Gladys Kravitz is Sniffing FREE WiFi Hotspots for Your Secrets

The free WiFi hotspot ritual is habitual. You head to your favorite café to get some work done “away from the office”. Justifying your $4 cup of 50 cent coffee with a Starbucks-approved rationalization (“I work so much more efficiently at my 3rd spot!”), you flip open your laptop, link to the free WiFi and get down to business. The caffeine primes your creativity, the  bustling noise provides a canvass backdrop for your artful work and the hyper-convenient Internet access makes it easy for someone else (think organized criminal) to intercept everything you send through the air.

At the table next to you, drinking a free glass of water (these guys are too smart to pay that price for a cuppa joe), sits a hacker running a piece of software that sniffs the data you send over the free (unprotected) WiFi. They watch your private data like Gladys Kravitz stalking the very bewitching and often nose-wriggling Samantha. When you log in to your webmail account, they record your username (usually your email address) and password. Since you use the same password for many different websites, they run an automated computer program that attempts to log into every bank in the world using that username and password. When it fails, the program automatically increments your email password in every way possible until it eventually cracks your banking code.

By the time you head for a latte refill, you can no longer afford it. (This is one effective way to break the Starbucks habit). Most of us have been well trained to unthinkingly connect to the FREE WiFi hotspot at cafés, airports and hotels. Wireless technology is both useful and powerful, but operating it without protection is like skydiving with a parachute that you never deploy (it’s a fun ride while it lasts…). If you connect to any WiFi hotspot without first having to log in with a unique username and password, there is nothing that masks your data as it travels through the air. (Watch the 9News Investigation Video with Jeremy Jojola for a sample).

How to use a free WiFi hotspot without crash landing

Like our previously mentioned skydiver, you want not only to put on your parachute before you jump, but to pull the cord before you taste dirt. Here are some simple steps you can take, along with a “How To” video, before you jump on your next free WiFi hotspot:

  1. HTTPS Surfing. If you absolutely must use the free WiFi hotspot, only exchange information over websites with encrypted connections. What’s an encrypted connection and how can you tell? Watch this short video to learn how to tell if you are on a safe, https internet connection. If you are, all of the data that goes between your device and the WiFi hotspot (and eventually onto the Internet), is scrambled and protected by a passcode (the encryption part) that makes it much harder to intercept. Banks (see video), Gmail and even Facebook (see video) offer HTTPS connections. Sometimes all you have to do on a website is to change your security defaults! If your connection is regular old http (no “s” at the end), just know that your data can be free for all to see (if they have the right tools).
  2. Tethering. Also known as a personal WiFi hotspot, tethering is the act of using your smartphone’s encrypted cellular connection to the Internet to surf securely from your mobile device. Tethering works for laptops, tablets and iPods and is relatively simple and inexpensive to use. To tether your computing device to your smartphone, simply contact your mobile provider (Verizon, AT&T, Sprint, T-Mobile, etc.) and let them know that you want to be able to connect your computing device to your smartphone (you want to tether). They will let you know that it costs about $15 per month (well worth the protection), will turn it on and will walk you through setting up both your smartphone and device so that they communicate with the Internet in a well-protected manner. Note: Many tablets, like the iPad, now come with cellular data access built into the device. So, for example, if you have an iPad with Wireless + Cellular capability, you can almost always connect via your cellular connection (just like your phone connects) and never even have to utilize free WiFi (though it’s still safe to use the secure Wifi in your home and office). You can do the same thing by accessing the Internet via your smartphone that is NOT connected to WiFi. Cellular surfing can be a bit slower, but it is considerably more private.
  3. VPN Software. Using a VPN (or virtual private network software), is a safer way to surf on free WiFi. Think of it like this: it takes the same protections you get when using an https connection and applies them to all of the URLs you visit. VPNs are standard gear for business users, but individuals need them just as much as corporations. One of the more popular VPNs for consumer use is Hotspot Shield VPN (this is not an educated endorsement of the product, just an example). The good part about a VPN is that it protects your data transmissions over the internet at all times, not just when using free WiFi.

Better yet, utilize all three solutions and find yourself 100% safer than the Frappuccino lover over at the next table. Mobile computing will increase your productivity, your connectivity and your flexibility. But to do it without a bit of security preparation is to court digital suicide.

