There are few more nuttier earthlings than the Bridezillas. Lovely women who go bonkers within 365 days of a wedding date. I blame the whole thing on Walt Disney.  The groom to-be generally wants it over as soon as possible more so because he can’t believe how much it costs. Then the entire wedding industry preys upon the delirious couple and sucks them dry of what amounts to the sum of a nice, nice car.

Been there done that. Luckily my Bride didn’t go all Zilla on me. But that didn’t stop us from spending what could’ve been a West Coast Chopper in me garage.  Pause….I’m nauseous….OK, I’m fine.  I remember the day we went for “food tasting.” We ended up spending 5 figures on food. The single most expensive meal I’ll ever have. And we went out to eat after.

In Boston Mass, thousands of people were scammed by someone who modeled themselves after the weddings industry. They did exactly what the weddings industry does, but better.

Scammers set up a website advertising a bridal show luring brides and grooms to be and all potential vendors to sell them high priced stuff and services they don’t need.  The event was supposed to be held at one of the largest convention centers in Boston.

Scammers answered the phone, took orders, set up a Paypal account and even had preliminary discusssions with the function facility.

In the end 6000 people were bilked for hundreds of thousands of dollars. The beauty of this scam is that it was all done online with no exchange of tickets or anything tangible. The scammers were ghosts operating virtually using legitimate life events as the ruse, going so far as to market and sell the event and just decided not to show up the day of.

I can see if you are a couple and spend 20 bucks for tickets online and then get stiffed. I’d probably get bilked in the same scam. But if you were a vendor and had to drop 3 grand for booth space, print out custom brochures, order plane tickets, book a hotel etc.; that would hurt.

In the least it would be to the benefit of the potential vendor to vet out the event production company to make a determination as to their credibility. A website presence isn’t the sole determining factor. Are they a member of the Better Business Bureau? Have they laid down a deposit with the function facility? How many events have they already done and where?  Who else have they done business with in previous events? Before you go laying down hard cash, question authority. How much do you want to bet the scammer is a real wedding planner?

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Scamming the Scammers on Fox Boston.

Maybe you’re a Mom or a Dad, a Student or a Grad. No matter what you are, you have a reputation to protect. How we are viewed in society matters to most people. Being viewed as someone who is respectable, responsible, someone who has integrity and is generally a decent person is what most people strive for.

To be considered otherwise, would have negative repercussions. People who are viewed as irresponsible, out of control or someone who favors ill will, doesn’t allow that person to progress effectively in a civilized society. Life is harder for people who are destructive or make bad choices.

The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. What you say, do and post can live forever. You are being judged in the process. And there are repercussions for those choices you make more now than ever.

Recently, a university professor who used her Facebook account specifically for her personal friendships came under fire for things she said on her Facebook account. This professor even went through the process of securing her posts by privatizing her page and not friending students. She consciously made an attempt to separate her personal and professional life.

After a long week of work she made some off color, tongue and cheek posts about students that in today’s knee-jerk-take-no-chances response world, could be considered threats of violence.  Remember, it was her belief that her Facebook page was a private one and she was speaking to her closest friends.

What everyone needs to understand is that social media is anything but private. People are watching, and waiting and many are hoping and wishing you might say something controversial which will give them something to talk about and a reason to point the finger.

Plain and simple: Don’t give anyone any ammunition to be used against you. Don’t do or say or post anything that may come back to haunt you. Whatever you post realize that you mom, dad, employer, potential employer or law enforcement may be watching.

Robert Siciliano personal security expert to Home Security Source discussing social network privacy on Fox Boston.

The load isn’t getting any lighter for the IT manager.  While corporations are still trying to figure out the  long term marketing benefits of social media, the security issues faced are a right now a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

All of a sudden we’ve gone from print media, radio, television, Internet and now social media. This isn’t a fad or craze that will go away like Beanie Babies or talking Elmo. Social media is the 5^th media that encompasses all forms of media and it can all be accessed on a mobile phone. The interconnectedness is in everything and deserves the marketing department’s attention and freaks out IT.

Part of the issue is social medias allure. We’ve been hearing more and more about internet addictions. Well, social media is part of that. Then there’s the disconnect between generations. Baby-boomers see the 9-5 day as work, work, work and there shouldn’t be any distractions i.e. fun. Younger generations are connected and don’t know how not to be.

Companies who eliminate access to social media open themselves up to other security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Computerworld reports “Part of the problem is that people’s comfort level with Facebook, Twitter and MySpace makes them easy marks for cybercriminals, who are jumping on social networking sites with gusto, dumping spam, launching phishing attacks, stealing identities and installing malware. The same people who have learned to be very wary of phishing attacks, enticing links and sales pitches for cheap Viagra in their inboxes allow themselves to be seduced on Facebook and Twitter.”

