Catching Credit Card Thieves Before They Cash Out

 

How cool would it be if you could get an alert any time somebody was trying to fraudulently use your credit card account?  Well guess what?  That technology already exists.   You just need to turn it on.

Hi, I’m John Sileo and we’re bringing you this episode of Sileo On Security from Opryland, Tennessee.  So what are account alerts?  An account alert is when your credit card company or your bank alerts you if there’s been any action on your account whether you’re spending on your credit card or transferring money/withdrawing money from your account.  That way if it’s fraudulent you know it right away and if it’s legitimate you don’t have to do anything about it.

Why do account alerts even matter?  Well, first of all, they let you know automatically, without you doing any extra work if someone is spending on a credit card that’s not you, that’s not legitimate.  If they’re transferring out of your bank account or withdrawing out of your bank account when it’s not you or if they’re transferring between accounts.  So you get an automatic alert anytime it’s legitimate and anytime it is illegitimate, and it’s those illegitimate ones that you shut down immediately by calling your bank.

Setting up an account alert is simple.

Number one: you go to the website of the bank or credit card company you’re setting it up with.  So let’s say it’s BankOfAmerica.com.

Number two: in their search toolbar you’re typing the words “account alert” or “account alerts” and it will take you to that page on any good banking or credit card website where you can automatically set up those alerts, where it explains it to you.

Number three: when you set up your alert, set it for a threshold that makes sense.  For me, I set it up for a dollar and above.  If somebody spends a dollar or above I get an automatic alert.  I get a text so that I see it on my phone right away when it happens.

My challenge to you right now is to go and set up one account alert on your most valuable account whether that’s a bank account, a credit card account or an investment account.  Go in and Google the words “account alert” or “account alerts” (in quotes) and then the URL address of that bank or credit card company.  If it’s Bank of America, put in “BankofAmerica.com” and (in quotes) “account alerts” so that you go directly to the page where they tell you how to set it up for that specific account.

All data protection isn’t about prevention; some of it is simply about detecting the fraud very quickly and shutting it down very quickly.  That’s exactly what automatic account alerts do.  They shut it down before the thief has time to spend large amounts of money in your name.  For Sileo on Security here in Nashville, Tennessee, thank you so much.  We’ll see you on the next episode.

Internet Providers Lose Right to Sell Your Privacy (But Facebook & Google Still Can)

,

“There is a basic truth: It is the consumer’s information. It is not the information of the network the consumer hires to deliver that information.” 

These were the words of Tom Wheeler, the chairman of the F.C.C., when it was announced that Federal regulators have approved new broadband privacy rules that require internet service providers like Comcast and Verizon to ask for customers’ permission before using or sharing much of their data. He went on to say that the information used “should be the consumers’ choice, not the choice of some corporate algorithm.”

Privacy groups were, of course, thrilled with the new rules, which move the United States closer to the stricter policies in European nations.  The industries that depend on online user data were not quite as happy, with the Association of National Advertisers labeling the regulations “unprecedented, misguided, counterproductive, and potentially extremely harmful.”

What does all of this really mean for consumers?

• A broadband provider has to ask a customer’s permission before it can tell an advertiser exactly where that customer is by tracking her phone and what interests she has gleaned from the websites she’s visited on it and the apps she’s used.

• Major broadband providers will have about one year to make the changes required by the new rules. After that, users will be notified of new privacy options through email or dialogue boxes on websites.

• The F.C.C. rules apply only to their broadband businesses.

• After the rules are in effect, broadband providers will immediately stop collecting sensitive data, including Social Security numbers and health data, unless a customer gives permission.

• For some less-private data, like names and addresses, there’s a more lenient approach. As with any online service, you should assume that broadband providers can use that information and you should “opt-out” of letting them do so.

• One “down side” to consider is that there is a chance that the removal of ads that allow for free and cheaper web services will result in those prices being passed on to consumers.

• Online ad giants, including Google, Facebook and other web companies, are not subject to the new regulations as the F.C.C. does not have jurisdiction over web companies. So Google does not have to explicitly ask people permission first to gather web-browsing habits, for example.

• AT&T, Verizon and Comcast will also still be able to gather consumers’ digital data, though not as easily as before. They will also still be able to purchase data from brokers.

