Stop Credit Card Thieves in the Act

, ,

Setting Up Account Alerts Can Help Protect You From Fraud.

Did you realize that you can have your credit card company and bank notify you anytime there is activity on your account? This tool makes it very easy to catch fraud before it stings your wallet.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Cyber Espionage's Latest Target? Your Baby Cam!

, ,


Just over a year ago I appeared on Fox Business and wrote a blog about a Texas couple who learned their child’s baby monitor had been hacked when the intruder started screaming obscenities through the device.  At the time the webcam system itself was found to have some glaring vulnerabilities, which were fixed by a firmware update, but I pointed out that the bottom line is that owners had not taken the necessary steps to secure their device and the onus was ultimately on them.

Now the news has broken about the latest in cyber espionage: a Russian website that is streaming footage from thousands of devices, including baby monitors, bedroom cameras, office surveillance systems and CCTV from gyms, in more than 250 countries, including feeds from 4,591 cameras in the United States.  Not only are they streaming the footage, but they are providing the coordinates of where the cameras are located!

Great Britain has taken the lead role in pressuring Russia to take down the site, though they will be working with the Federal Trade Commission in the US to try to force the site to close if the Russian authorities fail to cooperate.  Of course, neither the UK nor the US have jurisdiction in Russia, so it is simpler to warn people about the site than it is to try to take the site down.

Christopher Graham, the UK Information Commissioner minced no words when asked about the incident. “I will do what I can but don’t wait for me to have sorted this out.  The action is in your own hands if you have one of these pieces of kit.”

He went on to say, “We have got to grow up about this sort of thing.  These devices are very handy if you want to have remote access to make sure your child is OK, or the shop is alright, but everyone else can access that too unless you set a strong password. This isn’t just the boring old information commissioner saying ‘set a password’. This story is an illustration of what happens if you don’t do that. If you value your privacy, put in the basic security arrangements. It’s not difficult.”

Here is what Britain’s Information Commissioner’s office is advising:

1.  Change your password!!!!! These hackers are taking advantage of the fact that camera users receive default passwords (which are freely available online for thousands of cameras) to get devices working — such as “1234.”   You often are not prompted to change the password, so you must do it yourself!

2.  Switch off the remote access to a webcam if you don’t need it.

3.  As a last resort, you can always cover the lens if you don’t want to use the camera all of the time.

4. See my previous blog for even more steps.  Do this right after you’ve CHANGED YOUR PASSWORD!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Cyber Espionage Expert John Sileo

How do the RICH protect their Online Accounts?

, ,

 Watch Tech Geek Curtis Nasalbaum’s Response from the Leonard Nimoy Cruise

Every year, several of my keynote speeches are to ultra-high-wealth audiences. Because they have a lot of net worth to protect, their incentive to prevent identity theft and online fraud is on steroids. But for the average family with a normal amount of wealth, the incentive is just as important, because their wealth (albeit smaller), is just as vital to their lifestyle as it is to the wealthy.

And this isn’t just about wealth. All of us want to be able to keep hackers out of our private and often valuable online accounts, including: Gmail, Facebook, Dropbox, Twitter, Hotmail, Yahoo, banks, investment companies and all types of sensitive communications.

The answer, regardless of your wealth, is two-factor authentication (which is way too complicated a term for such a simple concept – I think the IT department named it that to ensure their job security). Two-factor authentication is also referred to as multi-factor authentication, two-step verification, 2FA and security tokens, none of which you need remember.

What is two-factor authentication?

Instead of two-factor authentication, I prefer to use the more practical phrase: two-step logins. In other words, to login to an online account like Gmail, you need to complete Step 1 (entering a password that you KNOW) and then Step 2 (entering a secret code that you HAVE for a limited time). The simplest form of a two-step login is at your ATM machine.  You provide two things: an ATM card that you HAVE and then a PIN number (password) that you KNOW.  It’s a two-part procedure. Without both of those, it’s hard to hack.

So how does two-step verification work online?

One form of two-step logins online is called text verification (see this in action on the video above).  This is where you get a code texted to your mobile phone the minute you’ve entered your password on the website. So the password is something you KNOW and the mobile phone, with the text on it, is something you HAVE. Two factors to unlock the account – two steps needed to login. It’s more than twice the protection for very little work.

Why do two-step logins protect us so well?

Simple – it would be nearly impossible as the thief will almost never have your password AND your cell phone at the same time.  So even if identity thieves hack your password out of a database (like in the Target data breach), it’s useless without the code that comes to your phone. In most cases, the hackers are located overseas and would have no way to compromise your phone.

How do I set up two-step logins for my specific online account?

If you want to learn more about two-step logins for specific online accounts, click on the relevant link: Gmail, Facebook, Twitter, Instagram, Dropbox, Evernote, SalesForceYahoo, Wells Fargo, Bank of America, Citibank, Etrade, Charles Schwab, US Bank. Alternatively, check out this list of two-step login pages or google the account you want to protect with the words two step verification (e.g., Gmail two step verification) and you will find the answer yourself!

