scams - Blog - Global Risk Community2024-03-28T10:07:29Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/scamsHow to Protect yourself from Tech Scams? | TechDrive Support Inchttps://globalriskcommunity.com/profiles/blogs/how-to-protect-yourself-from-tech-scams-techdrive-support-inc2023-02-27T12:06:12.000Z2023-02-27T12:06:12.000ZTechDrive Supporthttps://globalriskcommunity.com/members/TechDriveSupport<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10973717492?profile=RESIZE_400x&width=400"></div><div><p>Nowadays, <strong>tech scams</strong> are a common issue worldwide. People are being cheated saying that their devices have some technical problems which in reality don't exist. For this, <strong>scammers</strong> try to get money for some such issues that never did exists. </p><p>Not only this, but they also gather your personal information from your device. Also, they install various malware, spyware, and more on devices to steal information. So, <strong><a href="https://www.techdrivesupport.com/">TechDrive Support Inc</a></strong> has come up to warn customers of such scams. Read this article to know in brief.</p><h2>What are technical scams?</h2><p>First let us know what a technical scam is. During <strong>technical scams</strong>, a scammer may reach you through call, email, or more. Even they try contacting people with a <strong>pop-up</strong> message on the screen displaying a phone number to contact. They will behave like a <strong>Microsoft</strong> executive and have contacted you to provide support for your device. They will explain to you some issues with your devices like malware, spyware, and many more. Hence, they will ask you to fix it and steal your information. </p><h2>How do tech scams work?</h2><p>It might be possible that a scammer may call you directly to get services from their company. Also, they can use various <strong>caller IDs</strong> so that they can get an original anonymous phone number. Hence, it will display the contact of a real company. </p><p>Through the call, scammers trick their customers to install some random application through which they can get access to the device. Also by remote access, they hold on to some pop-ups on the device screen which creates a problem in removing them. </p><p>Hence, you are forced to contact their <strong>customer support</strong>. During that time, they will ask for the payment to proceed with your problem. After that, they offer some fake solutions for the existing problems and move on. </p><h2>How to protect yourself from tech scams?</h2><p>It is a must for everyone to protect themselves from these <strong>tech scams</strong>. Just follow these easy steps to <strong>avoid scams</strong>-</p><ul><li><p>In case you receive any <strong>pop-up message</strong> displaying a phone number, do not call on the same.</p></li><li><p>Make sure to use <strong>Microsoft Edge</strong> while you are browsing the internet. This automatically blocks all possible scamming sites.</p></li><li><p><strong>Microsoft</strong> never comes up with calls or messages directly to fix your problems until you reach them out. So, if you receive such emails or calls, ignore them.</p></li><li><p>Always keep in mind to download any kind of software only from its official website. </p></li><li><p><strong>Microsoft</strong> never takes payment for their services in the form of gift cards.</p></li></ul><h2>What shall I do if a scammer has my personal information?</h2><p>It can be possible that a <strong>tech scammer</strong> already has your information from before. In that case, follow these points.</p><ul><li><p>In any of the cases if a <strong>scammer</strong> has accessed your device, do not forget to reset it immediately.</p></li><li><p>Keep changing your <strong>passwords</strong> at regular intervals.</p></li><li><p>Make sure to run your device with <strong>windows security</strong> to keep the device away from malware.</p></li><li><p>Inform your credit card provider if you have ever paid for the service. This will ensure that no further payments take place again.</p></li><li><p>Immediately remove all the software from your device which a scammer asked you to install.</p></li><li><p>Update your device on time. For this, check for updates through settings at regular intervals.</p></li></ul><h2>Impact of technical scams</h2><p>You might face these problems if you are being <strong>scammed</strong>.</p><ul><li><p>They will ask you to <strong>download software</strong> that can make your device vulnerable.</p></li><li><p>Scammers can make you involved in <strong>malicious activities</strong> and hence they can steal your information including bank details and all.</p></li><li><p>Take you to some <strong>fraud sites</strong> and ask you to enter your bank information.</p></li><li><p>They can ask for your <strong>credit card</strong> details to pay the fee for the services.</p></li></ul><h2>Types of tech scams</h2><p>There are various types of tech scams taking place today. We have discussed some possible scam types below. </p><h3>Web scams:</h3><p>Scammers first confirm that your device has some problems that do not exist. Hence, you will be asked to move on to some <strong>malicious websites</strong>. These websites will assure you that your device has such problems. Hence, you will take support and pay for it even if it is not needed.</p><h3>Phone scams:</h3><p><strong>Phone scams</strong> are generally done by direct calling and behaving like it's a call from Microsoft. Further, they take the personal information of the user. Also, they may ask you to install some software to fix your device. Once you download the software and give your information, your device is under the <strong>hands of scammers</strong>. </p><h3>Other forms of scams</h3><p>This can be done in the form of <strong>malware</strong>. Malware generally displays messages and fake virus pop-ups. Scammers thus will connect you to some other activities to <strong>steal</strong> your <strong>information</strong>. They can reach you via various means such as <strong>mail, text,</strong> and more.</p><h2>Conclusion</h2><p>So, in real life, you might face some issues with your device. So, it is better to contact <strong>Microsoft customer support</strong> or <strong>TechDrive Support's technical experts</strong> from the official site to get <strong><a href="https://www.techdrivesupport.com/contact-us">24/7 assistance</a>.</strong> Even if you come across any virus alerts or other pop-ups simply ignore that. Never reach out to any contact you receive with a <strong>pop-up</strong>. </p><p>We have discussed everything about <strong>technical scams happening today. Protect yourself from scams</strong> today. <strong><a href="https://www.techdrivesupport.com/about-us">TechDrive Support Inc</a></strong> always thinks about its <strong>customers</strong> and tries to protect them. Reach us through the comment section in case of any problems. </p></div>It's Tax Time: Play it Safe or Lose Your Identityhttps://globalriskcommunity.com/profiles/blogs/it-s-tax-time-play-it-safe-or-lose-your-identity2020-03-12T12:57:52.000Z2020-03-12T12:57:52.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Once again, tax time has rolled around, and though you technically have until April 15<sup>th</sup>, it’s always best to file a bit earlier…especially if you want to avoid setting yourself up for ID theft.</p><p><strong>How Could Filing Taxes Compromise Your Identity?</strong></p><p><img src="https://activerain-store.s3.amazonaws.com/image_store/uploads/agents/robertsiciliano/files/003.jpg" alt="" width="306" height="200" align="right" /></p><p>Here’s how you could become a victim of ID theft just by filing your taxes: the first method is that a thief uses your Social Security number to file taxes, and then they steal your refund. The second method that they use is they take your Social Security number, get a job while using your Social Security number, and then their employer reports that income to the IRS. When that happens, the IRS gets your return, flags it as suspicious, and you could get a big tax bill in the process.</p><p>Of course, in either case, you could face some big problems. You could, for instance, be unable to file your own tax return or collect your refund…at least for a while until the IRS sorts it out. You also might find that the thief has used your Social Security number to get credit cards, loans, or other cash that will wreck your credit.</p><p><strong>How do Thieves Get Your Information?</strong></p><p>The big question here is this: how do the ID thieves get your Social Security number in the first place? Generally, they do it by hacking. For instance, do you remember the Equifax hack from 2017? Millions of people were affected, and you, too, could have been involved in that. It’s possible that thieves could get your Social Security info from hacks just like this one.</p><p><strong>What to Do if You are a Victim</strong></p><p>If you learn that you are a victim of tax ID theft, there are some things that you can do.</p><ul><li>Fill out Letter 5071C – This is a form that the IRS sends if it feels like your tax return is suspicious.</li><li>Fill out Form 14039 – This form alerts the IRS that you believe you are a victim or potential victim of tax ID or regular ID theft.</li><li>Get an Identity Protection PIN – This is a number that the IRS can give you to confirm your identity on any future returns.</li><li>Report to the Federal Trade Commission – You should also file a report at IdentityTheft.gov to alert the FTC of the situation.</li><li>Contact your state’s tax office – Also, make sure to contact the tax office in your state. It might have other recommendations for you.</li></ul><p>If you have tried to e-file and get a rejection, you should still file a paper return via mail. Also, call the IRS Identity Protection Unit for help. An agent can get you started on taking care of the issue and make sure your taxes are filed appropriately.</p><p>ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of<span> </span><a href="https://creditparent.com/" target="_blank">CreditParent.com</a>, the architect of the<span> </span><a href="https://protectnowllc.com/" target="_blank">CSI Protection</a><span> </span>certification; a Cyber Social and Identity Protection<span> </span><a href="https://safr.me/actnow/" target="_blank">security awareness training</a><span> </span>program.</p></div>Two Common Government Employee Impersonation Scams: What to Watch Forhttps://globalriskcommunity.com/profiles/blogs/two-common-government-employee-impersonation-scams-what-to-watch2019-08-27T14:34:43.000Z2019-08-27T14:34:43.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>One of the biggest threats that taxpayers are facing these days is an aggressive scam where criminals call victims and pretend to be IRS agents. The goal? To steal money.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/003.jpg" alt="" width="300" height="196" align="right" /></p><p>All year but especially during tax filing season, the IRS will see a big surge in the number of scam calls, which tell victims that they will be arrested, deported, or have their driver’s license revoked if they don’t pay a fake tax bill.</p><p><strong>How the Scams Work</strong></p><p>These scammers make calls to people and claim to be from the IRS. They inform the victim that they have an unpaid tax bill, that must be paid immediately, either through a prepaid debit card or wire transfer. To make this sound even more legitimate, the scammers might also send a phishing email or make robo-calls to the victims.</p><p>To get the victims to pay, and to pay quickly, they make threats, as mentioned above. On top of this, they also can alter the number they are calling from through caller ID spoofing services to make it look like the IRS is actually calling. The scammers also will use badge number and IRS titles to make themselves sound more official.</p><p>The IRS is onto these scams, of course, and it has released information to remind taxpayers to be aware of them. For instance, a report from the Treasury Inspector General for Tax Administration, TIGTA, states that there are more than 12,000 people who have paid more than $63 million due to these phone scams over the past few years.