Jay Stanley, senior policy analyst with the American Civil Liberties Union (ACLU) summed it up pretty clearly:  “Just as telephone companies are not allowed to listen in to our calls or sell information about who we talk to, our internet providers shouldn’t be allowed to monitor our internet usage for profit.”

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Don't Get Hooked By Phishing Scams

,

Common Phishing Scenarios:

“Your account has been suspended” or “We suspect fraudulent activity on your account” or “You’ve won a contest” or “We owe you a refund”

If you’ve ever received an email, voicemail or text with a message like one of the above, you know how visceral your reaction can be. And chances are very high that the message is a fake.

Just as fishing is one of the oldest occupations around, phishing is one of the oldest scams around. Ever since email was invented, thieves have been phishing to get your information by cleverly impersonating a business or an acquaintance. They hope to trick you into giving out your personal information or opening a link or an attachment that downloads malware onto your computer so that they can gain access all of your data.

Even though it’s been around for a while, it still works with alarming regularity. Almost 90% of all corporate data breach is the result of a phishing attack.  The ten companies that are targeted most often by phishers are attacked constantly, sometimes more than 1,000 times per month.  It’s always good to have a refresher of how to prevent getting hooked!

What to look for:

  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but may contain a mismatched URL (may vary in spelling like Annazon.com) or the URL contains a misleading domain name. (.com vs. .net). Use the hover technique to verify legitimacy.
  • Beware if you receive unsolicited (or out of character) phone calls, visits, or email messages often with an urgent request or threatening punitive action if you don’t respond.
  • Think twice if a company that seems legitimate asks you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Remember–legitimate companies don’t ask you to send sensitive information through insecure channels.

How to prevent/avoid phishing (It’s a lot, but every single tip matters!)

  • Never open email from an untrusted source and don’t open unexpected email attachments or instant message download links.
  • Don’t trust links in an email. Right click on the link to make sure it’s valid. Better yet, type in the real website address into a web browser.
  • Never give out personal or financial information upon email request.
  • Look carefully at the web address.
  • Be suspicious of unsolicited phone calls, visits, or email messages.
  • Don’t call company phone numbers in emails or instant messages. Check a reliable source such as a phone book or credit card statement.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic
  • Take advantage of any anti-phishing features offered by your email client and web browser.
  • Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Report phishing email to reportphishing@antiphishing.org

There is also SMiShing (fraud through SMS on your phone), Vishing (fraudulent voice calls) and Spear Phishing (customized email that appears to be from an individual or business that you know). As soon as a new method of communication is invented, I guarantee the fraudsters will be using it, so there will be a new term for that, too!

One of the most profitable steps you can take inside of your organization is training your people to detect phishing scams. They are a hacker’s first and favorite tool to separate you and your data.

Phishing

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

CryptoLocker Alert: A Virus You Need to Understand

Are you prepared for CryptoLocker, the next wave of Internet virus?

CryptoLocker is the next generation of internet virus that is currently circulating all over the world in large numbers. Once a computer becomes infected it will lock all your files plus any network files it has access to, even your server. Once the files are locked it will give you a three day countdown to pay the ransom, usually $100 or $300. If the time expires your files are locked with no option to pay the ransom.

Currently there are only two known methods to remove the infection, restoring your files from a backup or paying the ransom. Please be aware that paying the ransom is not guaranteed to work. We don’t condone paying the ransom as it supports and encourages these cyber criminals.

What makes CryptoLocker exceptionally dangerous is the fact in most cases it can pass right through all Anti-virus protection suites (my go-to IT security firm for matters like this, Sierra Ridge Networks, is working with their anti virus partners to make sure they provide the most current solutions – make sure your tech guys are doing the same.)

How CryptoLocker Generally Invades Your Systems

  • In the form of attachment, usually disguised in an email appearing to come from your bank, insurance company or courier service or scanner.
  • Through Trojan websites, which will ask you to download a piece of software in order to watch video clips or download songs off the internet.
  • Through malicious websites with names similar to popular ones, waiting for you to mis-type the URL and share as if on your favorite website.

