Here’s a late night infomercial for you: How’s that burger flipping going? That cubicle working out? Anyway, I’m sure your boss is such a nice guy. Guess what! If you’re interested in a career in criminal hacking, you don’t even need a computer! This (scary) special, one-time offer comes to you right now from the Internet! Get your credit card ready!

Yes people, this is no joke. Everything you, ‘the average person,’ need to conduct cybercrime can now be purchased online—for example, you can get access to your spouse, neighbors or bosses emails, conduct research, create malware, execute an attack—all of it! Today’s cybercriminals don’t need great technical expertise, or even need to own a computer. Everything can be available for a price.

I often hear people say, “If criminals just used their skills for good, think of how much money they could make and how much better the world would be.” The sad fact is that the bad guys can make in one day what the good guys make in a year.

In a new report called “Cybercrime Exposed,” Raj Samani, vice president and CTO of McAfee, exposes the shift that has taken place with cybercrime easily getting in the hands of everyday people. Here’s a quick snapshot of the report:

The growth of the cybercrime “as-a-service” business model allows cybercriminals to execute attacks at considerably less expense and easily assessible tools now more than ever before.

From renting services to buying email lists for a small sum, the types of exploits that are now available with a click of the button are shocking.

The four categories of cybercrime as a service are:

Research-as-a-Service—One of the primary items research is used for is discovering and identifying vulnerabilities in software or operating systems. The sale of this information can be used for bad or good, so this is why this is considered a gray market. It becomes a cybercrime when these vulnerabilities are sold on the black market so cybercriminals can use the “holes” to exploit users.

Crimeware-as-a-Service—This is what you’d expect to find for sale in the black market. It involves the sale of online tools, or development of tools that can be used by the bad guys to carry out a cybercrime attack.
Also it includes the sale of hardware that may be used for financial fraud (for example, credit card skimming) or equipment used to hack into systems.

Cybercrime Infrastructure-as-a-Service—Once the toolset has been developed, cybercriminals are faced with the challenge of delivering their exploits to their intended victims. An example of this service is the rental of a network of computers controlled by a hacker (known as a botnet) to carry out a denial-of-service (DoS) attack. What is DoS? That’s where the criminal floods a target website with large amounts of traffic so users can’t access the site).

Hacking-as-a-Service—Getting a hold of the individual components* of an attack remains one option; but there are services that allow a criminal to outsource everything about the attack.

This path requires minimal technical expertise, although it is likely to cost more than acquiring individual components and is often used by criminals wanting to obtain information such as bank credentials, credit card data, and login details to particular websites.

While the news is grim, the solutions are not. Here’s what you can do to protect yourself from the bad guys (or your neighbor):

• For starters, use comprehensive security on all your Internet connected devices, like McAfee^® LiveSafe^™, that includes antivirus, anti-phishing, anti-spyware  and anti-spam, and a firewall
• Keep your browser and your devices’ operating systems updated to make sure you receive critical security patches
• Beware of any emails that might contain infected links
• Secure your wireless connection by using encryption

And if you do decide to go into the business of being a criminal, make sure you have money in reserves for a lawyer because law enforcement and companies like McAfee are relentless in the pursuit of criminal groups or networks who steal your money, your information, or your identity and of those who engage in online abuse of children.

*Each cybercrime attack consists of a variety of components, such as getting a hold of usernames, email addresses, passwords, sending a phishing email, finding the mobile number, determining someone’s Operating System identification, etc.

Robert Siciliano is an Online Security Evangelist to McAfee. 

Honesty is the best policy, right? I’ve spent my life being honest, and do you know what is the most important lesson I’ve learned is? The truth hurts. And when you (meaning me too) says it like it is, someone somewhere isn’t going to like it. So I’m being honest here: The identity theft protection services offering a $1 million identity theft insurance policy is baloney.

OK, I have no friends now…at least in those who provide identity theft insurance. I still like you, though.

Here’s some perspective: I just looked at my automobile insurance policy. It provides $300,000 if I drive over someone, mangle the person and leave him or her a paraplegic. But identity theft insurance provides more than three times that? Why? Why would they offer $1 million in insurance? Seems out of whack.

When identity theft protection was born, the one company that was first to market offered the $1 million insurance guarantee as an incentive (think creative marketing) to buy its service. It worked—lots of people bought. Bravo! However, the way the company marketed the $1 million insurance guarantee made it sound like you’d actually get a million dollars if your identity got stolen. I think someone got in trouble for that, and I think the government told the company the language had to be toned down.

So from that point on, all the other new kids on the block had to offer the same million-dollar guarantee in order to keep up with the Joneses. At one point, one of the identity theft protection startups even sent out a press release offering a $2 million guarantee. Which to me was comical, because it was obvious what the startup was doing…and it was, frankly, sad.