</p><p><strong>Recognizing an IRS Scam</strong></p><p>There are certain things that the IRS will never do, so if you see any of these things, or you are asked to them, you can be sure that it’s a scam.</p><p>The IRS will NEVER:</p><ul><li>Threaten to bring in local police for not paying your tax bill</li><li>Ask you to pay via a gift card or wire transfer</li><li>Demand that taxes are paid without question or the opportunity to appeal</li><li>Ask for debit or credit card numbers over the phone</li><li>Call about an unexpected refund</li><li>Call to collect money without first sending a tax bill</li></ul><p>If you get a call from the “IRS” asking for any of this, hang up.</p><p><strong>There are </strong><a style="color:#f30e0e;" href="https://safr.me/blog/2019/04/30/new-phone-scam-scares-with-social-security-sham/"><strong>Social Security Administration Scams</strong></a><strong> Out There, Too</strong></p><p>The IRS is not the only government agency plagued by scams. People are also getting scammed by people claiming to be from the Social Security Administration, or SSA. The goal here is to try to get your Social Security number.</p><p>Basically, someone will call you and claim to be from the SSA in an attempt to collect your personal information, including your Social Security number. If you get a call like this, you should definitely not engage with the caller, nor should you give them any money or personal information.</p><p>One of the ways that scammers are so good at getting this information is that they try to trick their victims by saying their Social Security number has been suspended due to suspicious activity, or that it has been connected to a crime. They will ask the victim to confirm their SSN in order to reactivate it.</p><p>Sometimes, they might even go further with this and tell the victim that their bank account is about to be seized, but they can keep the money safe…by putting it on a gift card, and then sending the code to the scammer.</p><p>You might wonder why people fall for this, but it really is easy for these scammers to change their phone number to show the same number as the SSA on caller ID. But this is a fake number…it’s not really the Social Security Administration.</p><p>There is also the fact that the scammers will say that someone has used your personal Social Security number to apply for a credit card, and because of this, you could lose your Social Security benefits. They also might say that your bank account is close to being seized, and you must withdraw your money or wire it to a “safe account,” which is, of course, the account of the scammer.</p><p>Here’s some of the details about these scams that you need to know:</p><ul><li>Your Social Security number won’t be suspended. You never have to verify your number to the SSA, either and the agency can’t just seize your bank account.</li><li>The SSA will never call you about taking your benefits or tell you that you must wire money to them. If you are asked for money from the SSA, it is a scam.</li><li>The SSA’s number is 1-800-772-1213, but scammers are using this to appear on caller ID. So, it looks legitimate. So, if you get a call from this number, hang up and call it back. This way, you can be sure you are talking about the SSA and get the information you need…or find out that someone was trying to scam you.</li></ul><p>Do not give your Social Security number to anyone over the phone or via email…also, don’t give your credit card number or bank account number to anyone over the phone or via email.</p><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>Florida City Pays Hackers $600,000 after Scamhttps://globalriskcommunity.com/profiles/blogs/florida-city-pays-hackers-600-000-after-scam2019-07-25T15:38:24.000Z2019-07-25T15:38:24.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/shopping-scam.jpg" alt="" width="300" height="199" align="right" /></p><p>This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.</p><p>According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.</p><p>There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.</p><p>Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.</p><p>The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.</p><p>Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.</p><p>Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.</p><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>Police Say Scammers Are Stealing Deposits from Homeownershttps://globalriskcommunity.com/profiles/blogs/police-say-scammers-are-stealing-deposits-from-homeowners2019-07-04T18:08:59.000Z2019-07-04T18:08:59.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>The police in Port St. Lucie Florida have claimed that scammers are now posting homes as available for rent or purchase. You rent/purchase the home by putting a deposit down on the house, but you’re never given any keys.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/3B.jpg" alt="" width="300" height="223" align="right" /></p><p>The scammers are getting their victims to the property and even a tour of the house, but when it comes time to move in, the victim is left without any options. The tour aspect of the scam is important here. This legitimizes the fake agent as real.</p><p>Local realtors say that there are a few things you can look for to ensure that your money gets to the right person and you have a place to live.</p><p>If the price doesn’t feel right or the deal is too good to be true, you should be very wary. Of course, the seller or renter might also ask way too many questions or require too much information upfront, which is also indicative of a scam.</p><p>Scammers tend to post ads on Craigslist and actually use houses that are for sale. Then, they ask the victim to tour the house and the scammer provides the lockbox pin code to get inside. The question is, how do the scammers get that information?</p><p>The only way to get access to the system is if you are a real estate agent. If they aren’t stealing the agent’s information, there are seemingly endless hoops to jump through before gaining access to that piece of information.The victims are told by the Fake Agent the keycode for the lockbox which allows them entry;</p><ul><li>The keycode is either told to the scammer by the real real estate agent via phone or email</li><li>The real estate agents email is hacked and the code lies in the hacked email somewhere.</li><li>The scammer poses as another real estate agent and scams the code via phone or email</li></ul><p>Once the victim sees the place and has some trust in the scammer, the scammer can ask for a security deposit or down payment on the home. Police officers claim that scammers take your money but don’t give you the keys.</p><p>How can you make sure the listing is legitimate? If they ask you to call a number that isn’t local or send you to a website that looks off or isn’t recognizable, it’s best to double-check the information. You can call the real estate company, search the address of the property and seek other listings. Along with such, realtors do not give pin or lock-box codes to anyone for safety purposes.</p><p><a href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a><span> </span>personal security and<span> </span><a href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a><span> </span>and speaker is the author of<span> </span><a href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this<span> </span><a href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a><span> </span>video.</p></div>WARNING: You or Your Members Could be Targets of List Scamshttps://globalriskcommunity.com/profiles/blogs/warning-you-or-your-members-could-be-targets-of-list-scams2019-05-23T17:15:55.000Z2019-05-23T17:15:55.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/scam.jpg" alt="" width="300" height="200" align="right" /></p><p><strong>These Lists are Lies</strong></p><p>Along with conference invitation scams, many associations are targets of list scams. A quick search of “<a style="color:#f30e0e;" href="https://www.google.com/search?q=Attendee+List+Sales+Scam&oq=Attendee+List+Sales+Scam&aqs=chrome..69i57j69i60.1385j0j4&sourceid=chrome&ie=UTF-8">Attendee List Sales Scam</a>” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.</p><p>Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.</p><p>Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.</p><p>To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.</p><p>If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.</p><p><strong>More Conference Invitation Scams</strong></p><p>Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.</p><p>So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards.</p><p><strong>But Wait…There’s More</strong></p><p>Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.</p><p>When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.</p><p><strong>Know Your Options</strong></p><ul><li>It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference</li><li>If in doubt, confirm with the company that the offers from third-party claims are correct.</li><li>You can also get an official exhibitor list of official vendors.</li><li>Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.</li><li>Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.</li></ul><p><strong>Wi-Fi Hacks</strong></p><p>Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.</p><p>Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.</p><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>New Phone Scam Scares with Social Security Shamhttps://globalriskcommunity.com/profiles/blogs/new-phone-scam-scares-with-social-security-sham2019-05-01T15:07:39.000Z2019-05-01T15:07:39.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>We all get scam phone calls, but the newest one is meant to scare. When you pick up the phone, you get a message that your Social Security number is suspended due to suspicious activity, and then prompts the victim to speak with an agent to get help.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/054.jpg" alt="" width="300" height="199" align="right" /></p><p>The FTC makes something very clear: your Social Security number cannot be suspended for any reason, so any call that states your SSN is under suspension is a scam. What they are really trying to do is to trick you into giving them your actual Social Security number along with information such as your birthday and bank account number. </p><p>This scam is just a tricky variation of a scammer’s trick that often works. In this case, they are trying to scare you first, and then offer to help…but in reality, these scammers are trying to steal your information.</p><h4>Remember These Social Security Facts</h4><p>If you get a call about your Social Security number, you should remember the following:</p><ul><li>The Social Security Administration only calls from one number: 800-772-1213.</li><li>A Social Security Number cannot ever be suspended.</li><li>The Social Security Administration won’t ever threaten an arrest.</li><li>You will probably NEVER get a call from the SSA.</li></ul><p>Also, of course, remember this: NEVER give your SSN to someone who contacts you that you don’t know.</p><h4>The Scam</h4><p>There are a few variations of this scam. The first is that they call and say that your SSN is suspended due to suspicious activity. They then say, if you want to know more about the case, press 1. When you do, of course, you are connected to an agent who is trained to get your information.</p><p>Another variation of this scam is a bit more aggressive. In this case, it states that law enforcement has suspended your Social Security number because of suspicious activity. You are advised to call a toll-free number immediately and verify your SSN. The scam also claims that if you do not call the number, an arrest warrant will be issued, and you, of course, would be arrested. Though not everyone will get one of these calls, if you do, you should definitely pay attention. Again, the SSA would never suspend a Social Security number, nor would it threaten to arrest you. It’s also good practice to never give you SSN to anyone who asks for it over the phone. Instead, hang up and go on with your day.