Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    Background Checks Don't Tell the Whole Story

    Friday, September 14, 2018, 11:40 AM [General]
    0 (0 Ratings)

    When it comes to background checks, the National Crime Information Center is the gold standard. It is only available to law enforcement agencies and is the most accurate and complete database tracking convictions and arrests in the US. That sounds pretty great, right? Unfortunately, it’s not all as it seems.

    The Department of Justice

    The Department of Justice recently released a report based on a two-year study of convictions and arrests from 2016. The report shows that a very low percentage of convictions and arrests actually make it to the National Crime Information Center. What does this mean? It means that even if a commercial background check company is using the best information, it’s only able to get information on about 13% of all crimes. On top of that, there is a pretty standard 30% error rate on background checks based on factors such as typos, misspellings, and data entry errors. Yikes.

    The Reliance of Background Checks

    It doesn’t matter if you are an employer, a landlord, or even a private citizen hiring a babysitter or contractor, odds are good that you think a criminal background check is a good idea. But, the fact that we not only rely on these checks, but also believe that they are fool-proof, is quite problematic.

    Other Implications of Background Checks

    The inaccuracy of background checks is only one of the issues associated with them. Another issue is that there is a big possibility that these commercial background checks could violate the Fair Housing Act because it might be seen as intentional discrimination. Additionally, though people with criminal records are not protected under the Fair Housing Act, statistically, this creates a disproportionate impact on minorities. According to the Fair Housing Act, minorities are protected.

    Though it seems like a great idea to run a criminal background check, as you can see, it’s not always a black and white result. Criminal history databases are not complete, there are high rates of errors, and these background checks might be violations of the Fair Housing Act. At the very least, someone could have a good case against it if you use a criminal background check as a basis for a housing decision. When thinking about if a background check is worth it or not, it probably is, but you also have to be aware of the possibility that you are not going to get the entire story.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    A "Credit Profile Number" is a fake SSN, and it Works

    Wednesday, September 12, 2018, 11:27 AM [General]
    0 (0 Ratings)

    Cyber criminals are constantly trying to stay one step ahead of the good guys, and there is now another scam out there that you should know about: synthetic identity theft. Basically, the criminals take information from someone, and then make up the rest. They also often use fake Social Security numbers, called CPNs, or “credit profile numbers,” or names.

    This type of identity theft shows us that our credit system is more vulnerable than we might think. Basically, it is easy to create a credit file on these identities, and once they have that, they can get a credit card or loan.

    Of course, using a CPN like this on an application for credit card or loan is illegal, but lenders currently don’t have a conclusive way of distinguishing a real Social Security number from one of these fake ones. The Social Security Administration generates SSNs randomly. This makes it difficult for a lender to notice a fake one. Technically, a lender can contact the SSA and cross-check, but most of them don’t. Why? Because the SSA requires a handwritten signature from the person who has that SSN, and this is a pain in the neck for lenders.

    So, of course, the best thing to do is to create a way for lenders to instantly check to see if a Social Security number is valid or not, and as of now, they do not have the capacity to do this. Lenders do, however, use their own fraud-detection tools, but these requests for credit still fall through the cracks.

    This practice also has created more open windows for fraudsters, because they know that the system is vulnerable. It’s true that many lenders won’t accept a credit application from someone with no history of borrowing, which is the case with a CPN, but some still do, and the more activity the file sees, the more likely it is that credit will be given. Once credit is approved, a full credit report is created. Though it likely won’t be a high amount of credit, many lenders take a chance on new borrowers, and at a minimum, extend a couple of hundred dollars. Some people will even get a card that has, say a $300 limit, and use the card for a time. Once they establish a good payment history, they can get a credit increase, and that’s where the fun really begins.

    This is just one more scam that you should be aware of, and one more reason to keep your private and personal information safe.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    2017 Was the Worst year for Data Breaches EVER!