Advice for Preventing the CryptoLocker Virus

  1. Never open attachments if you are unsure of the contents, the sender or if your gut says something isn’t right.
  2. Look for clues in the email content. Most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
  3. Misspellings, faulty English, promises of riches, freebies or other bribes are all signs that something is fishy.
  4. Do not click on website links in emails until you have viewed the link location. Do this by hovering over the link, which will display the actual link at the bottom of your email program – if the link and the hyperlinked text don’t match, you’ve got a problem). Instead of clicking the link, you are best to manually type the URL into your browser.
  5. Make sure your anti-virus is updated regularly on EVERY system connected to your network, including mobile devices.
  6. Make sure your backups are current and working and backing up ALL critical data.

If You Get Infected by CryptoLocker

  1. Stop work! TURN OFF YOUR COMPUTER! Shut down your entire network, if possible until help arrives. 
  2. Contact an IT Security specialist. I use Sierra Ridge Networks out of Colorado.
  3. Alert people on your network, as any work completed after infection will be overwritten when the backup is restored.

John Sileo is NOT an IT Security Specialist, but an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Interview with Reputation.com on Business Identity Fraud and Online Reputation

reputationcomDo you want to know how businesses can protect themselves and enhance their online reputations?

Would you like to know the answers to the following questions?  

  • Are businesses adequately protecting themselves online? If not, what more should they be doing?
  • What is business fraud and how does it differ from consumer fraud?
  • What should companies be thinking about when they get involved with social media?
  • What can businesses do to monitor their online reputation?
  • Should companies respond to everything negative said about them online? If not, what should they focus on?
  • Should businesses be paying attention to their employees online? If so, how can they do that in an ethical way?
  • What is the most important advice you would give a new business just starting to develop an online presence?

To learn the answers to these important questions, read the interview I recently did with Reputation.com.

Financial Planners: Give Your Clients Mobile Security this Holiday Season

Santa in summerWrap Up Your Mobile Security this Holiday Season!

Your clients compute almost as much on mobile devices as on desktop computers. They read banking and investment emails on their smartphones, log in to sensitive financial accounts via their iPad and store mission critical data on their laptops. But along with the freedom and efficiency of mobile computing comes a great deal of risk – risk that threatens their net worth. Small devices are easier to lose, simple to steal and are tempting targets for data theft. And to top it all off, your clients protect their mobile devices like mere phones and book readers, instead of the computers they really are.

So, if you are thinking ahead about what to get your best clients for the holidays, we have the answer.   How about a thorough list of privacy prevention practices to get them safely from Black Friday through New Year’s Eve?  Sure beats a reindeer sweater or a fruitcake!

Gather a group of your best clients and treat them to an hour of tried and true practical ideas to safeguard their privacy.  You provide the cookies and eggnog, we will provide the expertise and your clients will appreciate the useful gift!

We will provide simple, actionable tools to protect and enhance the mobile tools your clients use to do business. You will learn how to add value to your clients by helping them:

  • Lock down smartphones and tablets from thieves
  • Track mobile devices if stolen or misplaced
  • Safely use free Wi-Fi hotspots in cafés, airports and hotels
  • Determine which apps are safe and which aren’t
  • Evaluate mobile banking and investment apps

In addition to mobile security, we can customize the speech to cover other holiday hot topics, such as:

  • Protecting your identity from being stolen (think of poor George Bailey) at this busy time of year.
  • Becoming aware of what you unwittingly share on social media sites during the holidays.
  • Preventing your holiday parties at home or at work from becoming sources of data theft.

We’ll tie it all into a holiday theme to keep an edge of humor and the holiday spirit, all while delivering seriously practical ideas to protect your clients.  (Click here for a sample.)

Limited dates available. 

Call us today to secure your date The Sileo Group 303-777-3221

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security, Van Wyk Risk and Financial Management and businesses looking to protect the information that makes them profitable.

 

 

 

 

 

 

 

 

 

 

 

Keeping Grounded When the Surveillance Accusations Start to Fly

, , ,

NSAI’m in the business of encouraging people to keep their guard up.  I’m always telling people to watch for signs of something that doesn’t feel quite right, take precautionary measures, and stay informed.  But even I have to question the tactics some are recommending when it comes to reacting to the NSA PRISM surveillance program leaked by Edward Snowden.  In a previous post on this topic, I said it isn’t a black or white argument, but some people are asking you to make it one.