</p><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>How To Determine a Fake Websitehttps://globalriskcommunity.com/profiles/blogs/how-to-determine-a-fake-website2019-01-22T16:32:28.000Z2019-01-22T16:32:28.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/007.jpg" alt="" width="320" height="193" align="right" /></p><p><strong>How Did I Get Here?</strong></p><p>Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.</p><p><strong>Are There Grammar or Spelling Issues?</strong></p><p>Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.</p><p><strong>Are There Endorsements?</strong></p><p>Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets<em style="margin:0px;padding:0px;border:0px transparent;font-variant:inherit;font-weight:inherit;font-size:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;">, </em>for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.</p><p><strong>Look at the Website Address</strong></p><p>A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at <a href="https://www.Coach.com">https://www.Coach.com</a> for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com. Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is <a href="http://www.C0ach.com">www.C0ach.com</a> legit”, which may pull up sites debunking the legitimacy of the URL.</p><p><strong>Can You Buy With a Credit Card?</strong><strong> </strong></p><p>Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.</p><p><strong>Are the Prices Amazing?</strong></p><p>Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.</p><p><strong>Check Consumer Reviews</strong></p><p>Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.</p><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>Are Your Employees Putting Your Company at Risk? Here’s How to Find Out!https://globalriskcommunity.com/profiles/blogs/are-your-employees-putting-your-company-at-risk-here-s-how-to2018-05-18T13:37:46.000Z2018-05-18T13:37:46.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Even if you have the best security on your computer network, you might have noticed that you still seem to get hacked…or worse. Ask Equifax. Why is this happening? It’s probably because a member of your staff has made it easy for cyber criminals to get inside. It’s really important that you find out who this person is, and keep in mind…it might be more than just one. And it may not even involve security technology.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/lee-campbell.jpg" alt="" width="300" height="200" align="right" /></p><p>Part of the problem here, is that employees who “open the door” for these criminals probably don’t even realize they are doing it. These criminals are smart, and they make themselves look really authentic. Sometimes, these crooks even disguise themselves as people your staff know. So, how do you find out who’s letting the bad guys in? Here are some things to try:</p><p><strong>Phishing simulation:</strong></p><ul><li>Set up a fake website, and then create a fake email campaign. Send these out to your staff members from a fake address, or better, a real looking address similar to your corporate domain, and see how many people take the bait. You might have to work with someone on your IT staff to spoof the sender’s email address. Make sure it looks legitimate or they will see right through it.</li><li>Though this might take some time and effort to do, it is a good way to find out where your worries might lie in regards to the cyber security knowledge of your staff.</li><li>You can also hire a security expert to do this for you. They will create, run, and track your campaign. However, these experts are not cheap, and the campaign isn’t just a one-time thing. Instead, it’s ongoing.</li><li>There are also many phishing simulation security awareness vendors offering free trials just to see how vulnerable you may be.</li><li>It only takes a single click to cause a data breach. So, your main goal with this experiment is to find out who that clicker is. Or, who ALL those clickers are.</li><li>You should send out several fake emails, which ask your staff to click a link. Make sure, however, that they are very random. They shouldn’t be on any type of schedule.</li><li>Remember, you want to make it look like these are coming from a trusted source. Like a charity, existing vendor, coworker, company officer etc.</li><li>When you find out who is prone to clicking, you should take them aside and fill them in on the campaign. Don’t lecture them or discipline them. Instead, show them what they did wrong and fill them in on the consequences.</li><li>Some phishing simulation security awareness vendors offer ongoing computer based training specializing in bringing these clickers up to speed and changing their behavior.</li><li>Now that you know who the clickers are, send them other staged emails a couple of times a month. See if they click again.</li><li>You may choose to make sure they know that the random fake emails are coming. This helps to keep them alert to this issue. Or, not and see how that affects their behavior.</li><li>By using this approach, you can help your staff slow down a bit, and really think about what they are doing when they get an email with a link.</li><li>You can also create a company policy: Do NOT click on any links in emails on company computers. This helps to stop the need for that employee analysis and will make your staff question each email that comes through.</li><li>Even with this policy in place, continue to send fake emails to see if someone is disregarding the new rules.</li></ul><p>Criminals use fundamental principles of influence and the basics in the psychology of persuasion. There is a science to their process no different than how advertisers, sales and marketers get us to buy stuff. Getting snared isn’t difficult. Being smart and cautious isn’t difficult either. It just requires a little training and reprogramming.</p><p><a href="http://robertsiciliano.com/" target="_blank">Robert Siciliano</a> personal security and identity theft expert and speaker is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996" target="_blank">99 Things You Wish You Knew Before Your Identity Was Stolen</a>. See him knock’em dead in this <a href="https://www.youtube.com/watch?v=2m3Ra6ROPeA&index=1&list=PL68455D9C6D4E9101&t=237s" target="_blank">identity theft prevention</a> video.</p></div>14 Social Media Disasters Ready to Strikehttps://globalriskcommunity.com/profiles/blogs/14-social-media-disasters-ready-to-strike2018-03-01T14:41:04.000Z2018-03-01T14:41:04.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>There are many ways that you or a small business could get caught up in a social media disaster. Can you think of any off the top of your head? If you are like most of us, probably not. Here are 14 ways that you could be in danger:</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/twitter-facebook-together.jpeg" alt="" width="300" height="200" align="right" /></p><ol><li><strong>A Terrible Online Reputation –</strong> Do you keep a watchful eye on you or your business’ Facebook page? Are people posting to it? Are your staff? Even things that seem good-natured at first can be taken the wrong way by friends or potential customers.</li><li><strong>Racy Images or Text –</strong> If you or your employees are sharing racy text or images on social media, it could negatively affect your life or business. Though you definitely can’t control what they are posting, you can certainly educate them on the smart use of social media. Typically, these things happen because someone is ignorant about it, not feeling malicious. Even something as innocent as sharing a scantily clad photo of themselves while at work or play could give you or your company a bad name.</li><li><strong>Imposters –</strong> You might be surprised, but there could be someone out there posing as you or your business. So, make sure to patrol the internet to see if anyone is using your company’s logo or name. This even includes phony websites. Set up a Google Alert to notify you if your name or your business name appears online.</li><li><strong>Financial Identity Theft –</strong> It might seem harmless to post a photo of your employee’s puppy on your company website, but it could lead to financial identity theft. How? Well, if you post the photo, you surely would post the name of the cute little guy, and many people use their pet’s names as their passwords or answers to security questions. With that name, now identity thieves could have one more piece of the pie that they will use to hack into a financial account. Post pics of puppies all day long, just don’t use their names.</li><li><strong>Photo Geo Tracking –</strong> When you post photos, make sure that the GPS technology is off. This way, criminals can’t use it to find you or your employees addresses. Yes, GPS technology can save lives, but it can also ruin them.</li><li><strong>Robberies at Home –</strong> Make sure to educate your family or staff about the dangers associated with posting business or vacation travel information on social media. Burglars often use social media as a way to find a good house to break into. If they know Bob in accounting is out of the office and on vacation, they also know that he is likely not home, making his house a target.</li><li><strong>Corporate Snoops –</strong> It’s also possible that a spy could set up a page on Facebook, post as an employee of a well-known company or other branch, and then attract your real employees to a fake group. This way, he knows that they could give him sensitive information about your business, as they see him as trustworthy.</li><li><strong>Sex Offenders –</strong> Know who you are talking to online. Also, make sure to tell your staff to be careful when communicating with someone new. This person could be a sex offender, or worse.</li><li><strong>Attack of the Badmouth –</strong> At some point or another, you will get a disgruntled employee. Perhaps this person believes that they were unjustly terminated, or maybe they still even work for you. Employees who believe they have been “picked on” might try to get revenge by posting a bad review or blog about your company.</li><li><strong>Bullies –</strong> You might also find that one of your friends or employees is a bully. Are they posting bullying comments on your social media sites? If so, it could be bad for business.</li><li><strong>Government Spies –</strong> Even if it seems outlandish, many reports say that there are certainly law enforcement agents of the U.S. government that use social media to learn more about criminal suspects.</li><li><strong>Fake Sites –</strong> Someone could set up a fake site and pretend that they are from your business. When customers go to that site, they unknowingly give information about themselves, such as account numbers, email addresses, and phone numbers. Now, the bad guys have access to this information.</li><li><strong>Account Takeovers –</strong> You might remember when the show 60 Minutes, the Associated Press and others had their Twitter account hacked. The AP tweet that got out, claimed that then President Obama had been attacked at the White House. The stock market dropped significantly causing billions in losses as a result. If it can happen to the AP, it can certainly happen to you.</li><li><strong>Liability –</strong> Though you can use Facebook’s privacy settings to hide posts, that doesn’t mean that they can’t be used in some type of legal case. And studies show that Facebook is being used as evidence in 1 out of 5 divorce cases.</li></ol><p>What is the takeaway here? It’s that there is no such thing as a fully private Facebook page just because you might have all of the privacy tools in use. A person with bad intentions, or your own ill conceived posts or a skilled hacker can still get in and ruin your good earned reputation.</p><p><a href="http://robertsiciliano.com/" target="_blank">Robert Siciliano</a> personal security and identity theft expert and speaker is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996" target="_blank">99 Things You Wish You Knew Before Your Identity Was Stolen</a>. See him knock’em dead in this <a href="https://www.youtube.com/watch?v=2m3Ra6ROPeA&index=1&list=PL68455D9C6D4E9101&t=237s" target="_blank">identity theft prevention</a> video.