • Requests a wire transfer or pre-paid card over the phone or email
  • The initial communication about owed money is NOT through snail mail.

The aforementioned three points should be enough for you to identify a scam, but to make identification even easier, here’s more:

  • There’s background noise to make you think it’s a busy call center.
  • The caller gives you his “badge number” to sound more official.
  • The caller identifies himself with a common name (i.e., Michael Harris).
  • The phone call coincides with an e-mail (to make things appear more official).
  • The caller hangs up when you say, “I actually work for the IRS myself.”

Scammers’ tricks that can fool you:

  • The caller ID appears it’s the IRS calling. Caller ID can be easily “spoofed”.
  • You get another call from supposedly the DMV or police department, and the caller ID shows this. (Now think about this for a moment: With all the really bad guys out there making trouble, don’t you think the police have better things to do than call people up about back taxes?)
  • The caller may know the last four digits of your Social Security number.

Don’t argue with the caller. Simply hang up (or if you want to have fun, tell them you yourself are with the IRS and listen to how fast they hang up). If you really do owe taxes, call the real IRS and work with an authentic employee to pay what you owe.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

April 13 2015

robertsiciliano

Go Two-Factor or go Home

Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you.

Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as you use your laptop. Or, you can be tricked—via a phishing e-mail—into giving out your super strong password. The simple username/password combination is extremely vulnerable to a litany of attacks.

What a crook can’t possibly do, however, is log into one of your accounts using YOUR phone (unless he steals it, of course). And why would he need your phone? Because your account requires two-factor authentication: your password and then verification of a one-time passcode that the site sends to your phone.

Two-factor authentication also prevents someone from getting into your account from a device other than the one that you’ve set up the two-factor with.

You may already have accounts that enable two-factor authentication; just activate it and you’ve just beefed up your account security.

Facebook

  • Its two-factor is called login approvals; enable it in the security section.
  • You can use a smartphone application to create authentication codes offline.

Apple

  • Its two-factor works only with SMS and Find my iPhone; activate it in the password and security section.
  • Apple’s two-factor is available only in the U.S., Australia, New Zealand and the U.K.

Twitter

  • Twitter’s two-factor is called login verification.
  • Enabling it is easy.
  • Requires a dependable phone

Google

  • Google’s two-factor is called 2-step verification.
  • It can be configured for multiple Google accounts.

Dropbox

  • Activating two-factor here is easy; go to the security section.
  • SMS authentication plus other authentication apps are supported.

Microsoft

  • Enable it in the security info section
  • Works with other authentication apps.

Additionally, check to see if any other accounts you have offer two-factor, such as your bank (though most banks still do not offer this as described above, but do provide a variation of two factor).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

April 12 2015

robertsiciliano

Bank Account depleted, Company sues

Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on krebsonsecurity.com. In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.

Bank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.

In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.

This scenario has been replicated many times over the past five years, says the krebsonsecurity.com article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.

Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.

Businesses and consumers should:

  • Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
  • Stage phishing attacks to see how well everyone learned their security training
  • Retrain those who fell for the staged attacks
  • Make it a rule that more than one person is required to sign off on large transfers
  • Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention. Disclosures.

April 10 2015

robertsiciliano

Latest Russian Cyber Attack on White House a Boon for CISA

The Russians have come…again—in the form of hackers. Not long ago Russian cyber criminals busted into the U.S.’s State Department system and mangled it for months.

This time, they got into a computer system at the White House. Luckily, this system did not hold any classified information, but nevertheless, the hackers got ahold of President Obama’s private itinerary. So it just goes to show you just what hackers a world away can do.

This isn’t the first time that the White House has been hacked into. Remember the attacks that were allegedly committed by the Chinese? These, too, did not involve sensitive information, but the scary thing is that these cyber invasions show how easy it is for other countries to bang into the computer systems of the No. 1. Superpower.

So President Obama’s personal schedule got hacked, and in the past, some White House employee e-mails got hacked. What next—top secret plans involving weaponry?

What the Russians may do next is of grave concern to the FBI. Perhaps the Russians are just teasing us with this latest break-in, and the next hacking incident will really rattle things.

Ironically, Obama had recently signed an executive order in the name of stomping down on cyber crime. Well, someone didn’t stomp hard enough, and the Russians, Chinese and everyone else knows it.

Obama’s efforts involve CISA: Cybersecurity Information Sharing Act. The Act would mandate that there’d be greater communication between the government, businesses and the private sector relating to possible cyber threats.