John Sileo not only uses free WiFi hotspots (wisely), he is an internationally recognized keynote speaker on how to keep your employees from making poor data security decisions regarding identity, privacy and reputation protection. His happy clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  Tyler Tobin, the CEO and Chief Hacker for Tobin & Associates LLC, is a world renowned Professional White Hat Hacker. His firm specializes in performing compliance, GLBA and full-blown security assessments. His customer base is both regional and global. Assessments include social engineering, external and internal vulnerability and penetration testing and compliance examinations (SEC, SOX, SSAE and GLBA).

Product Review: Deluxe High Security Checks offer banking security

Proper check fraud prevention is of the utmost importance, especially at a time when instances of data crime are on  the rise. A line of checks from Deluxe aims to utilize technology to increase your financial security.

A big part of financial fraud comes from faulty or insecure checks, and companies need to take whatever measures they can to ensure their employees’ payments are kept safe. Deluxe is now offering a brand of High Security Checks with more than 20 features to keep information private by reducing the chance that they can be copied successfully.

Each individual check in this series comes equipped with several simple but high-tech elements. While some of these features can be found in standard checks, several are exclusive to the High Security brand. The check’s face alone contains both a foil hologram that is incapable of being reproduced and a thermally sensitive image designed to detect heat, not to mention a layered background image, which is more difficult to fake than a solid color. There is also a highly secure watermark that’s resistant to such efforts. Even the paper itself contains chemicals on the back that will respond to any tampering attempts.

Even a smaller company could be required to print many physical pay stubs every month, making check scams an even bigger risk for those producing them. It is imperative that employers make the most of their systems by safeguarding them in every way possible. Criminal methods like check-washing are more common than you might think and could happen to anyone who does not have proper check fraud prevention measures in place.

For more information, interested parties can check out Deluxe’s website at www.deluxe.com/highsecurity. They offer other products that could benefit your corporate well-being and provide additional, non-intrusive fraud protection.

John Sileo is a check fraud prevention expert, a keynote speaker on privacy, identity and reputation protection, and a spokesperson for Deluxe. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. 

Check washing & check fraud can dirty your spring cleaning

Check washing is so simple, you must learn to prevent check fraud

Are check fraud and check washing still relevant in the age of digital payments? If you’re like the average person, chances are you don’t write too many checks anymore. With the convenience of online payment options, nearly universal acceptance of credit and debit cards, and the proliferation of ATMs offering you easy access to money at every turn, why resort to the archaic, labor-intensive method of writing a check?

The simple answer—sometimes we have no other choice!  Some places still don’t accept credit cards (Costco if you don’t have an American Express), or they charge an extra fee for them.  Some retailers don’t offer online payment options.  And frankly, sometimes it’s just an old habit and we haven’t made the effort to find a safer option because we’re stuck in the mindset of “it’s never happened to me” when thinking about check fraud.

Yet, according to a recent AFP Payments Fraud and Control Survey, checks remain the payment type most vulnerable to fraud attacks. In an American Bankers Association Deposit Account Fraud Survey, 73% of banks reported check fraud losses totaling approximately $893 million. And perhaps scariest of all, the imprisonment rate for check fraud is only 2% according to a statement made by the Department of Justice.  So although it’s not as glamorous or high tech as some other forms of fraud, check fraud is very tempting to criminals. It’s often as easy as taking an afternoon stroll down a street looking for vulnerable mailboxes, and then doing a little bit of “laundry”.

Check Washing Check Fraud

One form of check fraud that hits home for businesses and individuals alike is check washing.  It is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means. We conducted our own experiment to see just how easy it is to alter a check.  Take a look at our results in the video above.

What can you do to prevent this form of check fraud from happening to you?  There are many steps you can take:

  • Always use high security checks with multiple check fraud and check washing countermeasures
  • Use security gel-based pens with dark ink 
  • Don’t leave mail containing checks in an unattended or unlocked mailbox  (i.e. w/ red flag up)
  • Buy a locking mailbox (one large enough for a postal carrier to put mail through, but not large enough for a hand)
  • Shred voided checks
  • Check your bank statements regularly and immediately when you receive them.  You have a limited time in which to report check fraud.
  • Put clear tape over important fields when mailing a check
  • Do not leave blank spaces on payee or amount lines
  • Have new checks delivered to your bank if possible so they are not sitting in your unattended mailbox

Businesses are highly susceptible to massive check fraud via check washing, because the balances in their accounts tend to be higher and more vulnerable. This simple change from regular checks to high security checks can drastically reduce your risk of check washing and check fraud.