</p></div>10 Surefire Staff Security Awareness Techniqueshttps://globalriskcommunity.com/profiles/blogs/10-surefire-staff-security-awareness-techniques2018-01-18T15:50:48.000Z2018-01-18T15:50:48.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Think about how great this would be: Imagine that all of your company data is safe from hackers. Your hardware is totally safe and secure. You have IT specialists at your disposal at all times and have a constant flow of cash to pay them.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/employee_training.jpg" alt="" width="300" height="199" align="right" /></p><p>Unfortunately, this is a fantasy for most of us. No matter how secure we think our network is or how much we pay our IT people, there is always a chance for a data breach. Does this mean we should stop the fight, though? No way.</p><p>Instead of throwing in the towel, it’s very important that you start focusing on security awareness, and this starts with teaching your staff how to handle sensitive company data and keep it safe from the bad guys. Here are some strategies that might work to get the message across:</p><ul><li>Make sure that every employee on your staff understands how important security is, especially at their own workstation. Each employee you bring on in the future should also be instructed in this before being allowed to access the company’s network.</li><li>Safety, security and privacy policies must be in place and must address all the necessary concerns required to keep all data in check. Review these policies with new and current employees.</li><li>Set up some fake “phishing” emails to see if any of your staff take the bait. This fake set up will get the point across to your staff without putting your network at risk.</li><li>Set up a policy that terminates any employee that is involved in a data breach. This is a great incentive to keep company information safe.</li><li>Install software onto your network that can detect when your staff is doing something that they shouldn’t be doing. This software isn’t meant to discipline staff. Instead, it’s meant to alert them when they are doing something dangerous that could put sensitive information at risk</li><li>Make sure your staff understands all of the cyber-attack warning signs. This way, they can easily spot anything suspicious.</li></ul><p><strong>Maximize Security Awareness in the Workplace</strong></p><p>Here are eight ways to further maximize security awareness in the workplace:</p><ol><li><strong>Create a Baseline</strong> – Before you can get any type of awareness training going, it’s important to know where you stand. So, do something like a fake phishing email and see how many employees fall for it. This way, you know how much work you have ahead of you.</li><li><strong>Remain Realistic with Social</strong> – Thinking that you can totally ban any activity that puts your network at risk, such as social media, isn’t very realistic. Instead, teach your employees to be careful when using these websites. Show them example after example of how social posting has gone south ending up in firings.</li><li><strong>Use the Right Tools</strong> – Stock your arsenal with the right tools. There are programs out there that can help with security awareness in the workplace. “Phishing simulation training” is a quick search.</li><li><strong>Use your Creativity</strong> – Even if you don’t have a lot of cash to use, you can still make this a fun learning process for your staff. For instance, if its Christmas time, hand out candy canes to your staff, but around each candy, put a small paper with the company’s security policy printed on it.</li><li><strong>Get the Help of High-Ranking Execs</strong> – If you can get the execs to help you out, employees are likely to listen. How can you do this? Mention the term “return on investment” and relate it to your company’s security. You can be sure that this will get them moving. And remind them that company officer are being fired left and right when there is a data breach.</li><li><strong>Bring in Other Departments</strong> – It also is a good idea to bring in other departments to help with security awareness. Even people that might not be connected to your network, such as cafeteria or housekeeping staff, can be helpful. You should also make sure to involve your HR department, because they can usually encourage staff to follow policies. Accounting needs to have a say too.</li><li><strong>Evaluate Your Plan Often</strong> – Every 90 days, take a look at how your program is doing. This is quite effective. To avoid any type of information overload, you should take it slow, too. Perhaps only introduce security topics every three months or so, and then evaluate employee performance 90 days after.</li><li><strong>Provide Security “Appreciation” training</strong> – This goes beyond security awareness training into the realm of getting into cultural and societal misconceptions, myths and inaccuracies that perpetuate a lack of accountability. Example: “It can’t happen to Me” is total BS and is a form a denial preventing people from being proactive.</li><li><strong>Personalize the Experience</strong> – Some employees won’t get serious about things until they are affected. So, make sure that your staff understands that security awareness is about them, too, not only the executives of the company. Make sure they also know that they can use the same practices at home to keep their personal information safe.</li></ol><p><strong>Teach Them Actual Self Defense</strong> – Might sound crazy, but understanding how to save their own lives or the life of a loved one in the event of a physical attack provides an enormous amount of perspective. This is one simple way to open one’s mind on the value of security.</p><p><a href="http://robertsiciliano.com/" target="_blank">Robert Siciliano</a> personal security and identity theft expert and speaker is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996" target="_blank">99 Things You Wish You Knew Before Your Identity Was Stolen</a>. See him knock’em dead in this <a href="https://www.youtube.com/watch?v=2m3Ra6ROPeA&index=1&list=PL68455D9C6D4E9101&t=237s" target="_blank">identity theft prevention</a> video.</p></div>Phishing is Getting Fishierhttps://globalriskcommunity.com/profiles/blogs/phishing-is-getting-fishier2017-05-02T12:18:43.000Z2017-05-02T12:18:43.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>If you are like most of us, you have undoubtedly received an email that has asked you to click on a link. Did you click it? If you did, you are like 99% of internet users because clicking links in normal. But in some situations you may have found that the link took you to a new or maybe spoofed website where you might be asked to log in. If you ever did this, you may have been the victim of a likely phishing attack, and these attacks are getting fishier all of the time.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/13D1.jpg" alt="" width="326" height="200" align="right" /></p><p><strong>A What? Phish? Fish?</strong></p><p>It’s called a <a style="color:#bb0000;" href="http://www.trustedalarm.com/">phishing</a> attack, and yes, it’s a play on words. When you fish, you throw a hook and worm into the water and hope you catch something. Hackers do the same when they phish. Except, their hook and worm, in this case, is an interesting looking email that they hope you are going to click on…its then, that they can reel you in. There are a few different types of phishing:</p><ul><li>Spoofed websites – Hackers phish by using social engineering. Basically, they will send a scam email that leads to a website that looks very familiar. However, it’s actually a spoof, or imitation, that is designed to collect credit card data, usernames and passwords.</li><li>Phishing “in the middle” – With this type of phishing, a cybercriminal will create a place on the internet that will essentially collect, or capture, the information you are sending to a legitimate website.</li><li>Phishing by Pharming – With phishing by pharming, the bad guys set up a spoof website, and redirect traffic from other legitimate sites to the spoof site.</li><li>Phishing leading to a virus – This is probably the worst phish as it can give a criminal full control over your device. The socially engineered phish is designed to get you to click a link to infect your device.</li></ul><p><strong>Can You Protect Yourself from Phishing?</strong></p><p>Yes, the standard rule is “don’t click links in the body of emails”. That being said, there are emails you can click the link and others you shouldn’t. For example, if I’ve just just signed up for a new website and a confirmation email is then sent to me, I’ll click that link. Or if I’m in ongoing dialog with a trusted colleague who needs me to click a link, I will. Otherwise, I don’t click links in email promotions, ads or even e-statements. I’ll go directly to the website via my password manager or a Google search.</p><p><a style="color:#bb0000;" href="http://robertsiciliano.com/">Robert Siciliano</a> personal security and <a style="color:#bb0000;" href="http://www.trustedalarm.com/">identity theft</a> expert and speaker is the author of <a style="color:#bb0000;" href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a>. See him knock’em dead in this <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a> video.</p></div>Investigators Using Social Media to Find Missing Childrenhttps://globalriskcommunity.com/profiles/blogs/investigators-using-social-media-to-find-missing-children2017-04-22T13:50:13.000Z2017-04-22T13:50:13.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Gone are the days when social media is only used to share what you had for dinner or announcing to the world that you are headed to the gym. But social media has become a platform for any and everyone to say what’s on their mind, and sometimes that’s great, but all too often it isn’t. Social is significantly lacking in decorum. But at least some are using social for good.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/14D.PNG" alt="" width="300" height="302" align="right" /></p><p>These days, law enforcement is using social media to find missing children.</p><p>Washington, DC police are leading the way on this. In 2017, alone, the district is averaging about 190 missing kids a month. By using social media, information about the children is getting out quickly. Previous to this, the district was issuing press releases, but with social media, there are now thousands of people getting information about these children.</p><p>This new way of spreading the word is helping to find missing children, for example a Twitter user recently created a screenshot of several missing person’s flyers. She then shared the tweet with her followers, and it received over 108,000 retweets. It also, however, raised the red flag that these girls might be the victims of a human-trafficking scheme.</p><p>DC police admits that missing children are vulnerable to this type of exploitation, but are quick to point out that there is no evidence that these missing people were linked to any type of known human trafficking scheme.</p><p>Other groups, such as the Black and Missing Foundation, are also using <a style="color:#bb0000;" href="http://www.trustedalarm.com/">social media</a> to share leads, but still use traditional media, too. For instance, in 2012, a missing teen in New York was found in a matter of hours after her story appeared on the television show, <em>The View.</em></p><p>Thanks to this new way of making the public aware of missing kids, DC police are seeing results. During the last two weeks of March, for instance, eight children were found after their stories were shared on social media.</p><p><a style="color:#bb0000;" href="http://robertsiciliano.com/">Robert Siciliano</a> personal security and <a style="color:#bb0000;" href="http://www.trustedalarm.com/">identity theft</a> expert and speaker is the author of <a style="color:#bb0000;" href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a>. See him knock’em dead in this <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a> video.</p></div>How to Digitally Secure The Remote Teleworkerhttps://globalriskcommunity.com/profiles/blogs/how-to-digitally-secure-the-remote-teleworker2017-03-22T14:18:44.000Z2017-03-22T14:18:44.