CISA is not well-received by everyone because it involves what some believe to be a compromise in privacy. This latest attack on the White House, say CISA critics, might encourage lawmakers to hastily pass the Act without first building into it some features that would protect the privacy of the private sector.

The chief concern, or at least one of the leading ones, of CISA opponents or skeptics is that of the government gaining access to Joe’s or Jane’s personal information. And why would the government want to get our private information? For surveillance purposes—that harken back to the efforts to increase cyber protection and prevent more hacking episodes.

The bottom line is that this latest attack by the Russians will surely add a few more logs to the fire in that lawmakers will feel more pressure than ever to strongly consider passing CISA.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

April 09 2015

robertsiciliano

How Hackers are Hacking Smarthomes

“My house was hacked!” Had you said this 25 years ago, people would have thought a burglar vandalized it with an axe. Say it today and nearly everybody will know what you mean: A thief or prankster “broke” in to your house via its connected-to-the-Internet gadgets.

If something’s connected, like your refrigerator, the possibility of hacking exists. All of these smarthome gadgets make it to market without a lot of attention on security, leaving them with “back doors” through which hackers could enter. This craeates a larger “surface area” for potential cyber invasions.

In January 2014, connected refrigerators were actually sending out spam e-mails. So don’t think that all of this is just hyped up anxiety. And unless you’ve been living in a cave, you’ve already heard about the man who hacked into a baby monitor and yelled obscenities through it. A hacker could infiltrate through any vulnerable device in your house and use it as a launching pad to get into your e-mail account and redirect your web traffic to them.

Though nothing is ever 100 percent secure, the issue boils down to how important it is for you to control your home’s thermostat or coffee pot while you’re away, which means adding one more “smart” thing to your house, increasing its surface area of potential attack.

Smart gadgets are especially vulnerable to attack because they may not be replaced for many years, such as a smart washing machine. This means the appliance or device needs to have a long-term ability to receive security updates.

To combat security threats, makers of smart gadgets and appliances need to have security in mind from the beginning of manufacturing. They need to set up a monitoring system for these products for as long as they are in use, so that the smart washer is just as protected in its 15th year of use by the homeowner as it is in its first year.

Though the smart coffee pot may come across as a status symbol of a tech-savvy person with money to burn, some smart devices can save money such as a system that monitors water usage and can even identify which pipe has a leak.

The homeowner has to do a risk/benefit analysis and just perhaps forego the coffee pot and the smart egg container that tells you when you’re down to your last few eggs. To check if your kids are sleeping you may just have to do it the old-fashioned way: walking to their bedroom and peeking in.

When making an investment in smarthome devices make sure to check out the reviews, do your research to see if anyone has experienced security issues. And make sure to update any software of firmware over the lifespan of the device.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

April 08 2015

robertsiciliano

Home Automation in your Security System

Having a house run like the Jetsons’ is becoming increasingly possible: It’s called home automation. If you’re not familiar with the futuristic cartoon family, the Jetsons, just about everything in their house was automated. Today, we can have the following:

  • Sensors that make noise when a door or window opens are nothing new, but real-time video surveillance of a home’s interior and exterior, viewed remotely through a smartphone thousands of miles away, is relatively new technology.
  • Controlling the temperature inside the house from anywhere outside using a phone. The smartphone connects with the thermostat’s sensors that detect radio frequency signals.
  • Odorless but deadly, carbon monoxide gas will be detected by a detector—and this has been around for a long time, but what’s relatively new is that the detection will trigger ventilation: a head start for the home’s occupants to scramble outside. Sensors can also alert to possible gas leaks.
  • Recently in the news was the seven children who died in a Brooklyn, NY house fire started by a hot plate. Apparently the house had one smoke detector—in the basement—that nobody on the second floor heard when it went off while they were sleeping. The kids would have likely survived had there been multiple fire detectors to alert the residents.
  • Furthermore, smoke alarms detect smoke before the fire begins and can simultaneously notify a central control center that then contacts the fire department. Seconds count.

Home automation may seem like something that only the rich can afford, but the makers of these systems want to score a big profit, so they develop systems to fit different budgets. Reputable home security companies can offer different packages and give price estimates.