There is a serious disconnect between secure online behaviors and the playfulness of social media. Facebook is the adult version of Chuck E Cheeses, and who doesn’t lose their mind at Chucks? The problem is Timmy is five and likes to eat at Chuck E. Cheese. George is thirty-five and likes to eat there too. But George is a freak.

Bad guys are in social media and you CANNOT let your guard down.

Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.

Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

Michael Chertoff, who ran the Department of Homeland Security from 2005 to 2009, says there’s a reason that computer security isn’t up to the threat posed by cyber criminals: Doing it right is too complicated for most people.

“You have to offer people solutions that they are comfortable with,” he said.

Cybercrime is a huge problem that the majority of people who have a connection to the internet aren’t prepared to deal with.

While securing one’s PC isn’t a daunting task once you understand the process. For most people, protecting one’s PC is beyond the capacity of most computer users. The main issue is that the companies that develop this technology aren’t effective at explaining how things work in simple terms.

Educating users on the terminology is like learning a second language and for most people is near impossible due to life’s existing constraints. Which means technology companies have to do a better job of providing solutions that people are comfortable with that require little or no additional skills.

Here is an attempt at increasing your security vocabulary:

1. Run Windows Update: Or it may be called “Microsoft Update” on your PC. This is a free update to your operating system that Microsoft provides. There are two ways to access this. Either click “Start” then “All Programs”, scroll up the menu and look for the link “Windows Update or Microsoft Update.” Click on it. Your browser (Internet Explorer) by default will launch taking you right to Microsoft’s Windows Update web page and will begin the process of looking at your PC and checking to see what security patches you don’t have. Follow the prompts and click “Express” and let it lead you in the direction it wants. The goal here is for XP to end up with “Service Pack 3” installed. Or go to “Control Panel” and seek out “Security Center.” And click “Turn on Automatic Updates” and let Microsoft do this automatically. In Vista the process is similar and your goal is “Service Pack 1.”

2. Install Anti-Virus: Most PCs come with bundled anti-virus that runs for free for 6 months to a year. Then you just re-up the license. If you don’t, then every day that the anti-virus isn’t updated, is another opportunity for criminal hackers to turn your PC into a Zombie that allows your computer to be a Slave sending out more viruses to other PCs and turning your PC into a Spambot selling Viagra.

3. Install Spyware Removal Software: Most anti-virus providers define spyware as a virus now. However, it is best to run a spyware removal program monthly to make sure your PC is rid of software that may allow a criminal hacker to remotely monitor you’re keystrokes, websites visited and the data on your PC.

4. Run Firefox: Microsoft’s Internet Explorer is clunky and the most hacked software on the planet. Mozilla’s Firefox is less hacked and more secure. Maintain the default settings keep the pop-up blockers and phishing filters on.

5. Secure Your Wireless: If you are running an unsecured wireless connection at home or the office, anyone can jump on your network from 300-500 feet away and access your files. Serious. The router has instruction on how to set up WEP or WPA security. WPA is more secure. If this is a foreign language to you, then hire someone or get your 15 year old to do it.

6. Install a Firewall: Microsoft’s operating system comes with a built in firewall. But it is not very secure. Go with a 3^rd party firewall that is prepackaged with anti-virus software.

7. Use Strong Passwords: Little yellow stickys on your monitor with your passwords isn’t good. Use upper case, lower case, alpha-numeric passwords that you change up every 6 months.

Robert Siciliano personal security expert to Home Security Source discussing hacked email on Fox News.

News of the Spain based Mariposa botnet reveals close to 13 million Zombie PCs in more than 190 countries affected.  Further investigation determined half of the Fortune 1000 companies had PCs on the Bot. Three men have been arrested and a 4^th is sought. The sole purpose of the Bot was to gather user names and passwords for banks and email services.

In an example of good vs. evil, whitehats vs. blackhats, representatives from US and Canadian based corporations, along with the FBI and Spain’s Guarda Civil took down the Boat after almost 10 months of investigations.

The Register reports “Mariposa (Spanish for butterfly) botnet malware spread through P2P networks, infected USB drives, and via MSN links that directed surfers to infected websites. Once infected by the Mariposa bot client, compromised machines would have various strains of malware installed (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc) by the hackers to obtain greater control of infected systems”.

There are more than 70 types of malware, each doing something different, all in the name or stealing data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online. This crimeware doesn’t require the criminal hacker to be highly skilled.

The criminals in this operation ran the Bot through anonymous virtual private network servers which made it impossible for law enforcement to trace back to the ringleaders. But in December of 2009, the Bot was dismantled by authorities who targeted the Bot’s control centers.

When this event unfolded, the Bots controller, a man dubbed “Netkairo” used his home PC to try and regain control of the Bot which revealed his internet protocol address, which is connected to his home address. This led to his capture. Nice job guys! This is a great plot for a movie! I want to be the dude who sees Netkairo’s IP address and busts him in a high speed chase after he flips his car. Just sayin’.

