Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    How Criminals Prey on the Art World and Real Estate

    Saturday, March 16, 2019, 11:52 AM [General]
    0 (0 Ratings)

    Any industry involving wiring transfers of large sums of money is vulnerable to this new type of hack. Purchasing a car, home or piece of art are large transactions and are not usually done in cash. In well-established industries like real estate, there are some checks and balances, but while one would think it would be very tough to pull off this scam in real estate, it is just as easy. I do not know how many billionaire art collectors follow my blog (they should!), but most of you are regular people like my family and friends.

    Although many of us will never experience buying a million-dollar art piece from Italy, we can relate to purchasing a home. How can we make the world Safr? As a Safr.Me community, we need to rely less on industry security parameters and learn how to manually spot email-engineered money-wiring scams; they are not necessarily a common hack. Safr.mesafr.me/wp-content/uploads/2019/03/girl-... 80w, safr.me/wp-content/uploads/2019/03/girl-... 768w, safr.me/wp-content/uploads/2019/03/girl-... 1030w, safr.me/wp-content/uploads/2019/03/girl-... 400w, safr.me/wp-content/uploads/2019/03/girl-... 36w, safr.me/wp-content/uploads/2019/03/girl-... 180w, safr.me/wp-content/uploads/2019/03/girl-... 1500w, safr.me/wp-content/uploads/2019/03/girl-... 705w, safr.me/wp-content/uploads/2019/03/girl-... 100w, safr.me/wp-content/uploads/2019/03/girl-... 480w, safr.me/wp-content/uploads/2019/03/girl-... 610w" sizes="(max-width: 380px) 100vw, 380px" />

    When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent. That means scammers are getting more efficient.

    Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back.

    One Victim’s Story

    In my circles, I occasionally brush up against those whose lives are just perfect—or what most of us would consider perfect. They’ve made all the right choices, and with hard work everything lined up wonderfully. Anyway, I met a great husband and wife team, and this awesome guy is a money man. He handles investments not just for companies but for countries. That means big commissions. That means he’s a juicy target.

    This level of income also allows one to develop and feed a taste for fine art. I’m not a museum or art aficionado by any stretch, but this persons art collection was amazing. Their art of choice is called Hyperrealism. Google it. It’s paintings that look like photographs, and to us common folk it’s called “Frikin’ Awesome.” When I attended a party at this person’s home with a bunch of others, we got a quick tour. After seeing this household collection, it must have been painfully obvious by all of our jaws dropping and our stupid (but appreciative comments) that we were all out of our league.

    Anyway, money man purchased a $200,000 piece of art via email, which apparently isn’t unusual. Long story short, hackers intercepted his email communications via the hacked gallery and he wired $200,000 to a criminal. Remember, he’s in finance; finance guys are conditioned to recognize risk. When he looks back, there were slightly odd requests in the communications, but they made sense. Keep in mind, he was functioning in the security parameters in which this industry exists.

    Lucky for him, his bank flagged the transaction because the account to which the wire was being sent was brand new, and a brand new account that’s being wired $200,000 is recognized by this bank’s anomaly detection software as potential fraud.

    He called the gallery, and they concurred it was fraud. His heart sank, and he jumped into panic mode as one would when $200,000 is about to vanish. He then made every possible phone call to stop this transaction and got nowhere as 99% of the world’s population who is affected by something like this would suffer the same experience.

    His ace in the proverbial hole was because of his role in his company and his professional connection to the particular bank. After losing 10 pounds from nerves, he was able to make a personal phone call to some muckety mucks at the bank and get the whole thing fixed. I’d pull the same strings if I had them. You would too.

    How the Hack Works

    Although it’s not entirely a new concept, this is the freshest approach hackers are taking; and it targets art galleries, collectors, real estate agents and your clients. You need to put this on your radar! This is a pretty simple hack. Basically, criminals are breaking into the email accounts of the art dealers who manage high-end galleries, and then they monitor the email correspondence. Breaking in, in other words, means “logging in” because millions of email addresses and their associated passwords are in the hands of criminals due to massive data breaches.