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Stop Check Fraud with Security Checks

How to Stop Check Fraud and Check Washing

Check washing, a highly common form of check fraud, is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means.  One of the many ways to protect yourself against check fraud is so important that it deserves its very own article.

A foolproof way to protect your checks from being altered, whether by washing or by electronic means, is to use security checks offered by most companies.

Here are some of the features to look for when you’re purchasing High Security Checks.  These features will safeguard you not only against check washing, but other high tech forms of check fraud as well:

  • Safety security paper (visible and invisible fluorescent fibers, chemical-sensitive)
  • Foil hologram (cannot be reproduced by copiers or scanners)
  • High resolution border elements (intricate design is difficult to reproduce)
  • True watermark (cannot be reproduced by copiers or scanners)
  • Toner adhesion  (damage is visible if toner is lifted or scraped)
  • Void element (the word void appears if photocopied or chemically altered)
  • False positive test area (instant authenticity test with black light or counterfeit pen)
  • Complex pantograph background pattern and high-security colors
  • Thermochromatic ink (reacts to heat to deter copying)
  • Original document backing (deters cut and paste alteration attempts)
  • Chemical wash detection area (shows chemical alteration attempts)
  • Security warning box (becomes visible when photocopied)
  • Padlock icon (signifies that checks meet industry standards)

One more vital tip to foil the check washers: use a dark ink, gel-based pen, preferably one that states it is a security pen. Take a look at the video to the left to see how easy it is to wash a check if you are not using a high security gel-based pen. 

Yes, you may spend a few extra dollars for security checks and pens, but compared to the staggering cost of recovering from check-washing schemes (small businesses lose more than 7%  of their annual revenue to check fraud  – over $600 billion), it’s a drop in the bucket!  Your peace of mind and saved recovery time are worth it.

Checks Unlimited provides personal Securiguard checks with 7 advanced security features including chemical protective paper, microprint signature lines, and a 2 dimensional holographic foil that is irreproducible on copiers or scanners.  Their Security Center also offers fraud prevention tips and security products!

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

Sileo Identity Theft Prevention & Online Privacy Checklist

Identity theft prevention is not a one-time solution. You must accumulate layers of privacy and security over time. The following identity theft prevention tips are among those I cover in one of my keynote speeches.

  1. Review your Free Credit Report 3X per year at www.AnnualCreditReport.com.
  2. Opt-Out of financial junk mail.
  3. Stop Marketing Phone Calls at www.DoNotCall.gov.
  4. Freeze Your Credit. State-by-state instructions at www.Sileo.com/2.
  5. If you don’t want to use a credit freeze, place Fraud Alerts on your 3 credit files.
  6. Use sophisticated Identity Monitoring software to detect theft before it’s disastrous.
  7. Stop Sharing Identity (SSN, address, phone, credit card #s) unless necessary.
  8. Protect Your Wallet or Purse. Watch this video.
  9. Protect Your Computer and Online Identity. Privacy Means Profit
  10. Protect your Laptop. Visit www.Sileo.com/laptop-anti-theft for details.
  11. Bank Online: online bank statements, account alerts and bill-pay.
  12. Buy a Shredder (or 2) & shred everything with identity you don’t need.
  13. Minimize Social Networking Exposure. Privacy Means Profit
  14. Lock down your Social Networking Profiles www.Sileo.com/facebook-safety.
  15. Realize that approximately 50% of the worst ID theft crimes are committed by Acquaintances & Friends.
  16. Set up two-factor authentication with your bank.
  17. Stop Clicking on Links in emails and social networking posts that you don’t recognize as legitimate.
  18. Avoid emails/faxes/letters/calls/people promising Something for Nothing.
  19. Know that protecting Other People’s Privacy is part of your responsibility.
  20. For more tools, purchase a copy of John’s Latest Book on Information Survival, Privacy Means Profit.
  21. Subscribe to The Sileo Report eNewsletter and follow John’s Blog.
  22. Consider bringing John Sileo to speak to your organization on identity theft, cyber crime, social engineering, social media exposure and other topics of information exposure.