    Friday, September 7, 2018, 10:11 AM [General]
    0 (0 Ratings)

    It seems like 2017 broke records for all the wrong reasons…one of them being the worst year for data breaches in history.

    According to reports, hacking was the most common way to collect this data, but almost 70% of exposures occurred due to accidental leaks or human error. This came down to more than 5 billion records. There were several well-known public leaks, too, including the Amazon Web Services misconfiguration. More than half of the businesses using this service were affected, including companies like Verizon, Accenture, and Booz Allen Hamilton. The scariest part of this, however, is the fact that the number of breaches and the number of exposed records were both more than 24% higher than in 2016.

    Big Breaches of Big Data

    Another interesting thing to note is that eight of the big breaches that occurred in 2017 were in the Top 20 list of the largest breaches of all time. The top five biggest breaches in 2017 exposed almost 6 billion records.

    Part of the reason for the big numbers is because huge amounts of data were exposed from huge companies, like Equifax. There was also a huge breach at Sabre, a travel systems provider, and the full extent of the breach isn’t even known at this point. All we do know is that it was big.

    When looking at all of the known 2017 data breaches, almost 40% of the breaches involved businesses. About 8% involved medical companies, 7.2% involved government entities, and just over 5% were educational entities. In the US, there were more than 2,300 breaches. The UK had only 184, while Canada had only 116. However, until now, companies in Europe were not forced to report breaches, so things could change now that reporting is mandatory.

    What were the biggest breaches of all time? Here they are, in order:

    • Yahoo (US company) – 3 billion records
    • DU Caller Group (Chinese company) – 2 billion records
    • River City Media (US company) – 1.3 billion records
    • NetEase (Chinese company) – 1.2 billion records
    • Undisclosed Dutch company – 711 million records

    Though none of this is great news, there is a silver lining here: none of the breaches of 2017 were more severe than any other breach in history, and overall, the occurrence of breaches dropped in the fourth quarter.

    Because of so many breaches occurring due to human error, it’s very important that businesses of all sizes enact security awareness training, including helping staff understand what makes a business a target and what type of info the hackers want.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    15 Year Old's Naked Photos Spread Like Wild Fire

    Wednesday, September 5, 2018, 9:35 AM [General]
    0 (0 Ratings)

    You have probably heard the story before. Teenage girl takes some scantily clad photos and sends them to her latest boyfriend. “What could go wrong?,” she thinks. Well, a lot could go wrong, and an article on Vice.com really lays that out. You might think that the boyfriend is to blame for this 15-year old’s photos spreading like wildfire, but the truth is this: he deleted them soon after getting them…the photos got out because the teen kept them on her phone and some classmates took that phone.

    Ultimately, the photos got into the hands of the victim’s best friend. At this point, you probably think “Phew…the photos are safe.” Wrong again. Her “best friend” ended up posting the photos to a blog. Many years later, the victim found out why…her “best friend” was mad that she had sent some angry texts to her the night before, and that her main motivation was to simply hurt her friend because of those texts. That’s all it took for a teen’s life to be effectively ruined for months.

    When things like this happen, many women are made to feel guilty that they took these photos, and this is a type of digital violence. In fact, more women are now seeking counseling to help to combat these feelings. The thing is, if you have a nude photo, you are certainly not immune. Teens often become victims here, but so do adult women and celebrities. In most cases, someone else is spreading these photos, but the victim is often blamed.

    In late 2017, the EU passed new laws that help to better protect people who find themselves in this situation, and in 2015, the British government made these actions a crime, too. However, in most other countries, no such laws exist.

    In this case, the victim ended up forgiving her classmates, but as an adult, she still has not overcome the invasion of her privacy. She also still struggles with the fact that most people in the community blamed her…not the boys who stole her phone, nor her friend, who posted them on the internet. She says that people came up to her for years after the incident and told her they saw those photos, too, and she still has that feeling that she did something wrong.