    So, when the dealer or gallery sends an invoice to the innocent art collector via email, the hacker is triggered and will step in. The bad guy will now impersonate the dealer and warn that the invoice had a mistake on it or change up the instructions. The criminal does this to justify a wire transfer, maybe offering a slight discount, and then asks the buyer to send the money to a different account. Once the hackers have the money, the third-party hacker just disappears.

    The Victims of This Scam

    Both buyers and sellers are victims here, and in many cases, both are left in the dark because the hacker hijacks the conversation. In other words, they take control of the emails and play both parts. In the art world for example, when the gallery emails the customer, the hacker intercepts the email pretending to be that customer. The same thing happens when the customer emails the gallery. This gives the hacker plenty of time to cover their tracks and get away, and in the meantime, money and time is lost for all parties involved. There have even been some galleries that have had to close altogether due to the financial impact of account wiring and money transferring scams.

    Why Art Galleries?

    Good question. Interestingly enough, the reality is that hackers are only targeting the art industry because it’s really easy to do so. A wire fraud happening in the finance industry used to be a “thing,” but there are so many security protocols in place within finance making it difficult to pull off a transfer scam within the financial space.

    Tips to Keep Email Fraud at Bay

    These tips are for buyers, brokers, real estate agents and art galleries.

    • All email account passwords should include uppercase, lowercase, numbers and characters. Never use the same password twice—NEVER.
    • All email should have two-step authentication. This means after logging in, a one-time password is texted to the user’s mobile for account access.
    • Make sure to change all passwords for online accounts, including Wi-Fi, regularly and especially after a data breach.
    • Escrow services are your friend. There’s a ton of them. The gallery or broker will, or should, have a relationship with a trusted source.
    • Pick up the phone, and confirm every aspect of a transaction until you are blue in the face and annoying everyone involved to the point you are satisfied that the money is safe.
    • Update all of your anti-virus software.
    • When you send an invoice via email, call or text a trusted number of the recipient to double check that they got it and that they have the correct account number.
    • Urge all of your staff to remain vigilant when opening emails, and make sure that they do not click on any links or download attachments unless the correspondence has been verified by phone. If you have doubt, contact the sender by phone.

    There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate. Take a look at our eLearning Courses and our S.A.F.E. Certification.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    10 Tips to Not Ending Up A Dead Real Estate Agent

    Wednesday, March 6, 2019, 10:35 AM [General]
    0 (0 Ratings)

    Yes that title is awful and yes you should be offended. Real estate agents often find themselves in dangerous situations. And for 20 years, I’ve been screaming this, doing something about it, and it keeps happening. And the real estate agents and industries response?

    Thots and prayers. Thots and prayers. Thots and prayers. Thots and prayers.

    How’s that workin’ for ya?

    Sometimes you have to visit unsafe neighborhoods, you might have to come face to face with a vicious dog, or even have an unsavory character walk right into an open house.

    In 2016, approximately 3% of all real estate agents reported that they were physically attacked when on the clock. Though this might seem like a small number, you have to consider that only about 2% of the entire population of the country are physically attacked each year. This means, of course, that if you are a real estate agent, your odds of assault are higher than the average person.

    Remember, no one is immune to this. Here’s a brief first person account posted to Facebook about a real estate agents experience…and it could even be you:

    Another reason why I like running my real estate business by referral: Went to meet a female seller today who contacted me on-line. She told me she would meet me at her property as it is an occupied rental. She was there and so were about four guys. Small, cramped house. She told me the tenant would take me around as he knew the house better than her…. immediately I knew something was off.

    He takes me around the first floor then he’s showing me upstairs and another guy who wasn’t one of the four downstairs appears out of nowhere and stands behind me. I’m now seriously freaking out as instinct told me something was about to happen. I made my excuses quick and went back downstairs. I put aside my manners and took out my phone and while chatting briefly with the seller, I text my location to my team. Then I left.

    My 5ft 100lb self would have been no match for them.

    I realized mid-way through that 10 minute tour that no-one knew where I was, I had no idea who these people were and if this woman actually was who she said she was.