Realize that there exist security scams, including the one in which an employee comes to your house unannounced, wearing a jumpsuit with the name of your security company on it, claiming that your system needs servicing. What he really wants to do is scope your house for vulnerabilities and also find out when you might not be home in the near future—so he could rob the place.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

April 07 2015

robertsiciliano

How to recognize Online Risks

Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.

One of the most common ways this is done is through phishing.

  • The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
  • The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
  • These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
  • Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
  • These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
  • Sometime the e-mail will contain an attachment. Opening it can download a virus.
  • What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
  • You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
  • Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?

Passwords

  • Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
  • Never use keyboard sequences; again, a hacker’s tool can find these.
  • Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
  • Use a different password for every account.

Anti-malware Software

  • You should have a complete system that’s regularly updated.
  • Have a firewall too.

Virtual Private Network

  • Download Hotspot Shield to encrypt your data on public WiFi hotspots.
  • Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.

Secure Sites

  • Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.

A padlock icon before the https means the site is secure.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

April 06 2015

robertsiciliano

Company proves why you shouldn’t post Kids’ Pics online

What if you knew there existed a possibility that some company, without your knowledge, grabbed a photo of your child and put it on their product and then put their product online for sale?

Koppie Koppie sells coffee mugs with photos of kids on them—and YOUR child could be one. Though this begs the question, who on earth would want a coffee mug with a photo of a stranger’s child on it, there’s actually a market for this.

Koppie Koppie has taken photos of kids from Flickr. Koppie Koppie is actually more of a social experiment, says the duo who run the site at koppie-koppie.biz. The pair claim that the drive was to raise awareness of privacy issues, yet at the same time, insist that they haven’t done anything wrong because they haven’t violated Flickr’s rules.

The images that Koppie’s founders use come with the Creative Commons licensing rights: Commercial re-use is not restricted.

Though what Koppie Koppie has done is actually legal, it still counts as a violation of the rights of the parents of those kids.

Writers use these photos for their articles, for instance, an article about parent-child relationships, but with professional child models, the parents of the young models know this. So is taking the use of the photos up a notch (or two or three?) by putting them on mugs as a display crossing the line or is to create awareness that maybe you shouldn’t be positng pictures of your children online?

These guys found a loophole and slithered through it, since the privacy policies of social media fall short with explaining the context of how images can be shared online. But they make a good point.

Going further down the continuum, we may have a company sooner or later selling T-shirts with YOUR child’s face on them—without your knowledge.

Koppie Koppie says it will take down a mug of your child within two weeks of your complaint. But think of how many parents will never read this article and know what Koppie Koppie has been up to or anyone else for that matter.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

April 05 2015

robertsiciliano

1 Billion Records hacked

Billions and billions—it’s only a matter of time before this becomes the number of hacking incidents in a single year, because just in 2014, over one billion records were hacked out of 1,500 different hacking incidents, says a recent report.

Some other findings from the report:

  • A little over half the breaches involved credit card numbers, Social Security numbers and other personal information.
  • Most hacking incidents occurred in the U.S.
  • 55 percent of the incidents involved retailers, primarily affecting point of sale systems that lack encryption technology.
  • The private sector, combined with the government, took up 17 percent of the hits.

The government has had it; the White House plans on devoting an office entirely to figuring out how to stay ahead of cyber crime. Let’s hope that the White House really dissects cyber attack technology.

What can consumers, the private sector, retailers, banks and the governments do to make it difficult for hackers to cause mayhem?

  • Go through all of their passwords and replace the weak ones with strong ones. A weak password is less than eight characters (some experts advise that it be at least 12), contains actual words or names, contains keyboard sequences and has limited character variety.

    Keep in mind that an eight-character password such as $39#ikPw is strong and superior to the 12-character 123qwertyTom. But maximize the strength by making the password at least 12 characters and a jumble of character gibberish. A password manager can do this all for you.

  • Install antivirus software. This means antivirus, anti-spyware, anti-phishing and a firewall. Then make sure they are always updated. This software should also be installed on your smartphone and tablet.
  • If you’re still using windows XP because you don’t want to part from your comfort zone, get out of it immediately, because it won’t be so comfy when your system gets dismantled by a hacker. Windows XP is no longer subject to security patches and updates by Microsoft. You need a version, such as MS Win 7, that receives regular updates.
  • Your router has a password that’s been set by the manufacturer. Hackers know these passwords. Therefore, you should change it. Next, turn your WPA or WPA2 encryption on. If you don’t know how to do these things, contact the router’s manufacturer or google it. And unless you have encryption while using public Wi-Fi, consider yourself a lone zebra wandering around in the African savanna where prides of hungry lions are watching you. Get a VPN. Google it.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention. Disclosures.