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/8D.jpg" alt="" width="300" height="207" align="right" /></p><p>New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.</p><p>Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s <a style="color:#bb0000;" href="http://www.trustedalarm.com/">security</a> plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:</p><ol><li><strong>Use Cloud-Based Storage</strong> – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.</li><li><strong>Encrypt Devices When You Can –</strong> When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.</li><li><strong>Set Up Automatic Updates –</strong> You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.</li><li><strong>Use Best Practices for Passwords –</strong> You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.</li><li><strong>Create Secure Network Connections –</strong> Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.</li><li><strong>Increase Awareness</strong> – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.</li><li><strong>Use Encrypted Email Software –</strong> Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.</li><li><strong>Use an Endpoint Security Program –</strong> Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.</li></ol><p>Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.</p><p><a style="color:#bb0000;" href="http://robertsiciliano.com/">Robert Siciliano</a> personal security and <a style="color:#bb0000;" href="http://www.trustedalarm.com/">identity theft</a> expert and speaker is the author of <a style="color:#bb0000;" href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a>. See him knock’em dead in this <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a> video.</p></div>Beware of these 4 Scamshttps://globalriskcommunity.com/profiles/blogs/beware-of-these-4-scams2016-08-25T14:24:07.000Z2016-08-25T14:24:07.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p><strong>IRS</strong></p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/9D.jpg" alt="" width="300" height="250" align="right" /></p><ul><li>The e-mail (or phone call) says you owe money; if you don’t pay it immediately, you’ll be put in jail or fined.The scammer may know the last four digits of the victim’s Social Security number.</li><li>Caller ID will be spoofed to look like the call is from the IRS.</li><li>The e-mail will include an IRS logo and other nuances to make it look official.</li><li>The <a style="color:#bb0000;" href="http://www.trustedalarm.com/">scammer</a> may also have an accomplice call the victim pretending to be a police officer.</li><li>The victim is scared into sending the “owed” money—which goes to the thief. Or, the thief gets the victim to reveal credit card information.</li><li>Another version is that the <em>IRS owes the victim</em>. The victim is tricked into revealing bank account information to receive the refund.</li><li>Know that the IRS will never contact you via e-mail or phone; will never threaten jail time, a fine or other threats like a driver’s license revocation.</li><li>If you owe, the IRS will send you snail mail, certified.</li><li>The IRS will never threaten to have you arrested.</li><li>If the subject line of an e-mail appears to be from the IRS, delete it.</li><li>If a phone call appears to be from the IRS, hang up.</li></ul><p><strong>Bereavement</strong></p><ul><li>Scammers scan obituaries for prey.</li><li>They then contact someone related to the deceased and claim something against the estate or that they’ll reveal a family secret scandal unless they’re paid.</li><li>If one of these scams comes your way, request written documentation of the claim.</li><li>Tell the sender you’ll send this documentation to the executor.</li><li>If you’re blackmailed, contact a lawyer.</li><li>Never arrange to meet the sender.</li></ul><p><strong>Computer Hijack</strong></p><ul><li>This may come as a phone call: A person claiming to be a Microsoft rep informs you that your computer has been hacked and he’ll fix it—or you’ll lose everything.</li><li>He wants to convince you to let him have remote control or “sharing” of your computer…and from there he’ll try to get your credit card number…</li></ul><p><strong>Investment Scam</strong></p><ul><li>Someone halfway around the world has chosen YOU to handle a large amount of money, and you’ll be paid richly for this.</li><li>The sender often has a foreign sounding name, but even common names are used.</li><li>Often, there’s some smaltzy message in the e-mail subject line like “God bless you” or “Need your help.”</li><li>Delete e-mails with any subject lines relating to investments, inheritances, mentions of money, princes, barristers or other nonsense.</li><li>If you feel compelled to open one, don’t be surprised if there are typos or that it’s poorly written. Do NOT click any links!</li></ul><p><a style="color:#bb0000;" href="http://robertsiciliano.com/">Robert Siciliano</a> CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of <a style="color:#bb0000;" href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a>. See him knock’em dead in this <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a> video.</p></div>Set Privacy on these Social Media Appshttps://globalriskcommunity.com/profiles/blogs/set-privacy-on-these-social-media-apps2016-08-04T14:35:02.000Z2016-08-04T14:35:02.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/14D.PNG" alt="" width="300" height="302" align="right" /></p><p>Parents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.</p><p>Applications have safety settings. Do you know what they are? How they work?</p><p><strong>Instagram</strong></p><ul><li>A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”</li></ul><p><strong>Snapchat</strong></p><ul><li>Enable the self-destruct feature to destroy communications quickly after they are sent.</li><li>But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.</li><li>Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.</li></ul><p><strong>Whisper</strong></p><ul><li>Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.</li><li>Go to your iPhone’s settings and change the location access to “Never.”</li></ul><p><strong>Kik</strong></p><ul><li>Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.</li><li>Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.</li><li>Don’t share usernames.</li></ul><p><strong>Askfm</strong></p><ul><li>This question-and-answer service attracts <a style="color:#bb0000;" href="http://www.trustedalarm.com/">cyberbullies</a>.</li><li>In the privacy settings, uncheck “Allow Anonymous Questions.”</li><li>The user should remain anonymous.</li></ul><p><strong>Omegle</strong></p><ul><li>This video-chatting service is a draw for pedophiles.</li><li>It should never be linked to a Facebook account.</li></ul><p>Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.</p><p><a style="color:#bb0000;" href="http://robertsiciliano.com/">Robert Siciliano</a> CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of <a style="color:#bb0000;" href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a>. See him knock’em dead in this <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a> video.</p></div>Hacking Cars Getting Easier and More Dangeroushttps://globalriskcommunity.com/profiles/blogs/hacking-cars-getting-easier-and-more-dangerous-12016-06-24T14:23:38.000Z2016-06-24T14:23:38.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>If your car is in any way connected to the Internet, it can get hacked into. You know it’s only a matter of time before hackers begin infiltrating motor vehicles in droves, being that vehicles are plagued with hundreds to thousands of security vulnerabilities.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/11D.jpg" alt="" width="300" height="228" align="right" /></p><p>This hack is more serious than you think. Drivers and passengers should be aware that “flawed” and compromised vehicles can suddenly be overtaken remotely, forced into shutting down the engine in the middle of a highway or drive the car into other cars. And it’s not just cars, but 18-wheelers and busloads of people.</p><p>In fact, white-hat hackers (the good guys) have even demonstrated that a bad hacker could take control of a motor vehicle, ranging from annoying pranks such as turning on the windshield wipers and radio, to potentially lethal actions like stopping the engine.</p><p>Hackers could demand ransom from governments in bitcoins for the return of the vehicles’ control to their drivers. Or, as the Assistant Attorney General for National Safety has indicated, “connected cars are the new battlefield”. Connected cars could be used by terrorist organizations to create havoc on mass scale. The possibilities are limited by the imagination.</p><p>This concern has motivated the FBI, Department of Transportation and the National Traffic Safety Administration to issue a public safety alert, warning consumers to keep their service schedule in order to enable to upgrade cars’ software with remedies to those security vulnerabilities.</p><p><strong>Solutions are available and in the works.</strong></p><ul><li>If your car has any web connecting abilities, do your research for year/make/model. Searched “hacked” along with the cars particulars.</li><li>Manufacturers that have discovered security vulnerabilities (often because a researcher makes it public) have offered subsequent patches in response. These notices may come in the mail or through a dealership.</li><li>It’s important to check with your cars manufactures website to determine if a vulnerability exists.</li><li>A connected vehicle has ECUs: electronic control units. An article in <a style="color:#bb0000;" href="http://fortune.com/2016/06/04/connected-cars-security-threat/">Fortune</a> says Karamba Security’s “Carwall” can detect and thwart cyber attacks. <em>Carwall</em> is like a firewall for your vehicle ECU. It detects anything that’s not permitted to load or run on ECUs.</li></ul><p>When the ECU software is being built, security software can be seamlessly embedded, becoming part of the entire process. No change of code, no developers’ know-how, no false positives and no hacks. Problem solved.</p></div>Phishing Protection 101https://globalriskcommunity.com/profiles/blogs/phishing-protection-1012016-06-16T14:30:14.000Z2016-06-16T14:30:14.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Phishing-type e-mails are designed to trick the recipient into either downloading a virus (which then gives the hacker remote control of the computer) or revealing enough information for the thief to open credit cards in the victim’s name, get into their bank account, etc.</p><p><img src="http://robertsiciliano.com/wp-content/uploads/2014/04/13D-300x184.png" alt="13D" width="300" height="184" align="right" /></p><p>There are many ways the crook can trick the victim. Here are telltale signs:</p><ul><li>The message wants you to “verify” or “confirm” your password, username or other sensitive information.</li><li>And why must you do this? Because “suspicious activity” has been detected on your account, or, your account “is at risk for being compromised.”</li><li>Your name may or may not be in the message. Always be suspect.</li><li>Financial institutions will never ask you to enter your login information in an email and be suspect on a website.</li><li>Another ploy is the subject line: There’s a sense of urgency, such as, “Your account is about to be suspended.” A business will contact you by phone or snail mail if there’s a problem.</li><li>Even if the e-mail seems to have come from your boss at work and addresses you by name, and includes a link…realize that a hacker is capable of learning enough about someone from their LinkedIn page and Facebook to then convincingly impersonate someone they know.</li></ul><p><strong>Links in E-mails</strong></p><ul><li>Typically there’s a link (when there’s not, there’s a malicious attachment).</li><li>Never click links inside e-mails even if the sender seems to be your employer, health plan carrier or other enterprise you’ve done business with.</li><li>Hover the mouse over the link. If the URL is different than what’s there, assume it’s a scam.</li><li>Generally, only click links in emails when you have to actually click the link to verify an email address once you have just signed up for a new website.