Posts

12th Day: Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me: 

12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

, ,

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

Protect Your Packages this Holiday Season!

, ,

Almost 20 billion packages will be delivered through the mail this holiday season. Even at $5 per package, that’s more than $100 Billion in value going through the mail–a scale too large and tempting for criminals to ignore.

Why do thieves target us during the holidays? In addition to the volume and value of holiday mail, criminals are taking advantage of the perfect winter storm:

  • Trucks are overloaded, mail & UPS carriers are overworked and shoppers are overwhelmed, which makes theft easy and attractive
  • Thieves take advantage not just of our good nature during the holidays, but of how distracted we are
  • Criminals see our generosity of giving as a goldmine waiting to be exploited

But picking packages off of your doorstep isn’t the only type of crime that skyrockets during December. Thieves don’t just want to steal the gifts inside your packages, they want the identity information that goes along with them: credit card numbers, bank accounts, invoices, even the checks that grandma sends in a holiday card. Check washers want to soak your checks in acetone, erase the Pay To field and replacing it with the word CASH.

How do we protect our mail and packages during the holidays, or any day?

  • Install a locking mailbox at your home and retrieve your mail early in the day, before criminals have a chance to steal it
  • Get a PO box during heavy mailing times and use that address for packages, sensitive documents or payments
  • Instead of putting outbound packages in your mailbox, drop them directly at the post office. Even the blue USPS boxes are commonly emptied by thieves at night.
  • Tell Grandma to stop sending cash! It’s too easy to steal and impossible to trace.
  • If you must send a physical payment through the mail, use high security checks like those provided by Deluxe.
  • Use UPS or FedEx to ship packages so that you can track their progress, insure the contents and require a signature at the other end.
  • If you generally aren’t at home when packages are delivered, have them shipped to your work so that they don’t sit on your porch for hours.
  • Check out our 12 Days to a Safe Christmas for more tips on protecting yourself against cyber crime, party crashers and Facebook stalkers during the season.

Take these simple tips when sending gifts and cards and you won’t lose your valuable data and goods to the identity theft Grinches.

 

Anderson Cooper Targets ID Theft in New Year's Resolution

, , , ,
Anderson Cooper’s 1st show of the year brought a panel of experts to discuss New Year’s resolutions, why we make them and how we can better keep them. Identity theft expert John Sileo closed out the show with 3 Tips for Avoiding Scams in the new year. Click on the video to the left to view the segment. Anderson and John discuss smartphone stupidity, passwords and social networking privacy.
Identity Theft Expert John Sileo Appears on the Anderson Cooper New Year’s Resolution Special.

John Sileo is an award-winning author and speaks internationally on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his keynote or media appearances on Anderson Cooper, 60 Minutes or Fox Business. Contact him on 800.258.8076.

Avoid Spring Break Travel Scams

Here comes Spring Break! And the scams that go along with travel and vacations, whether you are a student or just taking some time off. 

Picture this: you find a great deal online for a vacation package and are counting the days till you take off for some fun in the sun. The day finally arrives and you show up at the airport, bags packed and ready to take flight. But when you reach the ticket counter, you learn that you have no flights booked… you’ve been scammed!

It happens ALL THE TIME, and scammers are getting more and more convincing. Scams rise during any busy travel season, but there are ways to avoid becoming a victim. Here are some tips on how to prevent travel scams and make sure that you get to enjoy a great Spring break trip.