April 03 2015

robertsiciliano

5 Habits of Practically Unhackable People

At the start of the year, we all made our resolutions for 2015. Now it’s March—how are you doing on your resolutions? If you’ve already broken a few, no worries; New Year’s doesn’t have the monopoly on making goals to better yourself. This is especially true with digital safety. At a time when there are so many security breaches, it’s important to commit to strengthening your digital defenses year-round.

When making goals, it’s important to emulate people who have already mastered what you’re trying to learn. So in this case, what do super secure people do to stay safe online? Intel Security has the answer—here are the 5 habits of practically unhackable people:

  1. Think before they click. We click hundreds of times a day, but do we really pay attention to what we click on? According to the Cyber Security Intelligence Index, 95% of hacks in 2013 were the result of users clicking on a bad link. Avoid unnecessary digital drama, check the URL before you click and don’t click on links from people you don’t know.
  2. Use HTTPS where it matters. Make sure that sites use “https” rather than “http” if you’re entering any personal information on the site. What’s the difference? The extra “S” means that the site is encrypted to protect your information. This is critical when you are entering usernames and passwords or financial information.
  3. Manage passwords. Practically unhackable people use long, strong passwords that are a combination of upper and lower case letters, numbers, and symbols. Yet, unhackable people don’t always memorize their passwords; instead, they use a password manager. A password manager remembers your passwords and enters them for you. Convenient, right? Check out True Key™ by Intel Security, the password manager that uses biometrics to unlock your digital life. With True Key, you are the password.
  4. Use 2-factor authentication (2FA) all day, every day. When it comes to authentication, two is always better than one. 2FA adds another layer of security to your accounts to protect it from the bad guys so if you have the option to use 2FA, choose it. In fact Intel Security True Key uses multiple factors of authentication.
  5. Know when to VPN. A VPN, or virtual private network, encrypts your information, which is especially important when using public Wi-Fi. Practically unhackable people know that they don’t always need a VPN, but know when to use one.

To learn more about the 5 habits of practically unhackable people, go here. Like what you see? Share the five habits on Twitter for a chance to win one of five prize packs including a $100 gift card to Cotopaxi or Hotels.com.*

You don’t need to wait for another New Year to resolve to become a digital safety rock star – start today!

*Sweepstakes is valid in the U.S. only and ends May 16, 2015. For more information see the terms and conditions at intel.com/5habits.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

April 02 2015

robertsiciliano

Watch Out for Tax Scams!

Spring is here (at least in some parts of the world in the northern hemisphere)! The bees are buzzing, the flowers are blooming, and the accountants are working late because for those in the U.S., it’s tax season! Scammers love tax season—there is a lot of money moving around as people pay taxes and receive tax refunds. And they have developed many ways to take advantage of that and steal your hard-earned money.

The Internal Revenue Service (IRS) maintains a list of the scams that they call the Dirty Dozen and have published this again for 2015. It’s a good idea for all of us to familiarize ourselves with these. Here’s the top three.

  • Phone scams. Your phone rings—it’s the IRS stating that you owe money and you must pay it NOW! It can be disconcerting but, never fear, this is a scam. Keep in mind that if you do owe the IRS, they will first contact with you via snail mail before calling. This is the number one scam that criminals are using during tax season so don’t answer your phone (just kidding…just be aware of this).
  • Phishing Hackers imitate the IRS and send an email that asks you to update your e-file immediately. The link then directs you to a bogus website. If you enter your information, the hacker collects any information you enter on the site. Remember, the IRS generally does not send emails, text messages or social media posts to request personal or financial information. If you receive any unsolicited communication that appears to be from the IRS, report it to phishing@irs.gov.
  • Identity Theft. If a cybercriminal gets access to your Social Security number (SSN), they can pose as you and file a tax return under your name, but have the refund sent to them. When you file your tax return, you’ll get a notice from the IRS stating that more than one tax return was filed for you. If you think you are a victim of identity theft or have been in the past, make sure to contact the IRS as they can issue you an identity theft PIN that will be used in addition to your SSN.  Make sure to protect your SSN and do not share it unless absolutely necessary.

Stolen tax returns and tax scams have been growing consistently, leaving many identity theft victims struggling to recoup their lost refunds and identities. To help you, here are some tips to protect yourself this tax season.