    Point of the story: realtors please be extra vigilant when being in homes of strangers. I know it sounds obvious yet it’s not as we are simply doing ‘our job’ and we can’t do that if we don’t visit other people’s homes. This ended well yet it could have been a very different story for me today. Stay safe and trust your instinct.”

    The seller was a female, and the seller said that she would meet the agent at the property, as it was a rental and currently occupied. When the agent arrived, she saw the seller along with four men in a small, cramped house. The seller, herself, would not give the agent a tour of this home; instead, she said one of the tenants would take her.

    REG FLAG.

    Almost instantly, the agent knew something was weird about this. One of the men took the agent to the second floor, and before she knew it, there was another man directly behind her…and this man was NOT one of the men she had seen downstairs.

    This was a very scary situation, and though this story did not end in disaster, plenty of these situations, do. Be smart, stay vigilant, and trust your instincts when something seems off.

    Here are 10 tips that you can use to keep yourself from ending up a dead real estate agent:

    1. Research – Before you meet with a potential buyer, make sure to do a little research. This might be as simple as doing a Google search on them, or you can create a questionnaire to get information from them.
    2. Get an ID – Ask for the ID of any potential buyer/seller before showing the home. You should be able to get a photo of their ID and keep it on your phone and text it to a colleague just in case. If they refuse, this is a red flag.
    3. Show During Daylight Hours – Only show a home during daylight hours.
    4. Bring a Buddy – Do you have an assistant, friend, or family member who wants to keep you safe? Bring them along. When showing a home, try to bring a buddy. Make sure the buyer/seller knows that this other person is coming.
    5. Know What You are Going Into – Do your best to get a lay of the land when going into a home for the first time. Ask if there is anyone else in the home, too.
    6. Stay Near Exits – Make sure when you are showing a home, or being shown and home, that you always have an eye on the exit. Also, don’t go into any area, such as a basement, where someone couldn’t hear you if you had to yell for help. Unless you bring a buddy, and allow the buyer to take a look on their own, if necessary.
    7. Don’t Let Your Guard Down – Any person who walks into a home is a potential “bad guy/gal.” Don’t let your guard down, even if they seem like they are an upstanding citizen.
    8. Advertise Smartly – When advertising, make sure to do so smartly. Make sure that people know that viewing the home is by appointment only and that you will be checking their ID before showing the home.
    9. Dress Appropriately – Don’t wear any expensive jewelry when showing a home, and make sure to dress in a professional manner. Wearing clothing that is revealing, for instance, can send the wrong message.
    10. Trust Your Gut – Finally, trust your gut. If something seems wrong, it probably is.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    How to Access that Old Email Account

    Friday, February 22, 2019, 8:52 AM [General]
    0 (0 Ratings)

    Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

    The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

    First, Know the Protocol

    Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

    The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

    POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

    There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

    Do You Remember the Service or Email Address?

    If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

    Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

    First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Make Your Mobile a Tough Target for Thieves

    Friday, February 22, 2019, 8:47 AM [General]
    0 (0 Ratings)

    You should definitely pay attention to your mobile phone security. Most of us don’t, which makes it easy for hackers and ID thieves to target us. Here are some tips to protect yourself from becoming a target for thieves.

    safr.me/wp-content/uploads/2019/02/072-8... 80w, safr.me/wp-content/uploads/2019/02/072-7... 768w, safr.me/wp-content/uploads/2019/02/072-1... 1030w, safr.me/wp-content/uploads/2019/02/072-4... 400w, safr.me/wp-content/uploads/2019/02/072-3... 36w, safr.me/wp-content/uploads/2019/02/072-1... 180w, safr.me/wp-content/uploads/2019/02/072-1... 1500w, safr.me/wp-content/uploads/2019/02/072-7... 705w, safr.me/wp-content/uploads/2019/02/072-1... 100w, safr.me/wp-content/uploads/2019/02/072-4... 480w, safr.me/wp-content/uploads/2019/02/072-6... 610w" sizes="(max-width: 300px) 100vw, 300px" />

    Use a Passcode

    One of the easiest ways to ensure that you are not a target for thieves is to use a passcode. All mobile phones have a built-in passcode option, and if you have an iPhone you can even set a passcode if it has been stolen by using the Find My iPhone feature.