    Finally, as a society, we have to find ways to make sure that victims of these crimes are taken seriously, and ensure that video sites, like YouTube, and social media sites, like Facebook, respond immediately when notified of content like this.

    And, please, I’m not blaming the victim here, and a bit of advice, no naked pics of yourself, girlfriend, husband or wife please. It’s a bit too risky and can have significant consequences.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    10 Tips on Discussing a Screwed Up World with Kids

    Wednesday, August 22, 2018, 11:49 AM [General]
    0 (0 Ratings)

    Do you have children? How do you talk to them when something like a mass shooting happens? What about a robbery in your neighborhood? Do you talk about nuclear weapons? If you are like most parents, you don’t know where to start. Here’s 10 tips that you can use to talk to your kids about our screwed up world:

    Young Kids – Ages 2 to 6

    Parents Are in Charge – We control the “information flow” which means we can restrict what information they have access to. No mobile phones, no tablets, no TV news or conversations in the house or others homes on topics to intense for young kids. We ask questions before we send them to others homes and tell them our requirements.

    Don’t Expose Them – Don’t watch adult-themed shows until they are in bed.

    Don’t Bring it Up – It’s also recommended that you don’t even bring it up…unless, for some reason, they bring it up to you. If you do have to talk to them about it, keep it simple.

    Tell Them You are Safe – If you do have to address a situation like this, make sure that you tell your kids that they are safe. Give them a hug and assure them.

    Older Children – Age 7 to 12

    Parents Are in Charge – We control the “information flow”. Don’t give me a BS excuse “I already gave my 11 year old a mobile phone and he has a TV in his bedroom. Stop the madness and start parenting.

    Talk to Them if They Talk to You – For older kids, you should talk to them about these incidents, but only if they know about the event. Tell them that you would love to talk about it with them.

    Listen – Talking it out is only one part of this. You also have to be a good listener. Ask them questions, too, such as what they heard, how they know about the incident, and how they feel about it.

    Be Honest – When dealing with tweens, you should make sure that the truth comes from you, not from their friends nor the television or internet. You don’t have to go into great detail, and you should explain it in a way they will understand, i.e. explaining that the mass shooter/terrorist/predator etc likely is mentally ill.

    Discuss the Media – It’s likely that kids this age will get information from the media, but make sure they know that the media likes to sensationalize things to get people’s attention.

    Teenagers

    Assume They Know – Teens likely know that an event has happened, but don’t assume that they have the whole story. They often get their news from friends or social media, and that information is often incomplete.

    Engage Them in Conversation – Talking it out can help teens come to terms with these incidents.

    Give Them Hope – Finally, give your teenager hope that things will be alright. A lot of teens are focused on the dark side of things, so make sure to bring in a bright light.

    No matter their age, engage their schools administration. Most schools have systems in place to deal with and discuss tragic events based on the age and grades of the students. Often, parents will feel better that their schools have a good handle on these discussions. But it’s also up to the parents to put it out there, to let the schools know what the parents expect.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Be aware of all these Confidence Crimes

    Friday, July 27, 2018, 10:36 AM [General]
    0 (0 Ratings)

    Criminals have a reliance on tricking victims to get access to account information, like passwords. This is known as social engineering, and is also called a “confidence crime.” These come in many forms:

    Do Not Take the Bait of These Phishermen

    • A phishing email that targets a specific person is known as spear-phishing. A spear-phishing email looks like an email that might come from a legitimate company to a specific person. For example, a thief might send a fake email to a company’s employee who handles money or IT. It looks like the email is from the CEO of the company, and it asks the employee for sensitive information, such as the password for a financial account or to transfer funds somewhere.
    • Telephones are used for phishing, too, also called “vishing,” which is a combination of phishing and voicemail.
    • Fake invoices are also popular among hackers and scammers. In this case, a fake invoice is sent to a company that looks like one from a legitimate vendor. Accounting pays the invoice, but the payment actually goes to a hacker.
    • Another scam is when a bad guy leaves a random USB drive around the office or in a parking lot. His hope is that someone will find it, get nosy, and insert it into their computer. When they do, it releases malware onto the network.
    • Cyber criminals also might try to impersonate a vendor or company employee to get access to business information.
    • If someone calls, if you get an email, if the doorbell rings, or if someone enters your office, always look at it with suspicion.