The problem of Botnets persist. There could be thousands out there with untold millions of Zombie PCs infected.

Becoming a Zombie and part of a Botnet happens to PCs that aren’t properly secured, coupled with user behavior that invites attacks.

If you are surfing porn all day or gaming on distant websites in foreign countries then you are at a higher risk.

Downloading files from P2P sites or seeking software cracks or pirated content is also risky. Remember, there is no honor among thieves.

Computers that are old and have outdated unsupported operating systems like Wind 95/98/2000 are extremely vulnerable.

Systems using older outdated browsers such as IE 5, 6 or older versions of Firefox are the path of least resistance.

THEREFORE:

Update your operating system to XP SP3 or Wind 7. Make sure to have automatic updates for anti-virus. Don’t engage in risky web-based behaviors.

AND:

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Botnets on CBS Radio.

Colton Harris Moore stole a bicycle at the age of 8 and never looked back. Now 6 ft. 5 in. and 18 years old, Harris Moore is suspected in over 100 burglaries in the Pacific Northwest. Recently he has been credited with stealing cars, speedboats and now airplanes (at least 3). He is known as the “Barefoot Burglar” because he kicked off his shoes running from the police through the woods.

This 18 year old has never taken a flying lesson and has achieved celebrity like status with over 20,000 Facebook fans. However, Harris-Moore isn’t one to be celebrated. He steals as much from the average hard worker as he does from the dot-com rich.

He breaks into homes to get what he needs to survive in the woods and it is believed he enjoys the high living in the unoccupied rich vacation homes. He’s been known to make himself a bowl of ice cream and take a hot bath.

Generally, he will break in and copy down credit card numbers out of wallets, opposed to stealing the whole card, to avoid detection. He was accused of using a homeowners PC to buy a $6500.00 pair of night vision glasses and bear Mace. He’s also charged thousands of dollars in police scanners, video games and GPS devices.

He’s also accused of stealing an assault rifle out of a cop car. Which means he’s potentially armed and dangerous.

1. Install outdoor lighting on timers and motion sensors.

2. Make sure your home has a “lived in” look.

3. Use indoor timers for lights, TVs and automatic shades.

4. Install security cameras that can be remotely monitored.

5. Install a home alarm system monitored by an alarm company and the police.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Skimming data off of debit and credit cards has been happening at ATMs, gas pumps and electronic funds transfer point of sale terminals for quite some time.

When criminals plant skimming devices, they have to physically attach a skimming device that fits over the face of the ATM’s card slot. Then they install a small camera that shoots video of the pinpad which allows them to extract user PIN codes. The camera is often housed inside of a brochure holder or little box that may have a mirror glued to its face. The mirror is made to loom like a security feature preventing shoulder surfing.

Once the criminals attach the devices, they have to wait it out for someone to then use the ATM or gas pump before they can remove the device and download the data. It is in the best interest of the criminal to leave the skimmer on the machine for as long as possible to skim as many cards as possible. Because every time the skimmer is removed and replaced it becomes another opportunity for the thief to get caught or for something to go wrong.

In Utah, a group of criminals one-upped other ATM scammers by installing Bluetooth enabled skimming devices that broadcast the skimmed data to a nearby storage devise, probably a laptop. Bluetooth’s range can be just a few feet to as much as a city block. So the criminals had to be in a car nearby.

What makes these devices even more sophisticated is that they skim the card data and grab the PIN code via the all-in-one combo skimmer and PIN pad device affixed to the face of the pump.

This entire process allows the criminal to steal data on demand and immediately turn it into cash. Further, it provides the criminal with the freedom to decide whether or not they want to retrieve the skimming device, thereby lessening their chances of being caught.

You can’t protect yourself from this kind of skimmer by covering your PIN entry due to the fact that the device is the PIN pad. So if you use a device like this you may be screwed. Ultimately, you must pay close attention to your statements. Also, pay close attention to details, and look for anything that seems out of place. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Pay-at-the-Pump skimming on Fox News.

Naiveté: A lack of sophistication or worldliness. That sums up a lot of people I know. “There’s a sucker born every minute” is a phrase often credited to P.T. Barnum (1810 – 1891), an American showman. It is generally taken to mean that there are (and always will be) a lot of gullible people in the world.

Predator: A predator is an organism that feeds on another organism. That also sums up a lot of people I know. I observe them in person and in the news daily.

There are many ways how, and motivations why, a predator stalks their prey. Often it is just their nature to do so. Control and money top the list of motivations.

In the world of Information Security the “how” is “social engineering”.

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to be aware of and resist the most common attempts to trick them into letting down their guard.