  • Verify the business you are booking your trip through. If you are going to use a travel agency or online booking company, make sure they are legitimate first. Go online and do your research – if people have been scammed before by the company, the internet is the first place they will go to vent. You can even ask the company for referrals so you can check up on some satisfied customers.
  • Read everything carefully before you sign. Sometimes there are hidden fees or clauses where they can  change the airport you are flying into or out of without telling you – even up to 100 miles away!  Make sure you know the airline and hotel before signing. This way you can verify their legitimacy. Feel free to contact them and make sure that this is a great deal.
  • Always pay with a credit card. Good credit card companies allow you to dispute fraudulent charges so that you are not held liable for the money. If the company insists you pay with cash or check or money order, GO SOMEPLACE ELSE! Legitimate travel companies will let you use a credit card.
  • Make sure you get EVERYTHING in writing. If your great deal does turn out to be a scam, you will need something to show the credit card company in order to dispute the charges.
  • If it sounds too good to be true, then it probably is. If they are offering you a flight to Mexico that is regularly $500 for $100, then chances are, it’s a scam. While there are great ways to book your hotel + flight + food + drink together to save money, most don’t offer an 80% discount!
  • Buy directly from the companies themselves (airline, hotel, transportation, tickets). Many times the actual companies guarantee the cheapest possible fare on their own website (United does this, for example). Even if it does cost you a bit more, you will sleep better at night knowing that your trip is booked and confirmed.
  • A lot of Mexico resorts offer all inclusive packages that are a great deal. You simply need to purchase your airfare. If you are booking it directly through the resort websites themselves, your chances of getting scammed drops immensely.
  • Don’t be afraid to try a website like TripAdvisor.com to do some background investigation.

Getting scammed definitely kills the vacation buzz! Getting scammed when you’re ready to have a great time with friends and family just plain sucks!  Follow these tips to make sure that it doesn’t happen to you.

John Sileo will be delivering identity theft speeches during Spring Break. Luckily, he travels frequently with his family.

Sileo Deflates ePickPocketing Hype on Fox & Friends

, ,

John appeared on Fox & Friends this morning to set the facts straight about the real and perceived risks posed by Electronic PickPocketing.

It is true that Identity Thieves are able to steal your credit card information without even touching your wallet. The technology exists, is readily available and can be assembled for under $1,000. But that doesn’t necessarily make it an efficient means of stealing credit card numbers.

RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier.  All major credit cards that have this technology have a symbol (pictured below). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and a chip installed inside of your card (or passport). Thus, by getting within a few inches of your credit card, a thief is able to obtain your credit card number, expiration date and maybe your name.

So we have established that stealing credit card numbers this way is possible, but is it feasible?

The Electronic Pickpocketing video circulating around YouTube makes it look that way. But the reality is a bit different. First, take into account that the news story in the video was focused around a gentleman and a company that makes money by raising your fear about this type of theft. The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take the context of the story into consideration before buying the hype.

The reality is that electronic pickpocketing is extremely time and resource intensive. Most thieves are smart enough to know that they are better served hacking into a database with hundreds of thousands of records rather than collecting them one at a time.

Here are just a few reasons why this threat, though real, is overblown:

  • While the RFID scanner itself can be purchased for under $100, you also need $500-$1,000 worth of additional equipment (laptop, blue tooth transmitter, cables, power supply, etc.) to make it a practical, mobile kit.
  • Once the thief has the kit, they need to get within 2-3 inches of your purse or wallet for 3-5 seconds on as many victims as possible without getting caught. This might be easy on a subway, but it gets much more difficult as people spread out.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy-to-scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo speaks professionally on identity theft, data breach, social networking exposure and fraud. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include Fox and Friends. Learn more about having him deliver a high-content keynote speech at your next meeting or conference. Contact him on 800.258.8076.

Electronic Pickpocketing Hype Banks on Your Fear!

, ,

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Social Engineering Expert Quoted in CSO Article

,

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

“I’m trying to inspire employees to care about privacy,” he said. “If they don’t care about it at a human level, they are not going to care about the company’s privacy policy or IT security. You’ve got to get it at a primal personal level.”

Sileo ran through some memorable social engineering scenarios he’s heard during his years as a security lecturer. The first is taken from his upcoming book

Continue Reading Social engineering stories: The sequel

If you are serious about training your staff on social engineering scams, fraud detection and protecting your business from a costly data breach, start with the items above and then bring a professional social engineering expert to your next meeting or conference. Email us for more information or contact one of us directly on 800.258.8076.

Fraud Report: SMiShing Identity Theft

smishing-text-messages-fraud

Identity Theft Expert John Sileo’s Latest Fraud Report

Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.

According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:

Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.

In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.

Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.

To minimize your risk:

  • Approach all text messages asking for your personal information with a great deal of skepticism (Hogwash, to those in the know).
  • Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
  • If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).

John Sileo became America’s Top Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about bringing John to your next meeting or event, contact him directly on 800.258.8076.