    Be thoughtful about security:

    • Set up all bank accounts with two-factor authentication. All web-based email accounts should have two factor authentication. This way, even if a hacker gets your password, they still can’t access your accounts.
    • Train staff to be careful about what they post on social media, such as the nickname the CEO goes by in the office.
    • Do not click any link inside of an email. These often contain viruses that can install themselves on your network.
    • Any requests for money or other sensitive data should be verified over the phone or in-person. Never just give the information in an email.
    • All money transfers should require not one, but two signatures.
    • Make sure all employees are fully trained to recognize a phishing attempt. Also, make sure to stage phishing simulation attempts to make sure they are following protocol.
    • Help people understand the importance of looking out for things like a new email address for the CEO or Kathy in accounting suddenly signing her name Kathi.
    • Also, teach staff to report any uncharacteristic behaviors with long-time vendors or even fellow coworkers.

    I once presented a security awareness program to a company that was almost defrauded. They hired me because of an email accounting had received from the CEO. The CEO sent a nice proper letter to accounting requesting payment be made to a specific known vendor.

    A number of things were wrong with the email. First and foremost, like I mentioned, the email was nice and proper. Apparently the CEO isn’t all that nice, is somewhat of a bully, and all his communications are laden with profanity. So the red flags, where the fact that the email was nice. Imagine.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    10 Huge Home Security Mistakes

    Wednesday, July 25, 2018, 12:08 PM [General]
    0 (0 Ratings)

    Though it would be nice to think that you can fix something if you make a mistake, there are some where there is just no going back. And in some cases, these mistakes can be tragic. Here are some of the biggest mistakes that people make with their home security:

    1. Leaving Doors Unlocked – It only takes two seconds to lock your door. It should be a habit. It doesn’t matter if you are just gardening in the backyard or running to the store for 5 minutes in the middle of the afternoon, lock the door. Often, a burglar rings the doorbell. If there is no answer, they jiggle the knob. If the door opens, he lets himself in and starts ransacking the place. They can do the same thing with windows.
    2. Not Setting Alarms – You shouldn’t assume that a break in only occurs when you are gone. A guy high on crack won’t care if you are home or not. So, keep your alarm on when you are home, and only disable it when you have to go out momentarily.
    3. Being Too Cheap – Don’t settle for a cheap lock. Locks can be easily picked by using what’s called a “bump key”. Remember, you get what you pay for. So, spend the cash on a good lock. There is a dramatic difference between a lock that costs $20 and one that costs $60.
    4. Keeping a Ladder in the Yard – Keeping a ladder in your yard is almost the exact same thing as leaving your door right open with a “Welcome Burglar” sign on your home. A bad guy can easily use that ladder to get into your home. At least lock up the ladder.
    5. Hiding Keys – Even the dumbest criminals know that people hide house keys under fake rocks, flower pots, and welcome mats. Instead, make the small investment into a keyless lock. Or buy a lock box.
    6. Putting Your Valuables on Display – Use caution when you display expensive items. This is especially the case if you can see them from the window. If you can’t move these items, make sure to keep the shades down.
    7. Keeping Your Garage Unlocked – Don’t just leave your garage open or unlocked. There is a lot of valuable stuff in there, and a burglar might even gain access to your house via the garage.
    8. Not Using Lights at Night – A dark yard or home is a sign that no one is home. In other words, the perfect time for a thief to get into your house. So, set up timed and motion sensitive lighting on the exterior and interior of the home. Also, leave a radio or television on when you are gone.
    9. Leaving Deliveries Out or Not Cleaning the Yard – A sure sign that you are gone, and your home is open for burglars, is a pile of mail or newspapers. It’s also a sign if your lawn is overgrown. So, ask someone to grab your mail, park in your driveway and mow your lawn when you are on vacation.
    10. Displaying Their Good Trash – If you see a neighbor place a large Sony box with a television printed on it or a Dell cardboard box on the curb, you can easily deduce that they just got high end electronics. Robbers know this, and they know that something very valuable is in the home they can sell for drugs.