</li></ul><p><strong>Additional Telltale Signs</strong></p><ul><li>Just weird stuff. For example, a person who edits for a living receives an unexpected e-mail explaining there’s an attachment that needs to be proofread; wow, a paying gig!</li><li>Not so fast. The accompanying letter is very poorly constructed, including misspellings of common words, and includes very irrelevant information, such as “I’m a single mom with three wonderful kids.” Why would THIS be included in a legitimate proofreading job?</li><li>Yet how did the scammer know you’re an editor? Because the crook’s software somehow found your e-mail on the editing gig site you registered with two years ago.</li><li>The subject line says you’ve won something, or you’ll lose something.</li><li>If you go to a website and don’t see your site key (if you registered with one), leave. But you shouldn’t have gone to the website in the first place!</li><li>Always beware of emails purportedly from FedEx, UPS, Amazon, Ebay or anything in your spam folder.</li></ul><p>Embrace the idea of deleting reams of UNREAD e-mails without having opened them. If a subject line has you worried, such as “You owe back taxes” or “Your shipment was lost,” then phone the appropriate personnel to see if this is true.</p><p><strong>If you suspect you’ve been scammed:</strong></p><ul><li>Log into whatever account might be compromised and check messages, contact customer service.</li><li>Place a fraud alert on your credit if your SSN was exposed.</li><li>Update your security software; run a full system scan.</li><li>If you revealed any login information, change that account’s login data.</li></ul><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Government risks Consumers' Identitieshttps://globalriskcommunity.com/profiles/blogs/government-risks-consumers-identities2016-06-14T14:27:39.000Z2016-06-14T14:27:39.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Guess who may be compromising the security of your Social Security Number.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/1P.jpg" alt="" width="330" height="215" align="right" /></p><p><em>The Social Security Administration!</em></p><p>Yep, that’s right. Did you know that 66 percent of the mail the SSA sends out contains someone’s Social Security number? This is what the inspector general of the SSA, Kimberly Byrd, says, and I believe it.</p><p>How many pieces of mail is this? Over 230,000,000. This situation is problematic.</p><ul><li>The SSA claims it will cost over $19 million to reduce these mailings.</li><li>It also won’t happen anytime soon.</li><li>The SSA can’t even give a time estimation for when these mailings will be cut back, and Byrd says that security should trump convenience.</li><li>It is not known what percentage of the mail-outs reach their intended addresses, and this includes the not-so-uncommon problem of mail carriers delivering to the wrong address. Imagine that the wrong recipient is also an identity thief, and sees that Social Security number upon opening someone else’s mail…</li><li>Another reason many mail-outs may end up in the wrong hands is that the addresses are no longer accurate for the recipient.</li><li>And then of course there is mail theft. Or someone can easily change your mailing address. It’s maddening actually.</li><li>Though some mailings do require the SSN, others don’t, and many other entities, such as private businesses, have found a way around this sticky problem, though this doesn’t mean they’ve eliminated 100 percent of it.</li><li>Another plan to help reduce the number of SSNs flying around out there is the use of the Beneficiary Notice Control Number—used on a case-by-case basis, says the Social Security Administration.</li></ul><p>Nevertheless, it’s maddening that the Administration has failed to yield a deadline range for these changes. Let’s face it, the SSN is responsible for the judicious handling of our Social Security numbers, and 230 million mailings—without verification that the addresses match the recipients—is hardly judicious.</p><p>Think of how often, over the past five years, you’ve accidentally received someone else’s mail. This is common and a gateway for crooks to steal somebody’s identity.</p><p><strong>The Fix</strong></p><ul><li>The SSA should make deletion of SSNs from their correspondence a top priority—and once they do that, things will start falling more together.</li><li>Revisit the estimated cost it would take to implement the reduction of mail containing SSNs.</li><li>YOU need to getting a locking mailbox.</li><li>YOU need to get a <a style="color:#bb0000;" href="http://robertsiciliano.com/blog/2014/07/15/everything-you-need-to-know-about-a-credit-freeze/">credit freeze</a> and invest in <a style="color:#bb0000;" href="http://robertsiciliano.com/blog/2013/09/13/does-identity-theft-protection-really-work/">identity theft prevention</a>. These two solutions make your SSN relatively less attractive to a thief.</li></ul><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Beware of the CEO E-mail Scamhttps://globalriskcommunity.com/profiles/blogs/beware-of-the-ceo-e-mail-scam2016-05-11T14:16:34.000Z2016-05-11T14:16:34.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/email.PNG" alt="" width="300" height="298" align="right" /></p><p>The hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.</p><p>The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.</p><p>Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.</p><p>This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:</p><ul><li>Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.</li><li>Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.</li></ul><p>Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.</p><p>Next, the victim should file a complaint with the IC3.</p><p><strong>How can businesses protect themselves from these scam e-mails?</strong></p><ul><li>Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.</li><li>Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.</li></ul><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Security Appreciation lackinghttps://globalriskcommunity.com/profiles/blogs/security-appreciation-lacking2016-04-19T14:36:44.000Z2016-04-19T14:36:44.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>What’s it gonna take for companies to crack down on their cybersecurity? What’s holding them back? Why do we keep hearing about one company data breach after another?</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/1S.jpg" alt="" width="335" height="200" align="right" /></p><p>Well, there’s just not enough IT talent going around. The irony is that most company higher-ups admit that cybersecurity is very important and can even name specific situations that could compromise security, such as</p><p>having multiple vendors vs. only a single vendor; not having quality-level encryption in place; allowing employees to bring their own mobile devices to work and use them there for business; and having employees use cloud services for business.</p><p>Many even admit that they lack confidence in preventing a sophisticated malware onslaught and are worried about spear phishing attacks.</p><p>So as you can see, the understanding is out there, but then it kind of fizzles after that point: Businesses are not investing enough in beefing up their cybersecurity structure.</p><p>Let’s first begin with signs that a computer has been infected with malware:</p><ul><li>It runs ridiculously slow.</li><li>Messages being sent from your e-mail—behind your back by some unknown entity.</li><li>Programs opening and closing on their own.</li></ul><p>What can businesses (and people at home or traveling) do to enhance cybersecurity?</p><ul><li>Regularly back up all data.</li><li>All devices should have security software and a firewall, and these should be regularly updated.</li><li>Got an e-mail from your boss or company SEO with instructions to open an attachment or click a link? Check with that person first—by phone—to verify they sent you the attachment or link. Otherwise, this may be a spear phishing attempt: The hacker is posing as someone you normally defer to, to get you to reveal sensitive information.</li><li>Mandate ongoing security training for employees. Include staged phishing e-mails to see who bites the bait. Find out why they bit and retrain them.</li><li>Never open e-mails with subject lines telling you an account has been suspended; that you won a prize; inherited money; your shipment failed; you owe the IRS; etc. Scammers use dramatic subject lines to get people to open these e-mails and then click on malicious links or open attachments that download viruses.</li><li>Install a virtual private network before you use public Wi-Fi.</li></ul><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Look out for Shipping E-mail Phishing Scamshttps://globalriskcommunity.com/profiles/blogs/look-out-for-shipping-e-mail-phishing-scams2016-04-13T14:41:40.000Z2016-04-13T14:41:40.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Stop clicking on e-mails about your package delivery! Scam, scam, scam! Look, it’s simple:</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/13D1.jpg" alt="" width="325" height="200" align="right" /></p><ul><li>Scammers are also pretending to be from the DHL and FedEx shipping companies, not just UPS.</li><li>Crooks know that at any given time, thousands and thousands of U.S. people are waiting for a package delivery.</li><li>So these cyber thieves send out mass e-mails by the millions, knowing that they will reach a lot of people who are expecting a package.</li><li>The subject line of these e-mails says something about “your delivery” or “your shipment” that lures the recipient into opening the e-mail. Usually, the message is that the delivery has failed, and the recipient is tricked into clicking on an attachment or a link.</li><li>And that’s when malware gets downloaded to their computer.</li></ul><p>This technique is called social engineering: tricking people into doing things they shouldn’t. People are too quick to click. I wonder how many of these clicker-happy people <em>ever even gave</em> their e-mail address to UPS. The last time I sent something via UPS, <em>I don’t even recall</em> being asked for my e-mail address.</p><p>But people so freely give out their e-mail address, that when they receive one of these phishing e-mails by crooks, they think it’s legitimate. They believe that the attachment is a new shipping label to print out. They even believe the threat that if they don’t use this new label right away, they’ll be charged a fee. It’s all about hurry, hurry, hurry! People don’t stop and T-H-I-N-K first.</p><p>What can be done about this? First off, don’t freely give out your e-mail. That way, if you get an e-mail from a company that you just, by chance, happen to be doing business with, you’ll know it’s a fraud—because you never gave your e-mail to that company in the first place.</p><p>Next, share this information with your family and friends. They’ll probably all deny that they’re capable of falling for this scam, but I’m sure that when the unwise ones are alone, they’ll give it some hard thought.</p><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Bitdefender's BOX: All-in-one Cybersecurity from one Apphttps://globalriskcommunity.com/profiles/blogs/bitdefender-s-box-all-in-one-cybersecurity-from-one-app2016-03-29T14:36:07.000Z2016-03-29T14:36:07.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Gee, if your home is connected to lots of different devices, doesn’t it make sense that your cybersecurity integrates all your connected devices? Meet the Bitdefender BOX, a network bulletproofing hardware cybersecurity tool for the home that embraces smart home protection focusing on the Internet of Things with remote device management offering next generation privacy protection.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/box.jpg" alt="" width="340" height="180" align="right" /></p><p>BOX description:</p><ul><li>One complete security solution for connected homes</li><li>Sets up to a router</li><li>Is controlled by the user’s mobile device and hence, can be controlled anywhere</li><li>Everything is protected: not just your computer, but all of your connected devices, like your baby monitor, TV, thermostat, garage door opener and house alarm system. You name it; it’s protected from hackers.