John Sileo specializes in making technology, identity and privacy fun for audiences, so that security sticks.  His keynote appearances include engagements at The Pentagon, VISA, Homeland Security and Pfizer as well as TV appearances on Rachel Ray, 60 Minutes, Anderson Cooper and Fox Business. Book John directly on 800.258.8076.

Two-Factor Authentication

How Do I Stop Obamacare Identity Theft? [Burning Questions Ep. 3]

, ,

Today marks the start of the Affordable Care Act (aka Obamacare). As with any new, massive, government-sponsored program, scammers and identity thieves will try to take advantage of the public’s confusion and unfamiliarity with the new Health Exchanges (which we’re calling Obamacare Identity Theft).

Read more

Can Medical Identity Theft Really Kill You? [Burning Questions Ep. 2]

, ,

There has been a great deal in the news about medical identity theft leading to death. Is it possible? Yes. Is it likely? Less likely than dying of a heart attack because you eat too much bacon. But let’s explore the possibility of death by medical identity theft (below, in this article), and why the threat gets sensationalized (in the video).

Read more

Gladys Kravitz is Sniffing FREE WiFi Hotspots for Your Secrets

, , ,
Is Gladys watching your Free WiFi Hotspot?

The free WiFi hotspot ritual is habitual. You head to your favorite café to get some work done “away from the office”. Justifying your $4 cup of 50 cent coffee with a Starbucks-approved rationalization (“I work so much more efficiently at my 3rd spot!”), you flip open your laptop, link to the free WiFi and get down to business. The caffeine primes your creativity, the  bustling noise provides a canvass backdrop for your artful work and the hyper-convenient Internet access makes it easy for someone else (think organized criminal) to intercept everything you send through the air.

At the table next to you, drinking a free glass of water (these guys are too smart to pay that price for a cuppa joe), sits a hacker running a piece of software that sniffs the data you send over the free (unprotected) WiFi. They watch your private data like Gladys Kravitz stalking the very bewitching and often nose-wriggling Samantha. When you log in to your webmail account, they record your username (usually your email address) and password. Since you use the same password for many different websites, they run an automated computer program that attempts to log into every bank in the world using that username and password. When it fails, the program automatically increments your email password in every way possible until it eventually cracks your banking code.

By the time you head for a latte refill, you can no longer afford it. (This is one effective way to break the Starbucks habit). Most of us have been well trained to unthinkingly connect to the FREE WiFi hotspot at cafés, airports and hotels. Wireless technology is both useful and powerful, but operating it without protection is like skydiving with a parachute that you never deploy (it’s a fun ride while it lasts…). If you connect to any WiFi hotspot without first having to log in with a unique username and password, there is nothing that masks your data as it travels through the air. (Watch the 9News Investigation Video with Jeremy Jojola for a sample).

How to use a free WiFi hotspot without crash landing

Like our previously mentioned skydiver, you want not only to put on your parachute before you jump, but to pull the cord before you taste dirt. Here are some simple steps you can take, along with a “How To” video, before you jump on your next free WiFi hotspot:

  1. HTTPS Surfing. If you absolutely must use the free WiFi hotspot, only exchange information over websites with encrypted connections. What’s an encrypted connection and how can you tell? Watch this short video to learn how to tell if you are on a safe, https internet connection. If you are, all of the data that goes between your device and the WiFi hotspot (and eventually onto the Internet), is scrambled and protected by a passcode (the encryption part) that makes it much harder to intercept. Banks (see video), Gmail and even Facebook (see video) offer HTTPS connections. Sometimes all you have to do on a website is to change your security defaults! If your connection is regular old http (no “s” at the end), just know that your data can be free for all to see (if they have the right tools).
  2. Tethering. Also known as a personal WiFi hotspot, tethering is the act of using your smartphone’s encrypted cellular connection to the Internet to surf securely from your mobile device. Tethering works for laptops, tablets and iPods and is relatively simple and inexpensive to use. To tether your computing device to your smartphone, simply contact your mobile provider (Verizon, AT&T, Sprint, T-Mobile, etc.) and let them know that you want to be able to connect your computing device to your smartphone (you want to tether). They will let you know that it costs about $15 per month (well worth the protection), will turn it on and will walk you through setting up both your smartphone and device so that they communicate with the Internet in a well-protected manner. Note: Many tablets, like the iPad, now come with cellular data access built into the device. So, for example, if you have an iPad with Wireless + Cellular capability, you can almost always connect via your cellular connection (just like your phone connects) and never even have to utilize free WiFi (though it’s still safe to use the secure Wifi in your home and office). You can do the same thing by accessing the Internet via your smartphone that is NOT connected to WiFi. Cellular surfing can be a bit slower, but it is considerably more private.
  3. VPN Software. Using a VPN (or virtual private network software), is a safer way to surf on free WiFi. Think of it like this: it takes the same protections you get when using an https connection and applies them to all of the URLs you visit. VPNs are standard gear for business users, but individuals need them just as much as corporations. One of the more popular VPNs for consumer use is Hotspot Shield VPN (this is not an educated endorsement of the product, just an example). The good part about a VPN is that it protects your data transmissions over the internet at all times, not just when using free WiFi.