    Use Face ID or Touch ID

    To make your iPhone even safer, you can use Face ID if you have the iPhone X or Touch ID on other iPhone versions. This is much stronger than using a passcode.

    Set up Find My iPhone

    If your iPhone gets stolen or you lose it, you can use the Find My iPhone app. This is a free app that is built into the iCloud. It uses GPS to show where your iPhone is at any time, as long as GPS is enabled. For Androids set up Find My Device to accomplish similar tasks.

    Look at Your Privacy Settings

    You should also take a look at your privacy settings. Your data is extremely important and there are threats all of the time. Fortunately, you can set your privacy settings to make it tough for people to get into it. Depending on your phone OS, seek out built in privacy, location, encryption and VPN settings.

    Should You Get Antivirus Software for Your iPhone?

    You might think that you can make your phone safer by adding antivirus software. Yes, it’s very important to have anti-virus software for your computer, but you don’t need it on your iPhone, but definitely do need it for your Android. Do a search on Google Play, there are plenty.

    Stop Jailbreaking (iPhone) or “Rooting” (Android) Your Device

    Another way to keep your phone safe is to stop jailbreaking. A lot of people like jailbreaking because it gives more freedom to customize your phone how you want. You can also download apps that Apple has not approved of. However, jailbreaking your phone can cause it to become more open to hackers, too, which could really be devastating.

    Encrypt All Backups

    When you sync your iPhone to your computer, it holds data for your as a backup. This way, if you ever need it, you can get it easily. However, this also means that this data could be open to hackers if your computer ever gets hacked. So, it’s always best to make sure that you encrypt all backups. You can do this in iTunes with only a few additional steps.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    How to Monitor a Cell Phone

    Friday, February 15, 2019, 11:11 AM [General]
    0 (0 Ratings)

    Do you fancy yourself a spy and wondering how you can monitor someone else’s cell phone? You won’t get that information here, but there is some good info on cell phone monitoring if you keep reading:

    The Legalities of Tracking Cell Phones

    Generally, it is not legal to monitor a cell phone that does not belong to you. However, generally speaking, and THIS IS NOT LEGAL ADVICE, if the account is under your name or if you have written permission from the person who owns the phone, you can track it.

    Why Monitor a Cell Phone?

    There are some situations where it is perfectly legal, and even useful, to monitor a cell phone. One good reason is to monitor your family. This is especially the case if you have a tween or teenager who has some freedom.

    Another reason you might consider monitoring a cell phone is if you have an elderly family member, like a parent, who uses a cell phone. If your loved one has dementia, you certainly should track their phone.

    Businesses also often track company issued cell phones. The main reasons to do this is to locate a device if it is ever lost or stolen and to monitor employee communications.

    The Main Ways to Track a Cell Phone

    There are three different ways that people track cell phones:

    • Through the Cell Phone Carrier – Most major cell phone carriers offer a feature that allows a person to track a cell phone that is on their account. There is a fee for this service, it is totally legal, and it’s a great way to track family members.
    • Through a Smartphone or Computer– If you have a smart phone that runs iOS or Android, you can use features like Find My iPhone, or you can use apps like Find My Friends. Just keep in mind that the phones must have GPS enabled for these to work.
    • Though a Third-Party App – To trace a phone through an app, you usually have to have access to the phone you want to track AND own it and/or written permission from the phone’s owner. Typically, both devices must have the app loaded for these apps to work. Some of these apps are free for limited features. Others come with a one-time or monthly payment for the service.
    • Through an Infected email or Text Link – This is pretty much illegal and might get you stint in the klink. Pulling this off requires special malware or spyware which can be obtained on the dark web for a price. That will mean you’d got from being legal to the seedy world of Blackhats. And as they say, once you go black, you never go back. You would then officially be a criminal.

    In most cases, it is not legal to trace or track a cell phone unless you have permission from the owner. However, each state has their own laws, so it’s very important that you understand the laws in the state you live. This way, you can avoid any repercussions.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.


    Page 1 of 59  •  1 2 3 4 5 6 ... 59 Next