  • Protect your data.Store sensitive documents in a fire-proof safe. If you plan to receive documents with sensitive information like your financial information in the mail, make sure you have a mail box with a lock.
  • Shred non-essential paperwork.Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.
  • File early.The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund.
  • Be cautious when clicking. Don’t click on any links or email attachments from emails that appear to be from the IRS. Be suspicious of strange emails and websites instead of clicking on links navigate to IRS.gov on your browser directly
  • Protect your devices. Install comprehensive software like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets and make sure to keep it updated.

Here’s a great video from the IRS about tax scams and additional information on how to report IRS phishing scams.

Hope you have a safe tax season!

Robert Siciliano  is an Online Safety Expert to  Intel Security . He is the author of  99 Things You Wish You Knew Before Your Mobile was Hacked!   Disclosures .

April 01 2015

robertsiciliano

What is a Potentially Unwanted Program (PUP)?

Whether you’re an animal person or not, you have to admit that puppies are pretty darn cute. So cute that there are YouTube Channels, Facebook accounts, and Buzzfeed newsletters devoted to the subject. Unfortunately, there’s a not so cute PUP out in the world, and it wants access to your device. What I’m talking about is a potentially unwanted program (PUP). What is an unwanted program? It’s software or an app that you don’t explicitly want on your device. PUPs usually are bundled with freeware and often installs without your permission.

Note: PUPs are not malware. The main difference is that you give consent to download the PUP, even though you might not know about it if you don’t read the agreements or installation process thoroughly.

So if PUPs aren’t malware, why are they bad? Some PUPs contain spyware including keyloggers, dialers, and other software to gather your information which could lead to identity theft. Others may display annoying advertisements on your device. Even if the PUP doesn’t have any malicious content, too many PUPs can slow down your device by taking up space on your device and it can weaker your device’s security, making you vulnerable to malware.

Companies or hackers use several techniques to get you to download PUPs. One technique is offering multiple installation options. Although the standard or default options may be highly recommended by the company or hacker, it is usually the custom or advanced option that is PUP-free. Another trick is automatically including PUPs in the installation. You have to uncheck the boxes to opt-out of the PUP. Sometimes they will gray the opt-out option so it looks like you can’t get out of downloading a PUP. Other companies will sneak clauses about PUPs into the end user license agreement. This means when you click to agree with their user terms, you also agree to download PUPs.

Here’s some tips on how to make sure you don’t get a PUP.

  • Be picky. Hesitate before downloading any freeware. Do you really need that Guardian of the Galaxy wallpaper for your laptop? Be vigilant and only download from trusted sites.
  • Customize. When downloading a program, it may be tempting to use the standard or default installation, but this version usually includes downloading programs you don’t need. Choose the custom installation.
  • Opt out. Instead of asking you to opt in to PUPs, companies will automatically include the PUPs in the installation; it’s up to you to say no. For example, a freeware program might recommend that you install a free browser add-on andbelow this statement will be a box that is checked that indicates you want to install the add-on. If you don’t uncheck the box, you can potentially download a PUP you may know very little about.
  • Read the fine print. Read the End User License Agreement before you accept it. There may be a clause about PUPs.
  • Have comprehensive security software. Install security software that works for all of your devices, like McAfee LiveSafe™ service. McAfee LiveSafe can detect PUPs and remove them from your device.

Remember it’s much more fun to snuggle with furry pups rather than the computer code kind.

Robert Siciliano  is an Online Safety Expert to  Intel Security . He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!   Disclosures .

March 31 2015

robertsiciliano

Don't be scammed into paying Back Taxes

It’s easy to scam someone who did something wrong by telling them they need to fix their mistake. This is why thousands of people get scammed into paying back taxes to the IRS—the IRS has nothing to do with these scams, of course, but the predators prey on peoples’ fear of Uncle Sam. It all begins with the fraudster making a phone call, pretending to be an IRS employee.

They have other tricks up their sleeve too, such as making the caller ID show a number that appears to be coming from the IRS and identifying themselves with phony IRS badge numbers. They’ll even leave urgent messages if they get voicemail.

Preying on emotions, the crook gets vulnerable people to give up private information right then and there—enough information for the crook to commit some kind of identity theft crime. When many people hear “IRS,” they get scared. Scammers have ripped off millions of dollars as a result.