Now I’m not saying the $1 million insurance guarantee is useless, because it does provide value. Certainly there are costs associated with the cleanup and restoration of a stolen identity, and the way the services now read in the fine print is that they will spend up to a million dollars to fix your problem, which essentially is a good thing. In some cases the costs might revolve around lost wages, criminal prosecutions, lawyers (and you know how expensive they are…I do), etc. But how much might it cost to fix a stolen identity? Maybe five, 10, 15 grand? Maybe 50k? The court cases you see on TV that involve someone shooting and killing someone might cost the defendants a half million dollars. So…a million? It’s marketing.

So don’t base the identity theft protection on the $1 million insurance guarantee. Base it on all the ways in which they seek out your data in the wild and what they’ll do to make sure you are made whole in the event of a breach.

So it’s official: I have no friends left. I really need to start lying more. Sorry, guys.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. 

Just about anything wireless is hackable today. Everything—from PCs to mobiles to tablets to home automation devices to pacemakers to insulin dispensers and even cars—are hackable.

And now “smart” toilets.

CNET reports, “[Smart] toilets can be controlled using an Android app, but the Bluetooth PIN is hard-coded to ‘0000.’ Just knowing that code number means the awesome power of the Satis (toilet) could fall into evil hands. All a hacker would have to do is download the My Satis app, get in range, pair it to the toilet using the code and flush away.”

Scary!

As we rely more and more on wireless communication, it is important to keep your wireless devices secure from hackers bent on flushing your data out. (That was bad.) Anyway…

• Be smart about what kind of data you transmit on a public wireless connection. Limit your transmission of critical data and use secure sites, ones where “HTTPS” appears in the address bar. These sites have additional encryption built in.
• Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s no data on either device that would compromise my identity or financial security.
• Turn off WiFi and Bluetooth on your mobile when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.
• Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is being used as bait.
• Beware of evil twins. Anyone can set up a router to say “T-Mobile” “AT&T Wireless” or “Wayport.” These connections may appear legitimate but are often traps set to ensnare anyone who connects to it.
• Keep your mobile security software and operating system updated. Make sure your security software is automatically updated and your operating system’s critical security patches are up to date.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

When traveling on business or for pleasure, seeking out a reliable WiFi connection is usually a priority for most travelers. While mobile 3G/4G connections satisfy some, the speed of WiFi for laptops or uploading/downloading larger files doesn’t compare.

NBC news reports, “More and more hotels are stepping up and offering guests free WiFi, but security experts say some thieves are using the popular service to steal guests’ sensitive information, and they’re doing it by tricking people into using a fake free WiFi connection.

“A cyber thief creates a dummy WiFi connection using a mobile hot spot, and will give it a generic name to resemble a hotel’s actual WiFi connection, such as ‘Free Hotel WiFi.’ If a guest connects [his or her] laptop to the dummy WiFi, the thief gains access to all of the guest’s browsing activity, and will often times use a key-logger program to capture username and password information.”

This is called an evil twin: Anyone can set up a router to say “T-Mobile” “AT&T Wireless” or “Wayport.” These connections may appear legitimate but are often traps set to ensnare anyone who connects to it.

Wireless users who connect to an evil twin risk their data being scraped by a criminal who captures all of their unencrypted communications that are going through his wireless router. Each and every wireless data packet is sniffed and captured by a software program that will later piece together all the information in order to steal identities. Unsecured, unprotected and unencrypted communications over an evil twin on any publicly connected WiFi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers.

On wireless connections that aren’t properly secured, your best line of defense is to use virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is free and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Business or commercial identity theft happens when thieves use an existing business’ name to get credit, or they may bill a business’ clients for products and services. Sometimes the Social Security number of a company’s officer or another representative is required to commit business identity theft.

A big problem is that identifiers, such as federal IDs or employer identification numbers, are readily available in public records, dumpsters, or internally at banks and other creditors—which makes the ease of access to these numerical identifiers a catalyst for business identity theft. Business identity theft perpetrators are often former employees or current employees with direct access to the books and other forms of financial documentation. These schemers have ample opportunity to pad the books in favor of fraud.

Business identity theft victims don’t usually find out about the crime until big-time losses accumulate, or an audit occurs and someone discovers discrepancies on the books. Because of the hidden nature of the transactions, businesses can lose vast amounts of money. Business identity theft can remain undetected for years.

How can you protect yourself from business or commercial identity theft?