Better yet, utilize all three solutions and find yourself 100% safer than the Frappuccino lover over at the next table. Mobile computing will increase your productivity, your connectivity and your flexibility. But to do it without a bit of security preparation is to court digital suicide.

John Sileo not only uses free WiFi hotspots (wisely), he is an internationally recognized keynote speaker on how to keep your employees from making poor data security decisions regarding identity, privacy and reputation protection. His happy clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  Tyler Tobin, the CEO and Chief Hacker for Tobin & Associates LLC, is a world renowned Professional White Hat Hacker. His firm specializes in performing compliance, GLBA and full-blown security assessments. His customer base is both regional and global. Assessments include social engineering, external and internal vulnerability and penetration testing and compliance examinations (SEC, SOX, SSAE and GLBA).

Check washing & check fraud can dirty your spring cleaning

, , ,

Check washing is so simple, you must learn to prevent check fraud

Are check fraud and check washing still relevant in the age of digital payments? If you’re like the average person, chances are you don’t write too many checks anymore. With the convenience of online payment options, nearly universal acceptance of credit and debit cards, and the proliferation of ATMs offering you easy access to money at every turn, why resort to the archaic, labor-intensive method of writing a check?

The simple answer—sometimes we have no other choice!  Some places still don’t accept credit cards (Costco if you don’t have an American Express), or they charge an extra fee for them.  Some retailers don’t offer online payment options.  And frankly, sometimes it’s just an old habit and we haven’t made the effort to find a safer option because we’re stuck in the mindset of “it’s never happened to me” when thinking about check fraud.

Yet, according to a recent AFP Payments Fraud and Control Survey, checks remain the payment type most vulnerable to fraud attacks. In an American Bankers Association Deposit Account Fraud Survey, 73% of banks reported check fraud losses totaling approximately $893 million. And perhaps scariest of all, the imprisonment rate for check fraud is only 2% according to a statement made by the Department of Justice.  So although it’s not as glamorous or high tech as some other forms of fraud, check fraud is very tempting to criminals. It’s often as easy as taking an afternoon stroll down a street looking for vulnerable mailboxes, and then doing a little bit of “laundry”.

Check Washing Check Fraud

One form of check fraud that hits home for businesses and individuals alike is check washing.  It is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means. We conducted our own experiment to see just how easy it is to alter a check.  Take a look at our results in the video above.

What can you do to prevent this form of check fraud from happening to you?  There are many steps you can take:

  • Always use high security checks with multiple check fraud and check washing countermeasures
  • Use security gel-based pens with dark ink 
  • Don’t leave mail containing checks in an unattended or unlocked mailbox  (i.e. w/ red flag up)
  • Buy a locking mailbox (one large enough for a postal carrier to put mail through, but not large enough for a hand)
  • Shred voided checks
  • Check your bank statements regularly and immediately when you receive them.  You have a limited time in which to report check fraud.
  • Put clear tape over important fields when mailing a check
  • Do not leave blank spaces on payee or amount lines
  • Have new checks delivered to your bank if possible so they are not sitting in your unattended mailbox

Businesses are highly susceptible to massive check fraud via check washing, because the balances in their accounts tend to be higher and more vulnerable. This simple change from regular checks to high security checks can drastically reduce your risk of check washing and check fraud.

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Stop Online Tracking Ep. 5: Flush Your Cookies

, ,

Watch the entire Browser Spies Online Privacy series. To view the entire series, wait until the end of each video and click on the Next Video button in the lower right-hand corner of your screen. As you watch each short video in your browser, make the necessary changes based on each simple video tip on protecting your online identity and privacy.

Browser privacy expert John Sileo and Fox & Friends have teamed up to educate consumers on how your surfing habits are being intercepted, collected and sold as you browse the Web. These tips give you more control over your Internet Privacy in short, easy to implement tips. Privacy exposure, browser tracking and constant data surveillance are a reality of the digital economy. It’s important to defend your data privacy before it’s too late.

Stop Online Tracking Ep. 4: Enable Do Not Track

, ,

Watch the entire Browser Spies Online Privacy series. To view the entire series, wait until the end of each video and click on the Next Video button in the lower right-hand corner of your screen. As you watch each short video in your browser, make the necessary changes based on each simple video tip on protecting your online identity and privacy.

Browser privacy expert John Sileo and Fox & Friends have teamed up to educate consumers on how your browsing patterns are being monitored, shared and sold as you surf the Internet. These tips give you more control over your online security in short, easy to implement phases. Data exposure, surf-tracking and constant browser surveillance are a reality of the digital age. It’s important to defend your information privacy before it’s too late.