The Register reports that pentesters, a.k.a ethical hackers, “regularly send client employees emails informing them that the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 per cent.”

As the article points out, humans have a tendency to trust one another. It’s a survival instinct built on millions of years of evolution. “When one person saw that a group of his peers ate a particular berry and didn’t die, he ate the same fruit – and survived as a result.” That’s trust, and it’s exploitable.

This is where we throw around words like “naïve” and “sucker.” You don’t really need to be naïve, a sucker or stupid to respond to emails like this. Really, you just need to be nice, helpful and trusting.

I found a website called “Hacks4Sale” (a site which Norton Internet Security deems unsafe, so go there at your own peril) which employs similar tactics, but they claim are for different reasons:

A very large portion of our clients are the victims of spousal infidelity, nowadays the primary means people employ to communicate with their lover are e-mails and social networking websites, both of witch we can help you gain access to through our software. Our software solutions enable our clients to retrieve (no physical access to the user’s computer is required) the login credentials to accounts at all the major e-mail and social networking providers (Yahoo,Gmail,Hotmail,Myspace,Facebook and many others).

Recognize that the predator uses these tactics to get what they seek. They will stop at nothing and consider you their natural prey.

Always question authority or those who claim authority.

Don’t automatically trust or give the benefit of the doubt.

When the phone rings, an email comes in or you are approached, proceed with caution.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News.

Then we grew up. Just in time for caller ID and no more prank phone calls. Back then, the telephone was the only technology we had access to, other than walkie talkies and hacking CB radios. Today is a whole new era.

All along we were told “not to talk to strangers.” It was the stranger that was strange and most likely to hurt you. Since then, “stranger danger” has been rebuffed by many. However new technologies are bringing back the danger in the stranger.

Your 12 year old daughter chatting in a park or online with a 35 year old stranger isn’t good. Chatting with that same 35 year old with a webcam is a disaster that will happen.

Then comes Chatroulette.

“Parents need to know that Chatroulette allows anyone with a webcam and Internet connection to instantly video chat with any other visitor anywhere in the world. Even if you don’t have a web cam, you can still use the site and view the other people using it. All you do is go to the site’s homepage, click a button to sync your webcam, and you are instantly connected randomly with other users.”

1. Talk to your kids about sites like these and the risks they pose.

2. Discuss both the good and potential bad intentions someone may have when on a site like this.

3. Explain how the anonymity of a site like this can motivate people to do and say things that aren’t socially acceptable in public.

4. Communicate to them that adults have a way of extracting information from minors and can manipulate them into saying and doing things they may later regret.

Robert Siciliano personal security expert to Home Security Source discussing Webcam Spying on The CW New York.

When I was 17, my friend “Baldo,” as he was known by all, was the Fake ID Master. He also fixed TV’s and still does today. But he didn’t actually create “fake IDs,” he altered real ones. The technology he used back then is still used today. It’s called Crayola Crayons. He would take a Massachusetts ID and heat the laminate over the stove and peel it back. Then he’d dab a premixed batch of liquid aqua green/blue crayon on the left side of an 8 to make it a 3. He’d bust out his heating iron and some wax paper and seal up the laminate. Then a 17-year-old became 22, using the same technology my 1 year old eats. Packy run, anyone?

Today is a little different. It’s not so easy to peel back the laminate. Most cards today are treated plastics: PVC, styrene, polypropylene, direct thermal, and teslin hybrids. However, while all that sounds technically challenging, it’s really not. Some of the do-it-yourself ID making machines are the size of a shoebox. It is however a tad more complicated than that. Sure you can go to your local office supply and buy ID making materials or simply buy fake IDs online, but will they pass the muster when put in front of numerous technologies that look for tampering?

That’s where the $10,000 fake ID comes in. In New York, authorities busted an identity theft ring and charged 22 people with selling driver’s licenses and other identification documents.

Among those implicated in the ring are two New York State Department of Motor Vehicles employees, who are believed to have earned over a $1 million dollars issuing more than 200 licenses and other documents over the past three years. The alleged ring leader of the group was identified as Wilch Dewalt, also known as “Sharrief Sabazz” Muhammad’ and “License Man.” Authorities say he acted as a broker who, in exchange for a fee of between $7,000 and $10,000, served as a one-stop shop for fraudulent documents.

In this case, the clients who were dropping 10G on IDs were people who were hiding from the law in plain sight, including felons, a drug dealer whose claim to fame was once a cameo on “America’s Most Wanted,” and someone from the government’s No Fly List. These were people that: A) could afford it and, B) needed the best of the best in real fake identification.

In the meantime, identity theft is again the top 2009 consumer complaint, the FTC reports. The number of American identity fraud victims rose 12% last year to 11.1 million, with losses hitting $54 billion, according to an annual report from Javelin Strategy & Research.

Protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)