The IRS won’t give you a phone call if you’re delinquent in your tax payment. They’ll snail mail you an official notice instead. In fact, the IRS, despite its negative stereotype, won’t use scare tactics or threatening verbiage. Anyone on the phone who does this is pond scum; hang up immediately.

The IRS also won’t ever just up and e-mail you about back taxes. If you see “IRS” in a subject line, do not open it. Instead, forward it to phishing@irs.gov and delete it.

If you want to have a little fun with these thieves, then if you ever get a call from someone claiming to be from the IRS, nonchalantly tell them that you yourself work for the IRS. See what happens.

A woman in Denver, Rachel Fitzsimmons, received calls from the “IRS” telling her they were filing a lawsuit against her. The message was a robotic-sounding female voice that left a call-back number. At first she was unnerved, but then after doing some research, recognized this as a scam. She called back the number, let the man talk a little with the threat, then told him she worked for the IRS (she doesn’t). He immediately hung up. Busted!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

March 30 2015

robertsiciliano

Frequently Asked Questions About Identity Theft

I remember my teachers always telling me there are no stupid questions. When it comes to identity theft, this is especially true. The more you know about identity theft, the better prepared you will be to prevent it from happening to you. Here are some commonly asked questions about identity theft.

What is identity theft?

Identity theft is when a person pretends to be you to access money, credit, medical care, and other benefits. They acquire your identity by stealing and using your personal information like government ID number or bank account number. Once they have this information, identity thieves can really wreak havoc on your life; for example, they can clear out your bank account. They can also impersonate you in order to get a job or commit a crime. It can take a long time to clean up the mess.

Does identity theft only have to do with stealing money or credit?

No, financial identity theft, using your personal information to access your money or credit, is not the only type of identity theft, although it is the most common. There are other kinds of identity theft identity theft. Medical identity theft is when someone uses your information to receive medical care. Criminal identity theft is when someone takes over your identity and assumes it as his or her own. They can then give your name to law enforcement officers and voilà—you have a criminal record.

What are some things I can do to protect my identity online?

  • Be choosy. Be careful when sharing personal information online. Just because a website is asking for your information doesn’t mean it’s necessary to provide it to them. Ask who wants the information and why. Also, limit the amount of information you share on social media. Does everyone need to know the year you were born?
  • Think twice. Use caution when clicking on links and opening email attachments. If the link or attachment is from someone you don’t know, don’t open it.
  • Use secure Wi-Fi. When shopping or banking online, make sure you are using a secure wireless connection.
  • Permanently delete files from your PC. Putting your files in the recycle bin isn’t enough. Your device will still have the files and therefore, are accessible to identity thieves. Use security software, like McAfee LiveSafe™ service, that includes a digital shredder to make sure those files are truly wiped from your PC.
  • Install security software. Make sure all your devices have comprehensive security software like McAfee LiveSafe that protects all your PCs, Macs, tablets and smartphones.

What are things I can do to protect my identity offline?

  • Shred. Use a cross-cut shredding machine, or scissors to shred old credit card statements, offers, receipts, etc., to prevent dumpster divers from obtaining your information and creating accounts in your name.
  • Have a locked mailbox. This will keep thieves from stealing your mail, especially bank statements and credit card offers.
  • Secure your files. Get a fire-proof safe to store sensitive documents including credit cards you hardly use.
  • Keep an eye on your bank and credit card statements. Look for questionable activity.
  • Be careful when using ATMs. When you insert your ATM card into a compromised machine or run your credit card through a phony card reader, you could become a victim of skimming. Skimming is where a hacker illegally obtains information from the magnetic strip on the back of your credit or ATM card. This information can then be used to access your accounts or produce a fake credit card with your name and details on it.

How do I know if my identity has been stolen?

This list is not comprehensive but gives you a good idea on what to look out for.

  • You receive a bill for a credit card account that, though in your name, is not yours. This probably means a thief opened the account in your name.
  • You’re no longer receiving your usual snail mail or email statements. Contact the issuer to find out why.
  • Unfamiliar purchases on your credit card, even tiny ones (crooks often start out with small purchases, and then escalate). Challenge even a $4 purchase.
  • You receive a credit card or store card without having applied for one. If this happens, immediately contact the company.
  • Your credit report has suspicious information, like inquiries for credit that you didn’t make.
  • Collectors are calling you to collect payments you owe, but you owe nothing.
  • Your credit score is high (last time you checked), but you were denied credit for a loan or new credit card. A thief can easily ruin a credit rating.