</li><li>BOX works with an annual subscription much like most cyber security “security as a service” technologies.</li></ul><p>Features:</p><ul><li>Easy Setup. Just plug and play.</li><li>Advanced Threat Protection. In and outside your home network. You’re safe on the go as well!</li><li>Management and Control. All available in one app, at your fingertips, anywhere you are.</li></ul><p>So, protection from hackers means that you can have peace of mind knowing that BOX is warding off attempts at ID theft, fraudulent activities, cyber snooping and other threats.</p><p>All you need to do is connect BOX to your router via one of its ethernet ports. Then get the BOX application going. Its user friendly and you just follow its easy instruction: all of a few minutes’ worth. BOX then goes to work to intercept cyber threats at the network level. And all from just one app.</p><p>So yes, you need a smartphone (Android or iOS) to take advantage of BOX. If you’ve been on the fence about getting a mobile device, move out of your cave, junk your Pinto, cut your mullet, and get the BOX.</p><p>Think of how great it would be to be alerted of network events through this does-it-all application that you can control no matter where you’re located. This means you can control all of your connected devices.</p><p>One of BOX’s features is the Private Line. This protects your Internet browsing experience, including making you anonymous. Other features:</p><ul><li>Protection against hacking attempts including lures to malicious sites.</li><li>Protection against viruses, malware including downloads, phishing, etc.</li><li>Protection against anyone wanting to pry open your files and see what’s in them or steal them.</li><li>Protection occurs even when you’re using public Wi-Fi, such as at a hotel, airport or coffee house!</li></ul><p><strong>Who needs BOX?</strong></p><p>Everyone who has connected devices at home and uses the Internet. This is like asking, who needs a lock on their home’s door? Anyone who lives in a home.</p><p>Think about a home and home security as an example. If you’re going to have a lock, it should be a good lock, right? But the lock is only effective if you actually lock it. You also need to lock up your windows and consider a home security system. These are all “layers of protection. Well, the BOX is multiple layers of protection for protecting your online experience as well as computer files.</p><p>BOX is designed for non-techy users, so if you’re one of those people who is “not good with computers,” you’ll still find BOX’s setup and navigation quite friendly. It also helps set up password-protected Wi-Fi network does for you and you can even let guests use a secured Wi-Fi network. This post is brought to you by <a style="color:#bb0000;" href="http://www.bitdefender.com/box/?od_id=101403">Bitdefender BOX</a><span style="text-decoration:underline;">.</span></p></div>Protect Yourself from Phishinghttps://globalriskcommunity.com/profiles/blogs/protect-yourself-from-phishing2016-03-22T14:11:20.000Z2016-03-22T14:11:20.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Everyone has received very obvious “phishing” e-mails: Messages in your in-box that have outrageous subject lines like “Your Account Will Be Suspended,” or, “You Won!”</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/13D1.jpg" alt="" width="325" height="200" align="right" /></p><p>While some phishing attacks are obvious, others look harmless, such as those in a person’s workplace in-box, seemingly from their company’s higher-ups.</p><p>Researchers point out that an e-mail may appear to come from the company’s HR department, for example. E-mails with an “urgent email password change request” had a 28% click rate, Wombat security reported.</p><p><strong>Phishing victims act too quickly.</strong></p><p>In the workplace, instead of phoning or texting the HR department about this password reset, or walking over to the HR department (a little exercise never hurts), they quickly click.</p><p>So one way, then, to protect yourself from phishing attacks is to stop acting so fast! Take a few breaths. <em>Think.</em> Walk your duff over to the alleged sender of the e-mail for verification it’s legit.</p><p>Wombat’s survey reveals that 42% of respondents reported malware infections, thanks to hasty clicking. However, employees were more careful when the e-mail concerned gift card offers and social media.</p><p><strong>The report also reveals:</strong></p><ul><li>67% were spear phished last year (spear phishing is a targeted phishing attack).</li><li>E-mails with an employee’s first name had a 19% higher click rate.</li><li>The industry most duped was telecommunications, with a 24% click rate.</li><li>Other frequently duped industries were law, consulting and accounting (23%).</li><li>Government was at 17%.</li></ul><p>So as you see, employees continue to be easy game for crooks goin’ phishin.’</p><p>And attacks are increased when employees use outdated plug-ins: Adobe PDF, Adobe Flash, Microsoft Silverlight and Java.</p><p>The survey also reveals how people guard themselves from phishing attacks:</p><ul><li>99% use e-mail spam filters.</li><li>56% use outbound proxy protection.</li><li>50% rely on advanced malware analysis.</li><li>24% use URL wrapping.</li></ul><p>These above approaches will not prevent all phishing e-mails from getting into your in-box. Companies must still rigorously train employees in how to spot phishing attacks, and this training should include staged attacks.</p><p><strong>Protect Yourself</strong></p><ul><li>Assume that phishing e-mails will sometimes use your company’s template to make it look like it came from corporate.</li><li>Assume that the hacker somehow figured out your first, even last name, and that being addressed by your full name doesn’t rule out a phishing attack.</li><li>Get rid of the outdated plug-ins.</li></ul><p>Phishing attacks are also prevalent outside the workplace, and users must be just as vigilant when on their personal devices.</p><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>How to prevent IRS scamshttps://globalriskcommunity.com/profiles/blogs/how-to-prevent-irs-scams2016-03-09T14:05:47.000Z2016-03-09T14:05:47.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Once a thief knows your Social Security number…you’re at very high risk for having your identity stolen.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/PHX1.jpg" alt="" width="320" height="213" align="right" /></p><p>A report on bankrate.com says that the IRS is warning of a cyber attack on its electronic filing PIN application. Thieves infiltrated it with malware in an attempt to claim other people’s refunds as their own. Over 450,000 SSNs were involved, and over 100,000 of them enabled the hackers to access an E-file PIN.</p><p>Endless scams are directed towards SSNs, like the classic phishing attack. A phishing attack basically goes as follows:</p><ul><li>An e-mail arrives with an alluring or threatening subject line, which may actually be a warning to protect your SSN.</li><li>The e-mail looks legitimate, complete with logos and privacy information at the bottom.</li><li>The hacker’s goal is to get you to fill out a form that includes typing in your SSN.</li><li>The FTC warns of a “Get Protected” subject line for the latest scam. This scam e-mail mentions the “S.A.F.E. Act 2015” that protects against fraudulent use of SSNs.</li><li>Like many phishing e-mails, the “Get Protected” one contains fake information.</li><li>These e-mails include a link that, when clicked, will release a virus, or take you to a website that will download a virus or lure you into revealing sensitive information.</li></ul><p><strong>Three Ways to Get Scammed</strong></p><p>Most people make important decisions based on emotion. Cyber thieves know this, and they prey on fear, greed and generosity.</p><ul><li>People aren’t thinking straight when emotions are ruling. Logic gets swept under the rug. There’s pressure to act quickly, such as helping the scammer (who pretends to be a grandchild of the victim) who was in an accident: wire money asap. Natural disaster scams prey on the desire to give. The emotion of greed is manipulated in “You’ve Won!” and inheritance scams.</li><li>Of course, before the fraudster plays with emotions like a cat playing with a mouse, he first gains your trust, pretending to like the same things you do, whatever it takes so that you don’t question him.</li><li>Scammers are adept at appearing credible, such as tricking your caller ID into showing “IRS” or the name of your bank in the ID field. They may have a snazzy website up, a “badge number,” noise in the background to simulate a call center, even a fake accent.</li><li>Remember, scammers are pros. <em>It’s going to seem legitimate</em>.</li></ul><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Stop being a blabber on Social Mediahttps://globalriskcommunity.com/profiles/blogs/stop-being-a-blabber-on-social-media2015-12-24T14:16:01.000Z2015-12-24T14:16:01.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Are you a cyber-blabber? Even a post about your daily afternoon foray to the sub sandwich shop could get you in trouble: A burglar reading this knows when to rob your house. But it doesn’t end there. STOP THE MADNESS!</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/14D.PNG" alt="" align="right" height="322" width="320" /></p><p><strong>The Giants: Facebook and Twitter</strong></p><ul><li>Be careful what you post on Facebook and tweet about. It can be used against you in court, even something as innocuous as: “I’m training for my very first 10K.” Not good if you’re suing someone who hit your car for back pain and suffering.</li><li>Lawyers will take the time to scroll the Facebook timeline and your tweet history for evidence that can kill your case.</li></ul><p><strong>Reputation and Safety</strong></p><ul><li>Seemingly harmless posts and tweets can indicate to burglars when it’s a good time to break into your house.</li><li>Worse, posts and tweets can indicate to pedophiles when and where to lure your child into their car.</li><li>Less malevolent, but potentially annoying though, are the data mining companies that piece together your tidbits to then design an ad campaign targeted towards you.</li><li>Are your posts replete with language? This won’t look good to a potential employer. Nor will endless posts about how fatigued you always are.</li><li>That image of your young child’s specially hand-crafted spanking paddle won’t go over well with the mother you were recently interviewed by for a nanny position.</li></ul><p>I think you are starting to get it.</p><p><strong>Obsessions</strong></p><ul><li>Facebook and Twitter can certainly amplify a pre-existing whacked sense of priorities. An example is that of obsessively checking your friend’s page to see what new thing she’s bragging about, then getting worked up with anger that you can’t match this, such as a new sports car.</li></ul><p><strong>Solutions</strong></p><ul><li>Set a timer out for, say, 30 minutes a day, and that’s your limit on Facebook and Twitter.</li><li>Avoid social media for one week to kill your hunger for obsessing over a family member’s bigger house, fancier car and more prestigious job.</li><li>Set your privacy settings on high.</li></ul><p>Stop making inane posts about everything that happens to you. Nobody will go to bed in distress just because they didn’t read that you had an upset stomach after eating too much at BurgerVille.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Online Shopping and Counterfeit Goods – The Facts Don't Liehttps://globalriskcommunity.com/profiles/blogs/online-shopping-and-counterfeit-goods-the-facts-don-t-lie2015-12-09T14:25:20.000Z2015-12-09T14:25:20.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>As the holiday season creeps upon us, research shows that an astonishing 24% people who are buying online have been duped by scammers. Whether you are buying shoes, electronics or the latest fashions and accessories, research companies are showing that you are at risk of being duped.