Top Tips for Tax-time Identity Theft Prevention: Part 2

Tax Time Identity Theft: Part 1 – Tax Preparers | Part 2 – Protecting Computers | Part 3 – IRS & Tax Scams

Secure your computers and copy machines from hackers.

Last year, more than 80 million Americans filed their tax returns electronically and even more stored tax-related information insecurely on their computers. To prevent electronic identity theft, implement the following security measures:

  • Install anti-virus, anti-spam and anti-spyware software (generally referred to as a Security Suite) configured to download and install automatic updates. Failure to take this most basic and time-tested of steps allows malware attached to malicious emails, social media platforms and rogue websites to penetrate your entire system, giving thieves access to every computer on your network, not just one.
  • Create strong alphanumeric passwords or utilize password protection software to protect the digital keys to your information.
  • Encrypt hard drives or data-sensitive folders to keep out unwanted visitors.
  • Set up automatic operating system updates and security patches that close gaping entry points for data thieves.
  • Utilize only a WPA2+ encrypted wireless network that discourages thieves from sitting outside of your home or office to sniff the data you send over Wi-Fi.
  • Have a professional install a properly configured, password-protected firewall that sits between your network and the Internet.
  • Don’t email sensitive tax data unless it is encrypted. In a pinch, you can email password protected PDF documents.
  • If you use a commonly accessed copy machine, consider erasing your copy machine’s hard drive, as it maintains a digital record of every document you scan or copy. Criminals often access these when you (or your workplace) sells or repairs the machine.
  • Continuously monitor your identity using  a sophisticated product that handles cyber-surveillance, credit monitoring, restoration services and ID theft insurance.

Tax Time Identity Theft: Part 1 – Tax Preparers | Part 3 – IRS & Tax Scams

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

9th Day: I’m Getting Nuttin’ (but Scams) for Christmas

Holiday Security Tips: On the ninth day of Christmas, the experts gave to me, 9 protected packages

Thieves are on the lookout for the delivery of packages, especially around the holidays.  Fed Ex and UPS packages might sit outside for hours, often in plain view from the street, making a mighty tempting target.  Not only can thieves grab the precious contents inside, but also the shipping labels often contain personal information the thieves love to get their hands on.

Solution: Ship packages to your work address, a PO Box or require a signature 

If your employer doesn’t mind your receiving packages at work, have them shipped there since someone is generally available during the day (when shipments arrive). If that doesn’t work, consider getting a PO Box at the post office during the holidays. When all else fails, ask to have your packages shipped with signature required so that they aren’t dropped off unless someone is there to sign.

 

Even if you didn’t put a tack on your teacher’s chair or tie a knot in Susie’s hair, you might get nuttin’ for Christmas if you don’t outsmart the thieves. On the tenth day of Christmas…

John Sileo helps businesses defend against data exposure by speaking at conferences looking for highly relevant content delivered with humorous audience interaction. See video clips of John on stage and in the media.

I Left My Credit Card @ The Restaurant, Now What?! – Privacy Project Episode #8

So I’m out to dinner with a professional speaker whose name I’ll drop so that you’ll be impressed. Larry Winget. Larry is the Pitbull of Personal Development and he’ll probably kill me for not putting a trademark after that title, because he owns it. If you have somebody in your life (kid, employee, boss) that doesn’t take responsibility for the life they lead and the work they’re supposed to do, Larry’s your man. Google his name and find out, or go to LarryWinget.com.

But back to my story. I treated Larry to dinner in Phoenix because I owe him a thousand meals for the coaching he gives me and we’re leaving the table when his wife (who is much nicer than Larry) asks if I’ve taken my credit card out of the folder. Nope. God I hate when that happens! Small oversight for someone who lives and breathes security and privacy. I left my card in the folder, on the table and was fully prepared to leave the restaurant!

Anyway, this brings up a good point. Now matter how much you know, no matter how hard you work at protecting your identity,sometimes you will slip up and be your own worst enemy. There are just simply times when identity is out of our control. But you don’t have to stress about it. A quick response solves a lost credit card without much pain. Take a look at the video for steps on what to do if you lose or misplace your card.