Best-selling author, technology expert and Columbia Law School professor, Tim Wu, has said that web users have a responsibility to quit Internet companies like Google, Facebook, Apple, Yahoo and Skype if it is indeed verified that they have been collaborating with the NSA.  In fact, Wu bluntly proclaimed, “Quit Facebook and use another search engine. It’s simple.  It’s nice to keep in touch with your friends. But I think if you find out if it’s true that these companies are involved in these surveillance programs you should just quit.”  Wu acknowledged that there is still much to learn about this program and admitted it was no surprise that PRISM exists, saying, “When you have enormous concentrations of data in a few hands, spying becomes very easy.”

Of course, the companies in question vehemently deny such complicit cooperation.  Google CEO Larry Page stated, “any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.  Facebook CEO Mark Zuckerberg said reports of Facebook’s involvement are “outrageous,” adding  “Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers.”  Yahoo’s Ron Bell stated, “The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false.”  Similar statements were issued by from spokespersons for Apple, Microsoft and others accused of complying.

To add fuel to the fire of this debate, top US intelligence officials have stepped forth with their own comments.  US Director of National Intelligence James Clapper asserts the National Security Agency’s PRISM program is “not an undisclosed collection or data mining program” but instead “an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information.”

In addition, claims that the sweeping surveillance programs have prevented multiple attacks keep swelling.  Immediately following the leak, House Intelligence Committee Chairman Mike Rogers cited one attack that he said was thwarted by the program, but would not give specifics.  Since that time, however, there have been dozens of reports of foiled terrorist attempts, from a plot to bomb the New York Stock Exchange to an attack against the New York subway system, that were prevented because of the surveillance.  Army Gen. Keith Alexander, director of the National Security Agency, said more than 50 attacks have been averted.  Alexander also stated that Snowden’s leaks have caused “irreversible and significant damage to this nation” and undermined the U.S. relationship with allies.

No doubt, the debate over the propriety, as well as the effect, of Snowden’s actions will rage on for some time.  There will be others who recommend and take drastic actions, such as quitting the Internet giants, for fear of their safety and/or privacy.  The key is to keep cool, find the facts and then NOT forget. The biggest risk is that our discomfort will be forgotten in a week when the next big topic arises. You can take the reasonable steps of doing your research, acting in calculated moderation and following through on what YOU feel is important.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.

Talking Surveillance Once Again–Know Your Phone Carrier More Precisely

, , ,

phone moneyWhen you log onto the Verizon Precision Market Insights website, the giant catch phrase that jumps out at you in bold red letters is:

“Know your audience more precisely.

Drive your business more effectively.”

Verizon is pulling no punches when it comes to letting advertisers know that they have valuable data- OUR data- and they’re willing to share it.  For a price of course.  Phone carriers, who see a continued decline in contract subscriber growth and voice calls, are hoping to generate new sources of revenue by selling the data they collect about us.  They already collect information about user location and Web surfing and application use (which informs them about such things as travels, interests and demographics) to adjust their networks to handle traffic better.  Now they have begun to sell this data.

Note: Verizon customers can OPT-OUT of this data sharing by logging into their accounts online and following the opt-out instructions. I recommend that you do so immediately.

Instead of seeing themselves just as providers of valuable services to their customers by providing a means of communication, carriers now see the potential profit beyond the service.  Businesses such as malls, stadiums and billboard owners can gather information about the activities and backgrounds of cellphone users in particular locations.  For example, Verizon’s data service is being used by the Phoenix Suns to map where people attending its games live “in order to increase advertising in areas that haven’t met expectations”, according to Scott Horowitz, a team vice president.

In Verizon’s own words, their analytics platforms allows companies to:

  • Understand the demographic, geographic and psychographic makeup of (their) target audience.
  • Isolate where consumer groups work and live, the traffic patterns of a target audience and demographic information about
what groups visit particular locations.
  • Learn what mobile content (their) target audience is most likely to consume so (they) can cross-sell and up-sell more easily.

The program does not include information from Verizon’s government or corporate clients and individuals do have the right to opt out on Verizon’s website.  Some European companies have launched similar programs and Jeff Weber of AT&T says they are studying ways to analyze and sell customer data while giving users a way to opt out, but at this point they do not have a similar product.