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/9D.jpg" alt="" align="right" height="267" width="320" /></p><p>When you look at the overall shopping behavior of consumers, we see that about 34% do all of their shopping online, and during the holiday season, this number rises to 39% of all consumers. That is a lot of people for counterfeiters to focus on.</p><p>Mark Frost, the CEO of MarkMonitor, explains that it is crucial for customers to stay aware of the possibility of buying counterfeit goods, especially during the holidays. Most of us are looking for a bargain, and this is exactly why we tend to jump on these deals. On top of this, counterfeiters have gotten very good at making these fake goods look almost identical to the real deal, and it is near impossible, in some cases, for the untrained eye to tell them apart. Here are some more facts:</p><p><strong>People are Exposed to Online Counterfeit Goods All of the Time</strong></p><p>With so many counterfeit goods out there, you have likely been exposed to them, or even made a purchase. Younger people are more at risk of buying these goods, and when looking at those in the 18-34 year old range, almost 40% had purchased counterfeit goods in the past.</p><p>In addition to these goods, about 56% of people have received counterfeit emails, or those that seem as if they are coming from a certain company, such as Nike, but in reality, all of the items are fake. Fortunately, only about one in 20 consumers are likely to click on these links, but that means that about 5% of consumers are directed to these sites, too, and may get caught up in the bargains.</p><p><strong>This is a Global Issue</strong></p><p>Statistics also show that about 64% of global consumers are worried about online security. These same consumers report that they feel safer buying from local extensions, such as .de, .uk and .co.</p><p><strong>Attitudes Towards Buying Counterfeit Goods</strong></p><p>One of the most alarming facts that come up in these studies is that about 20% of consumers continue the purchase of their goods, even after finding themselves on a website with counterfeit goods.</p><p>As you continue your holiday shopping, make sure to keep these facts in mind and make sure to research any site you choose to buy from, even those that look like they may be legitimate.</p><p>Shoppers need to be cautious when searching online to spread their holiday cheer and MarkMonitor suggests checking this list twice to find out if websites are naughty or nice:</p><ol><li><strong>Check the URL:</strong> In a practice known as “typosquatting” fraudulent sites will often be under a misspelled <a href="http://brandname.com/">brandname.com</a>, attempting to trick consumers into thinking they are on a reputable website.</li><li><strong>Check the Price: </strong>Counterfeiters have been getting very smart about pricing lately and not discounting their wares as heavily as before, but deep discounts – especially on unknown e-commerce sites – are a tip-off that consumers should do a lot more checking before buying.</li><li><strong>Check the “About” and the “FAQs” pages:</strong> Though some sites look professional at first glance, but are not always so careful about these pages. Check for spelling and grammatical errors.</li><li><strong>Check for reviews:</strong> Many fraudulent websites’ reputations proceed them. Search for what people are saying about the site and include the term ‘scam’ with the site name to see if they are known to be a risky site. <strong> </strong></li></ol><p><a href="http://robertsiciliano.com/">Robert Siciliano</a> CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a>. See him knock’em dead in this <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a> video. <a href="http://robertsiciliano.com/blog/2010/01/01/disclosures-term-conditions/">Disclosures</a>.</p></div>8 Ways to Ensure Safe and Secure Online Shopping this Holiday Seasonhttps://globalriskcommunity.com/profiles/blogs/8-ways-to-ensure-safe-and-secure-online-shopping-this-holiday2015-12-01T14:01:30.000Z2015-12-01T14:01:30.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>So, who’s on <em>your</em> holiday gift list this year? That list is a lot longer than you think; consider all the names of hackers that have not yet appeared on it. Scammers will do whatever it takes to get on <em>your</em> holiday gift list! Here’s how to keep these cyber thieves out of your pocket:</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/RISK.jpg" alt="" align="right" height="213" width="320" /></p><ul><li>Before purchasing from a small online merchant, see what the Better Business Bureau says and also search Google for reviews.</li><li>If you see an unexpected e-mail allegedly from a retailer you shop at, don’t open it. Scammers send out millions of trick e-mails that appear to be from major retailers. They hope to trick gullible shoppers into clicking on them and revealing sensitive information. So many of these scam e-mails get sent out that it’s common for someone to receive one that appears to be from a store they <em>very recently</em> purchased from.</li><li>When shopping online at a coffee house or other public spot, sit with your back to a wall so that “visual hackers” don’t spy over your shoulder. Better yet, avoid using public Wi-Fi for online shopping.</li><li>Back up your data. When shopping online it’s highly probable you’ll stumble upon an infected website designed to inject malicious code on your device. Malware called “ransomware” will hold your data hostage. <a href="http://www.carbonite.com/en/cloud-backup/personal-solutions/personal-plans/try/">Backing up your data in the cloud to Carbonite</a> protects you from having to pay the ransom.</li><li>Save all your financial, banking and other sensitive online transactions for when you’re at home to avoid unsecure public Wi-Fi networks.</li><li>Change all of your passwords to increase your protection should a retailer you shop at fall victim to a data breach. Every account of yours should have a different and very unique password.</li><li>Ditch the debit card; a thief could drain your bank account in seconds. Use only credit cards. Why? If a fraudster gets your number and you claim the unauthorized purchase within 60 days, you’ll get reimbursed.</li><li>Review your credit card statements monthly and carefully. Investigate even tiny unauthorized charges, since thieves often start out small to “test the waters.”</li></ul><p>Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about <a href="http://www.carbonite.com/en/cloud-backup/personal-solutions/personal-plans/try/">Carbonite Personal plans</a>. See him discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>. <a href="http://robertsiciliano.com/blog/2010/01/01/disclosures-term-conditions/">Disclosures</a>.</p></div>Phishing works and here's whyhttps://globalriskcommunity.com/profiles/blogs/phishing-works-and-here-s-why2015-11-26T14:18:22.000Z2015-11-26T14:18:22.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the company’s CEO. Often, phishing e-mails have urgent subject lines like “Your Chase Bank Balance Is Negative.”</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/PSH.jpg" alt="" align="right" height="213" width="320" /></p><p>In its 2015 Data Breach Report, Verizon reported that 23 percent of employees open their phishing e-mails. Eleven percent go further by clicking on something they shouldn’t.</p><p>Why do so many employees (and mainstream users) fail to recognize a phishing e-mail? Strong security awareness training at companies is lacking. Perhaps the company simply tosses a few hardcopy instructions to employees. Perching them before videos isn’t enough, either.</p><p>Security awareness training needs to also include staged phishing attacks to see which employees grab the bait and why they did so. With a simulated phishing attack approach, employees will have a much better chance of retaining anything they’ve learned. It’s like teaching a kid to hit a homerun; they won’t learn much if all they do is read instructions and watch videos. They need to swing at balls coming at them.</p><p>The return on investment from staged phishing attacks will more than offset the cost of this extra training. Living the experience has proven to be a far more effective teacher than merely reading about it or listening to a lecture. As straightforward as this sounds, this approach is not the rule in companies; it’s the exception.</p><p>Even rarer is when phishing simulation is ongoing rather than just an annual or semiannual course. But just because it’s rare doesn’t mean it’s not that effective. Companies tend to cut corners any way they can, and foregoing the phishing simulations is often at the top of the list of investments to nickel-and-dime.</p><p>If you want to see how gullible your employees (or family and friends) are to phishing e-mails, which again, are geared towards tricking the recipients to click on a malicious link or attachment, pay a visit to <a href="http://phish.io/">Phish.io</a><span style="text-decoration:underline;">.</span></p><p>Here you can register, and this free service will send phishing e-mails to your specified recipients. However, these are <em>harmless</em> tests and will not lead to anything negative—other than to reveal who can be duped.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Infrastructures under attackhttps://globalriskcommunity.com/profiles/blogs/infrastructures-under-attack2015-11-11T14:42:36.000Z2015-11-11T14:42:36.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>It’s been stated more than once that WWIII will most likely be cyber-based, such as dismantling a country’s entire infrastructure via cyber weapons. And don’t think for a moment this doesn’t mean murdering people.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/4D.jpg" alt="" align="right" height="213" width="320" /></p><p>A report at bits.blogs.nytimes.com notes that foreign hackers have cracked into the U.S. Department of Energy’s networks 150 times; they’ve stolen blueprints and source code to our power grid as well. Some say they have the capability to shut down the U.S.</p><p>The bits.blogs.nytimes.com article goes on to say that cyber warfare could result in death by the masses, e.g., water supply contamination of major cities, crashing airplanes by hacking into air traffic control systems, and derailing passenger trains. So it’s no longer who has the most nuclear missiles.</p><p>The list of successful hacks is endless, including that of a thousand energy companies in North America and Europe and numerous gas pipeline companies. The U.S.’s biggest threats come from Russia and China.</p><p>So why haven’t they shut down our grid and blown up furnaces at hundreds of energy companies? Maybe because they don’t have the ability just yet or maybe because they don’t want to awaken a sleeping giant. To put it less ominously, they don’t want to rock the boat of diplomatic and business relations with the U.S.</p><p>Well then, what about other nations who hate the U.S. so much that there’s no boat to be rocked in the first place? The skills to pull off a power grid deactivation or air traffic control infiltration by enemies such as Iran or Islamic militants are several years off.</p><p>On the other hand, such enemies don’t have much to lose by attacking, and this is worrisome. It is <em>these</em> groups we must worry about. They’re behind alright, but they’re trying hard to catch up to Russia and China. For now, we can breathe easy, but there’s enough going on to get the attention of Homeland Security and other government entities.</p><p>Recent attacks show that these bad guys in foreign lands are getting better at causing mayhem. At the same time, the U.S.’s cyber security isn’t anything to brag about, being that very recently, some white hat hackers had tested out the defenses of the Snohomish County Public Utility District in Washington State. They infiltrated it within 22 minutes.</p><p>Another weak point in our defenses is the component of pinning down the source of major hacking incidents. So if WWIII becomes real, the U.S. won’t necessarily know where the attack came from.</p><p>Robert Siciliano is an identity theft expert to <a href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>