5 Disastrous Decisions that Destroy Small Business – and How to Avoid Them

Interactive Webinar, Sponsored by Deluxe Corporation, Featuring Privacy Expert John Sileo

ST. PAUL, Minn., Oct 04, 2012 (BUSINESS WIRE) — Cyber criminals sabotaged John Sileo’s business – and nearly landed him in jail. Now he’s determined to help small business owners prevent the disastrous mistakes that loom ever-larger in the age of identity theft, mobile computing and social media.

Sileo will share his story – and the lessons he learned – in an hour-long interactive webinar on Tuesday, Oct. 9 at 2 p.m. EST. Titled “5 Disastrous Decisions that Destroy Small Business,” the webinar is sponsored by Deluxe Corporation and designed to provide business owners with simple, actionable tools to help protect their operations and enhance their efficiencies.

To register for the 2 p.m. EST webinar, go to www.deluxe.com/highsecurity.

Sileo is the award-winning author of “Privacy Means Profit,” and has appeared on “60 Minutes” and “Fox and Friends.” He launched his career as a privacy consultant after thieves stole his identity and used it to embezzle nearly a half million dollars from his clients. The security breach destroyed his business and triggered a two-year legal morass.

Now, Sileo is America’s leading professional speaker on identity theft and information control. During the Deluxe’s interactive webinar, he will be joined by Susan Haider, executive director, high security product management, Deluxe Corp.

He will share insights gleaned from years of experience, including details on:

  • How Sileo’s business was destroyed by poor decision-making.
  • Mistakes other small business owners have made and how to avoid them.
  • Concrete, actionable steps you can take to minimize your risk now.Human, physical and digital threats to your business security.
  • Targeting skills you can use to design your plan of attack.We

Following the presentation, participants can get personalized advice from Sileo and Haider during a Q&A session. Participants also will receive a free copy of “Are Tax-time Identity Thieves Targeting Your Small Business? 5 Defense Strategies,” a white paper written by Sileo.

 

About John Sileo John Sileo is an award-winning author and privacy speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. His clients include the Department of Defense, Pfizer, the FDIC and Homeland Security. Watch him on Anderson Cooper, 60 Minutes or Fox Business.

His satisfied clients include the Department of Defense, Blue Cross, Homeland Security, the FDIC, Pfizer, the Federal Trade Commission and corporations, organizations and associations of all sizes.

About Deluxe Corporation Deluxe is a growth engine for small businesses and financial institutions. Over four million small business customers access Deluxe’s wide range of products and services including customized checks and forms as well as website development and hosting, search engine marketing, logo design and business networking. For financial institutions, Deluxe offers industry-leading programs in checks, customer acquisition, regulatory compliance, fraud prevention and profitability. Deluxe is also a leading printer of checks and accessories sold directly to consumers. For more information, visit us at www.deluxe.com , https://www.facebook.com/deluxecorp or https://twitter.com/deluxecorp .

SCAM ALERT: Target Texting Scam

SCAM ALERT! There is a Target texting scam going around. The text looks similar to the one in the picture to the left, and generally says you’ve won a $1,000 gift card if you simply click on the link and collect the money. When you click on the link, it takes you to a Target-looking site that a criminal has set up to collect your private information. The information is then used to steal your identity. In other cases, clicking on the link installs a small piece of malware that takes control of your phone and forwards your private information to the criminals.

 

Where do the criminals get my mobile phone number to text me in the first place?

  1. They purchase it off of black-market sites on the internet
  2. You give your mobile number away to enter contests, vote on reality shows, etc.
  3. You post it on your Facebook profile for everyone to see
  4. Data hijackers hack into databases containing millions of mobile numbers
  5. Most likely, the thieves simply use a computer to automatically generate a text to every potential mobile phone number possible (a computer can make about a million guesses a second).
What can I do to protect myself and my phone?
  • If you receive a text from any number you don’t know, don’t open it, forward it or respond to it
  • Instead, immediately delete the text (or email)
  • If you accidentally click on the link, never fill out a form giving more of your information
  • Place yourself on the national DO NOT CALL list.
  • Stop sharing your mobile phone number except in crucial situations and with trusted contacts
  • Remember when you text to vote or to receive more information, enter sweepstakes or take surveys via text, they are harvesting your phone number.
  • Resist the urge to post your mobile number on your Facebook wall or profile

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust. He is CEO of The Sileo Group, which helps organizations protect their mission-critical privacy. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation  or watch him on Anderson Cooper, 60 Minutes or Fox Business.