• Inside job: Business identity theft, or commercial identity theft, is an inside job. Employees often have access to documents that include owners’ and board members’ Social Security numbers, as well as the business’ tax ID number.
• Need-to-know basis: This information must only be accessed on a need-to-know basis by employees with proper credentialing. Even then, be suspect. It is imperative that this information stays secure.
• Checks and balances: Organizations should put a check-and-balance system into place, ensuring that for every employee who has access to company accounts, there are two employees—preferably upper management—who are assigned to make sure the books are balanced, that no money is missing, and that financial statements are double-checked for inaccuracies.
• Forensic accountants on retainer: In some instances, it is necessary to contract with forensic accountants or examiners to pay close attention to a business’ books and work to put monitoring systems in place.
• Identity theft protection: Identity theft protection can be a helpful tool to keep officers or owners informed of potential illicit activities, because a Social Security number is often required to open accounts under a business’ name.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. 

Do identity protection service really work? How effective are their scanning/monitoring methods? Can they truly protect consumers? The answers may vary. Identity theft protection is designed to protect you from new lines of credit being opened in your name—and along with the recovery/restoration component, it’s designed to clean up the mess.

It’s safe to say I’m an expert on identity theft protection. But honestly, sometimes I get confused by what different companies offer for identity theft protection. Sometimes their marketing copy is confusing and often misleading. There has always been a lack of transparency when it comes to identity theft protection.

Identity protection should be transparent. If you are spending 10 or more bucks a month, you want to know what you are getting.

• Monitoring of credit bureaus: Monitoring may consist of one to three credit bureaus. So when a credit check is made, you are notified.
• Monitoring of Social Security numbers (SSN) via credit applications: Some services have technology that is in place with major creditors and phone companies, and this technology looks for your SSN and alerts you when it’s in use by anyone, including you.
• Monitoring of the internet: There are chatrooms and forums filled with criminals who broker our stolen data. There are websites that store our information. If your sensitive data shows up, you are notified.
• Medical identity theft protection: Some companies say they will help protect you from medical identity theft. I’m not sure how, but maybe they have relationships with the Medical Information Bureau.
• Recovery: When you read the fine print, it usually says the company will only help you recover from identity theft when the service’s product fails to provide the protection you bought. However, most protection services will at least walk you by the hand or point you in a direction to solve your issues. They don’t usually leave you stranded.
• Lost wallet protection: With this, you can register your credit cards with the service so in the event your wallet goes missing, one call to the service will shut them all down and reorder new cards.
• Credit card protection: Identity theft protection can’t protect your credit cards. Your bank might offer a service that involves a form of “zero liability” in the event your card is compromised.
• Bank account protection: Identity theft protection can’t protect your bank account, but their recovery services may help you in the event you are hacked.
• Service guarantee: Many offer a million-dollar service guarantee or something comparable. The point of this guarantee is to let you know the service will spend up to that dollar amount to fix your problem. In reality, it shouldn’t take more than a few dozen phone calls by a professional and maybe the services of a lawyer to make identity theft go away.

These services know what they are doing. It’s their life. And we at BestIDTheftCompanys.com know what we are doing, so check out how we disseminate what’s what—and decide for yourself.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

It’s pretty simple: Your mobile’s global positioning system (GPS) functionality allows location-based services to locate and publish information about your whereabouts on various applications and within the code of photos posted online. Various applications allow you to “check in” using your mobile and share your whereabouts with the world. These applications tap into your device’s GPS longitude and latitude data.

GPS certainly can be useful, such as with directions or when trying to find a local restaurant, but letting the world know where you are and where you aren’t every minute of the day is a little insane to me.

For example, when your location is broadcast on social networks, anyone can see it. An example is when you check into a hotel while on vacation. Thieves can see you’re not home, do an online search for your home address and burgle your house. Not cool.

Adults, teens and some kids use these services to meet up, but what could happen if your child’s exact location fell into the wrong hands? Parents now have to be particularly vigilant if their children use location-based services.

Freaky stalkers use GPS to track their victims. A stalker may not necessarily be a stranger but instead a family member, ex-boyfriend or ex-girlfriend using his or her personal access to manually turn on GPS tracking.

Always be aware of an application’s policy and access permissions. GPS data is also used in geotagging, which tracks exactly where photos and videos are taken by including data in the image file that records locations.

Many of us are unaware of this tracking feature, even though sharing images online has become immensely popular. Websites such as Facebook, Instagram, Flickr and YouTube are filled with pictures and videos that include location information. Always keep in mind this is personal information that you may be sharing inadvertently.

By using a VPN (virtual private network) appsuch as Hotspot Shield VPN, your mobile’s IP address is masked; this confuses some of the functionality in geotagging. So if you’re going to go without it, think before you turn on GPS and start snapping pictures to post.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.Disclosures. For Robert’s FREE ebook text- SECURE Your@emailaddress -to 411247.