    Bonus…#11…Putting their Life on Social Media – Do not post on social media when you are on a trip. Save it for when you are home. Why? Because burglars are looking for those posts, too.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    5 Digital Security Tips That You Should Always Beware Of

    Wednesday, July 25, 2018, 12:05 PM [General]
    0 (0 Ratings)

    Hackers are out there, and they have their eyes on YOU! So, you are the first line of defense against them. Do you know how to make your smart phone or computer more difficult for hackers to access? Here’s five tips to help:

    Password Information

    • You would think that these days, everyone would know how to create and use a strong password, but people don’t. Every online account you have should have a strong, long password made of a combination of symbols, letters, and numbers. You should also use a different password for each account.
    • A good, strong password is at least 8-12 characters in length. It is also made up of both upper case and lower-case letters, symbols and numbers. Make sure it doesn’t spell anything, either. Example: “yi&H3bL*f#2S” However a phrase will do to. Such as iLike1ceCream!
    • Activate two-factor authentication on every account you can. This way, even if your password gets into the wrong hands, the hacker can’t get in unless they also have access to your smartphone.

    Understand the Cloud

    • Yes, the cloud is pretty cool, but it is still vulnerable. The cloud, essentially is just internet connected servers that sit in climate controlled secure facilities. These are generally secure. However, if your device doesn’t have the best security, the data in the cloud becomes vulnerable through your device. Example: your bank which is cloud based, is unlikely to get hacked, but your PC is. If you don’t use security software, or if you don’t update your software, cloud security doesn’t matter much.
    • Since the cloud is a huge source of data, a lot can go wrong. So, should you rely on the cloud to protect you or should you protect yourself? Feel good that in general whatever cloud serve you are using is secure. But if you are downloading pirated content and shady software, then cloud security will not protect you.

    New Devices Don’t Mean Safe Devices

    • Many believe that if they have a new device that it is perfectly safe. This isn’t true. Androids and Macs need antivirus just like PCs need antivirus. And right out of the box, all devices operating systems, browsers and software should be updated.

    Antivirus Software is Great, But Not Perfect

    • Yes, it’s awesome to have good antivirus software, but it’s not the only thing you have to do to keep your device safe. Think of your antivirus software as an exterminator. Like a pest control expert in your home, they get out the vast majority of insects when you call them. However, they can’t 100% eradicate every single egg, larvae, and bug. Free antivirus software is the same. It does a great job for the most part, but it won’t get everything. Free antivirus doesn’t come with a firewall, antispyware, antiphishing or other fundamental security tools. A paid service will generally accomplish this.
    • Ask yourself this: would you want your bank using free antivirus software? Then why do you?

    Updating Your System

    It can get annoying when your system alerts you with a pop-up to update your software, but don’t hit “remind me later.” In most cases, this update contains important security patches that you need to install to be safe. It’s best to allow automatic updates on every device.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Are You Taking Responsibility for Your Personal Safety?

    Wednesday, July 18, 2018, 10:18 AM [General]
    0 (0 Ratings)

    For the most part, the local police department does not prevent most assaults or burglaries. That would require a cop to be everywhere all at once. Not happening. However, they do their best to capture and arrest those who commit these crimes. And, preventing crimes goes way beyond getting a home security system or making sure your doors are locked and your lights are on timers. But this is a start. The truth is, your personal security and preventing crimes starts with you. It begins with taking responsibility for your property and your personal safety.