If my identity is stolen, what should I do?

Finding out that your identity has been stolen can be stressful. First, take a deep breath then follow these initial steps.

  • Contact your local or national law enforcement agency. File a report that your identity has been stolen.
  • Call your bank and credit card companies. Notify them of fraudulent activity. They may be able to reimburse you for any money lost or close any unauthorized accounts.
  • Check with credit reference agencies. Ask them to set up a fraud alert. Also, check to see if anyone has tried to get credit using your name.
  • Keep records. Keep track of all conversations and paperwork, the more detailed the better. Organize your data into one centralized place. This can be used as evidence for your case and can help you resolve the mess that identity theft can create.

To learn more about how you can protect yourself from identity theft, check out the Intel Security Facebook page or follow @IntelSec_Home on Twitter.

Robert Siciliano  is an Online Security Expert to  McAfee . He is the author of  99 Things You Wish You Knew Before Your Mobile was Hacked!    Disclosures.

March 29 2015

robertsiciliano

Tips to Stay Digitally Safe on Spring Break

Give me a break! In the next month, students will get the week off for spring break—a much needed reward after months of hard work and, for some, gnarly winter weather. Spring break means free time, family vacations, trips with friends, and timeless memories.

But, spring break can pose some risks to your online reputation and your identity. So whether you are going to party it up in the Caribbean or you are taking the kids to Disney World, here are some tips to keep you digitally safe this spring break.

  1. Don’t bring more technology than you have to. Do you really need to bring your laptop, tablet, and smartphone on your beach vacation? The more devices you bring, the more chances for someone to steal or compromise your device and your personal data.
  2. Backup your data. No matter what devices you decide to bring, make sure you back them up before you leave. You don’t know what will happen on your trip, don’t risk your data.
  3. Share when you get home. It’s tempting to share that family picture with Mickey, but it could alert thieves that you aren’t home. Wait until you return home before you share your vacation pictures online.
  4. Review your privacy settings. Just because you aren’t sharing anything from your spring break on social media, doesn’t mean that your friends aren’t. Check up on your privacy settings so you can manage who sees your content, and as best as possible, what others say about you. That embarrassing video of your belly flop doesn’t need to be seen by everyone.
  5. Be careful when using public Wi-Fi. Don’t log on to bank/credit card sites or shop online when using a public Internet connection. You don’t know who else is on your network.
  6. Install security software on all your devices. Use comprehensive security software like McAfee LiveSafe™ service to protect your devices no matter where you are.

Have a great spring break!

Robert Siciliano  is an Online Safety Expert to  Intel Security . He is the author of  99 Things You Wish You Knew Before Your Mobile was Hacked!   Disclosures .

March 28 2015

robertsiciliano

Sheriff’s office offers Home Security Tips

Here’s good advice from a sheriff’s office about how to protect your house.

Burglars and home invaders don’t give a flying hoot if you keep thinking, “It can’t happen to me and this is a safe neighborhood.” In fact, the issue isn’t how safe your neighborhood is or how watchful your neighbors are. The issue is how easy it is to simply break into your home.

Think of the other safety precautions you take daily even though the odds of an unfortunate outcome are very small, such as making sure you take your vitamins, or making sure not to miss brushing your teeth before bedtime. Yet you leave your garage door open because you think your neighborhood is safe? What the…?!

Keep your garage door closed. A threat may not be imminent, but any passer-by may actually be a thief scouting around to see who has the goods, and he sees some real goodies in your garage; he’ll make a note of your address for a later crime.

Don’t leave boxes that contained expensive items sticking out of garbage cans. Did you know that burglars love to see what’s poking out of garbage cans? Trash cans are the windows to the soul of your house.

Religious thumpers. Savvier burglars will go door to door pretending to represent a religion—they may even have a bible on hand—but their goal is to feel you out. I’m not suggesting that you shout at them to get lost and slam the door so hard that it shakes the frame. But if you present as wishy washy and unable to say “No thank you,” this tells the burglar you’re easy prey.  It’s better to talk through the door opposed to opening it.

Petition supporters. The burglar may be pretending to sell something or collect signatures for some strange petition.

Product sales. Another scam is for the burglar to name a date and time they’ll be back to deliver a product if you show an interest in it. They’re hoping you’ll say, “I won’t be home then; can you stop by another time?” The crook will be sure to show up at the time you won’t be home—to rob you cold.