Carriers do acknowledge the privacy issues related to such data surveillance and companies say they don’t sell data about individuals but rather about groups of people. But Chris Soghoian, a privacy specialist at the American Civil Liberties Union, is worried according to an article in the Wall Street Journal.  In it, he says “the ability to profit from customer data could give wireless carriers an incentive to track customers more precisely than connecting calls requires and to store even more of their Web browsing history. That could broaden the range of data about individuals’ habits and movements that law enforcement could subpoena.  It’s the collection that’s the scary part, not the business use.”

In other words, it’s about more than well-meaning companies collecting our data; it’s that their company databases are vulnerable to attacks by hackers, competitors and foreign governments. And when a breach happens, it’s our data that goes missing.

John Sileo is a keynote privacy speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable. Watch John on 60 Minutes, Anderson Cooper and Fox Business.

Summer School for Parents: Protecting Your Kids' Social Media Privacy

, ,

girls phones summerSchool is out for the summer and the tasks that often fall upon the shoulders of your local schools are now sitting squarely on yours.   In addition to making sure your kids practice their math facts, read regularly and get plenty of exercise, you’ll want to watch out for how they spend their free time when it comes to using Facebook, Tumblr, Instagram, Twitter, YouTube and other sites that can expose their social media privacy.

Social Media refers to web-based and mobile applications that allow individuals and organizations to create, engage, and share new user-generated or existing content in digital environments through multi-way communication.  Okay, that’s too technical. Social media is the use of Internet tools to communicate with a broader group. Some of the most common examples are listed above.  If you have elementary aged children, they may use more secure, school-controlled forms such as Schoology, Edmodo or Club Penguin, but if your kids are older, I can almost guarantee they’re into Social Media sites whether you know if or not.

Statistics show that 73% of online adolescents visit social networking sites daily and two billion video clips are watched daily on YouTube.  The American Academy of Pediatrics recently conducted a study that found that 22 percent of teenagers log onto their favorite social media sites more than 10 times a day, and that 75 percent own cell phones.

So, how do you battle such a time-consuming, captivating influence over your children?  You don’t, because you won’t win!  Instead you look at social media privacy best practices that schools implement and do the same at home.

  • Expect the Internet to be used appropriately and responsibly and set agreements and consequences with your children if it is not.  The Family Online Safety Institute can guide your discussion and even provide a contract.
  • Expand your typical discussions about strangers to include social media
    • Don’t accept unknown friend requests
    • Don’t give out personal info – specifically: last name, phone number, address, birthdate, pictures, password, location
  • Warn kids about the dangers of clicking on pop-up ads or links with tempting offers, fun contests, or interesting questionnaires, even if they’re sent from a friend.  They may really want that free iPad being offered, but chances are it’s just a way for someone to glean their personal information.
  • Monitor the information your kids give out and their use of sites; let your children know they should have no expectation of privacy.  (Make that part of your contract.)  You can also install filtering software to monitor their social media use and even their cell phones.  A few popular ones are Net Nanny and PureSight PC to help keep your child safe online and My Mobile Watchdog to help with monitoring their cell phones.
  • Check your privacy settings for all Internet sites and make sure they are set to the strictest levels.
  • Remind your child that once it’s published, social media is public, permanent, and exploitable forever- even when “deleted”
  • If your children are not 13, keep them off of Facebook since that is their stated age limit. There are plenty of reasons, not the least of which involves the emotional repercussions of being “unfriended” or cyber bullied.  When they are ready, have your children read and study the actual Facebook user agreement and privacy policy and discuss it with them.
  • Set limits on social networking time and cell phone time, just as you would for TV hours. Many families limit total screen time, which includes everything from computers, iPads, smartphones, and video games to our old fashioned notion of television.
  • Be a good example yourself.  Monitor your own amount of time spent online and seek to find a balance of activities. When you are on you iPhone at dinner, you are letting your kids know that this is acceptable behavior.
  • Monitor your child’s activities and try to stay educated about the latest platforms!

Social Media can be a positive way for kids to continue to develop friendships while they’re home for the summer and to feel like they’re connected to a community that matters more to them than anything.  But there are risks that come with it and it’s your job as a parent to protect them from those risks just as surely as you keep them from taking candy from a stranger

Social networking has an addictive component because dopamine (a natural feel-good drug produced by the body) is released anytime we talk about ourselves. And what is social networking if not a constant exposé of what is happening in our lives? Just make sure you know what is happening in your child’s life, even in the more relaxed months of summer.

John Sileo is an online privacy expert and professional speaker on social media privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.