    Civilized Conditioning

    You might have heard of civilized conditioning. Civilized conditioning is what mom and dad teach you about being a civilized human in a civilized society. That means not hitting, harming, biting etc. Just be nice and in general, respect authority.

    You have probably (hopefully) been taught that it’s not okay to hurt other people, and this, of course, is a great thing. Most of us have been taught this from the time we were small children. This type of conditioning allows each of us to successfully get along with others in a society, but it also causes us to do nothing when we need to.

    Civilized conditioning has had a negative impact on our ability to take responsibility for our personal security. This is really a double-edged sword. Sure, it helps to keep us under control when we are tempted to get violent with another person. But, it also prevents us from using a violent stance when we need to.

    We are all aware that there are people out there who we could say are uncivilized. These people don’t have the same boundaries as the rest of us. When we come across those people, we have to take responsibility for our own safety. That might mean being violent.

    You Are On Your Own

    Bad things happen all of the time. Consider, for instance, installing a home security system. This is a great start and helps you to take responsibility for the safety of your property, your family, and yourself. Also, consider a self-defense class. There are several options for these classes from local courses and books to videos and online training. Additionally, teach your children self-defense skills. Even children as young as 5-years- old are definitely capable of learning techniques that can protect them. Finally, teach responsibility. You can’t always rely on the government or the police to protect you. Instead, rely on yourself.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    15 Tips to Ensure the Safety and Security of Your Home

    Wednesday, May 23, 2018, 11:21 AM [General]
    0 (0 Ratings)

    When is the last time you thought about the safety and security of your home? How about thinking about it right now? Do you do the following? If not, start, today:

    1. Do you have propane tanks for a gas grill? Or gasoline cans with gas in them? They aren’t supposed to be stored inside. Put them is a safe secure place where kids can’t access them.
    2. Do you have both smoke and carbon monoxide detectors? When is the last time you inspected them? Check the batteries and make sure they are not collecting lint and dust. If you can, integrate them, too. This way, if one goes off in the kitchen, the detectors throughout the house will also get triggered. Set a note in your calendar to replace the battery’s every 6 months.
    3. Does your mailbox lock? If not, consider upgrading to one that does. This way, mail that contains sensitive information won’t just sit out there for the taking.
    4. If you are using an extension cord outside, make sure that it is made for outdoor appliances. Others can cause fires or trip causing other issues.
    5. Don’t leave any notes on your door claiming that you will be home later. This is the case even if you are expecting a package.
    6. Understand that if there is a power outage, your food in the freezer should last for up to 48 hours. Use a generator or stock up on non-perishable food.
    7. When you use an oily rag, put it outside to dry. Then, store it in a metal can with a secure lid. Even if it looks dry, an oily rag is still flammable even if it isn’t in contact with flames.
    8. Don’t try to charge a non-rechargeable battery. This could make it explode.
    9. To dissuade burglars from getting into windows, plant thorny shrubs and bushes around them.
    10. If you have a home security system, make sure everyone knows. Place the company’s decals and signs around your home and yard. If you don’t have one, buy and place signs up anyway. It will still dissuade burglars.
    11. When it snows, shovel the driveway and create a path to your home. This shows the bad guys that someone is home. And various town and city ordinances require this or you’ll get fined.
    12. Before you leave on vacation, set your home phone’s ringer on mute. This way, if a burglar is staking out your home, your phone won’t be a dead giveaway.
    13. Before you leave town, put a hold on your mail and newspaper. Don’t let it pile up.
    14. Also, ask a friend or neighbor to park their car in your driveway if you are away. This way, a burglar will always think someone is home.

    While away on vacation, don’t post about it on social media. Burglars often search social media sites to see who in the neighborhood is away.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 26  •  1 2 3 4 5 6 ... 26 Next

Blog Categories