Alarm company employee. If someone’s at your door claiming to be from your alarm company (if you have one), or some alarm company (if you don’t), this IS a ruse to find out if you have an alarm system that works—even if he’s wearing an outfit with the company’s name. Alarm companies don’t send people out in the field for unsolicited visits to homeowners.

Secure all entrances. Don’t just layer up the security of your front door. What about a porch door in the back? What about windows to your basement?

Makes sure valuables are not visible through your first-floor windows. This is another way thieves case houses.

Before leaving for out of town, contact the local police and request a vacation patrol check of your house. Be sure to indicate whether or not anyone is expected to be there such as someone to mow the lawn.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

March 27 2015

robertsiciliano

Can an App really act as a Bodyguard?

In the event of an attack, new smartphone applications can be used to send an alarm to a pre-chosen person. And the potential victims location can then be tracked.

But is this faster and more secure than a woman whipping out pepper spray and blasting a drunken buffoon who has her cornered in a parking garage at night?

No.

Apps meant for personal security are simply one layer of protection but in no way should be relied upon for personal protection. I mean, come on!!!! IT’S AN APP!!!!!!!

For the iPhone and Android, one such app is called STOP-ATTACK. This can be programmed to call 9-1-1. Once this app is activated it will record video and audio that gets sent to a cloud. This way, you’ll have evidence of who was on top of whom or if someone really did reach into their pocket and pull out a metallic-looking object.

The threatening person won’t even know he’s being recorded. STOP-ATTACK also has an alarm and light that, once triggered, might scare off the perpetrator. It can be activated without actually logging into your phone if your device normally requires a security code. You get all this for $3.99 per year.

Will STOP-ATTACK actually stop an attack? NO. The name is misleading.

Others are out there (e.g., StaySafe, Circle of 6, Panic and Guardly), but the bottom line is that there’s really no reason not to have one—even if you’re a big brute. Women concerned about assault represent one slice of the pie. Muggings over smartphones are getting more common, and often, victims are men.

Like with the can of mace, the potential victim needs to be prepared to handle the smartphone’s security feature very quickly, even slyly, before the perpetrator can grab it—whether he just wants the phone or wants to commit assault. So if the phone is in a woman’s purse while she’s walking around town alone past midnight, it does no good.

Nevertheless, an application like this adds a layer of security to the user. The user needs to insert some human factor into the equation when a threat arises. If a woman senses danger, and she must dig into the deep crevasses of her purse to locate her smartphone…she could have already bolted from danger or leveled a right hook into the would-be assailant’s temple. A trained woman can debilitate an attacker with proper training. But please, DO NOT rely on an app to protect you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

March 26 2015

robertsiciliano

Hackers for Hire both Good and Bad

Ever see those public bulletin boards with all the business cards on them? Don’t be surprised if you spot one that says “Hacker•for•Hire.” These are hackers who will, for a nice juicy fee, hack into your wife’s Facebook account to see if she’s cheating on you.

However, there’s at least one hackmaking site that matches hackers to clients who want to infiltrate a network for personal gain or even revenge. The site, Hacker’s List, is a good idea, certainly not the first of its kind; the site’s founders (who wish to remain anonymous) get a piece of the pie for each completed job. Kind of sounds like one of those freelance job sites where someone bids on a posted job. The client must put the payment in escrow prior to the job being carried out. This pretty much guarantees payment to the hacker.

The site began operation in November. Imagine the possibilities, like business people getting a complete list of their competitors’ clients, customers, prices and trade secrets. And yes, a college student could hire a hacker for changing a grade. Makes you kind of wish you were skilled at hacking; what a freaking easy way to make a lot of money.

Is a site like this legal? After all, cracking into someone’s personal or business account is illegal. The site has a lengthy terms of service that requires agreement from users, including agreeing not to use the service for illegal activity. The verdict isn’t out if Hacker’s List is an illegal enterprise, and further complicating this is that many of the job posters are probably outside the U.S.

Hacker’s List was carefully developed, and that includes the founders having sought legal counsel to make sure they don’t get in trouble.

Hiring hackers can easily occur beyond an organized website where jobs are posted and bid on. And there’s no sign of this industry slowing down. The line of demarcation between good hackers and bad is broad and blurry, beginning with legitimate businesses hiring hackers to analyze the companies’ networks for any vulnerabilities.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl