December 26, 2011

Latest Security Threat: Cupcake!

Picture from ABC News.
The TSA recently confiscated a red velvet cupcake as a security threat (pictured right)...A cupcake, really?

I view a cupcake more of a threat to my waistline, than a security threat to a domestic flight.

According to the news story, a woman brought 2 cupcakes with her on her flight from Logan Airport to Las Vegas with no problem. After eating one of the cupcakes, she decided to save the other one for the return flight. Unfortunately, this plan did not pan out so well. TSA at Logan Airport let it through, but those tough TSA agents at Las Vegas Airport are more up to date on the latest terrorist tactics and confiscated the darn thing.

The reasoning for the confiscation was the frosting was too gel-like, so it violated their security procedures.

According to the TSA website at  "All liquids, gels and aerosols must be in 3.4 ounce (100ml) or smaller containers...All liquids, gels and aerosols must be placed in a single, quart-size, zip-top, clear plastic bag...Please keep in mind that these rules were developed after extensive research and understanding of current threats."

So, due to the icing not being in a tube inside of a plastic zip-lock bag (which makes all the difference in making us secure), it violated their security procedures?

According to the TSA spokesperson, James Fotenos, "In general, cakes and pies are allowed in carry-on luggage."

Oh! So why did it get confiscated?

The bottom line: the TSA agent that confiscated the cupcake was getting too caught up in the legality of his procedures. instead of looking at the intent of the procedure.

You cannot have security just to have security. Security needs an overall driving purpose, otherwise you're just wasting time and money. Each security rule and piece of equipment needs to have a purpose besides, it will make us more secure! It needs to answer the five Ws and H: Who, What, When, Where, Why, and How.

Examples: What assets are we protecting? Why are we protecting these assets? Who are we protecting it from? 

When confronted with an incident that does not neatly conform to the rules, the agent should have asked, "does this meet the intent of what we're trying to do?" Does not letting this frosted cupcake through make us any more safe?

TSA needs to train their agents to look past the legalistic aspect of their procedures, and look more at the intent. This would help in bringing about some much needed common sense.

Story link: http://gma.yahoo.com/blogs/abc-blogs/security-theater-tsa-confiscates-womans-frosted-cupcake-161059325.html
Enhanced by Zemanta

December 23, 2011

Phone Scam Targeting Hotel Guests

Recently the Better Business Bureau (BBB) released a warning about a phone scam targeting hotel guests. Scammers are portraying hotel employees in an attempt to trick hotel guests into divulging their credit card and other personal information.
How it works.
In the middle of the night your hotel room phone rings. Groggily you answer to hear the caller identify him/herself as a hotel employee that needs your credit card number because:
-       The hotel encountered a problem processing your credit card and they need to verify your number,
-       The hotel’s computer system crashed and they need to obtain your credit card information again, or
-       They hotel’s system crashed and your credit card information is required for an audit.
Any of these scenarios seem legit. The caller is very professional and courteous, apologizing profusely for the inconvenience. For your troubles they offer you a discount on the room.
Typically hotels handle billing issues in person at the front desk, not over the phone, and certainly not over the phone in the middle of the night. If there are issues with your credit card, the hotel will wait until you're awake and would ask you to come to the front desk (again, not over the phone in the middle of the night!).
The BBB recommended the following tips in not becoming a victim of this scam.
-       If you receive this call, hang up and call or walk to the front desk yourself. Another option is to inform the person you’ll talk to the front desk about the issue in the morning.
-       Never give out your credit card or banking information over the phone.
-       Remind friends and family not to provide credit card information over the phone.
I would also recommend you check with your credit card company later to ensure no fraudulent charges were made, just to ensure the scammers did not obtain your information some other way.
“BBB Warns of Phone Scam Aimed at Hotel Guests” (20 Dec 2011). Retrieved from http://www.bbb.org/us/article/BBB-Warns-of-Phone-Scam-Aimed-at-Hotel-Guests-31504 (accessed 22 December 2011).
Enhanced by Zemanta

Identity Theft Part IV: Additional protection measures

Image from
George G. Nathan Law Offices
Identity Theft Lawyer

The last post in our four part Identity Theft series. In the previous three parts, we looked at security tips to prevent identity thieves from getting your personal information through the mail, trash, and computer. In this fourth installment we will look at additional preventative steps you can take to keep your identity safe.



Only carry the minimal amount
of credit cards on you.
Identification/Credit cards. Do not personally carry  on you more identification and credit cards than you need on a daily basis. You don’t need your Social Security card every day, so stop carrying it on you. If your wallet should be stolen, this will be one less piece of information the thief will have. Make copies of the credit cards you carry on you and keep in a secure location. Should these items come up missing, you have the phone number and card information to immediately report it missing. The sooner you report it, the better!
Don’t disclose. Before divulging your Social Security number or other sensitive information, ask the company why they need it, and then verify. When I go to a new doctor’s office, they typically tell me they need my social security number because the insurance company requires it for verification purposes when submitting a claim on my behalf. After receiving this line, I usually call the insurance company from my cell phone in the waiting area to ask them if they require the doctor office to submit my social security number for a claim. Thus far, the answer always comes back as “NO”. Then I politely ask my insurance company to inform my doctor’s office of this policy.
Monitor.
Review monthly statements. Review your credit card and bank statements closely, not necessarily to track how much you spent, but to catch any unauthorized charges (regardless of how small it is). The earlier you catch’em, the easier it is to clean it up.
Freeze your credit report. This primarily locks your credit file, so others cannot access your
credit history or score to open new accounts or lines of credit.  You can “temporarily lift the freeze” by calling the credit bureau and proving your unique PIN. Granted it provides an additional step and a little inconvenient when you’re applying for a line of credit, but it offers a layer of protection against fraud. This is cheaper than those fancy credit monitoring services, and for the most part, achieves the same desired effect.
Order your credit reports for FREE. All Americans are entitled annually to a free copy of their credit report from the three major credit bureaus. According to the Federal Trade Commission, “anyone can write a catchy jingle, but only AnnualCreditReport.com provides you with a truly free credit report. AnnualCreditReport.com requires no hidden fees or trial memberships.”[i] Don’t buy into the corny commercials with the catchy jingles, use https://www.annualcreditreport.com/cra/index.jsp. This is the only authorized site to provide you your free annual credit report from the three major credit bureaus. Recommend that you only access one every four months, so you can monitor your credit throughout the year for FREE! Free can be good.

For those that insist on a little ditty to convince you to go to AnnualCreditReport.com instead of the other guys, here you go!


For more information about identity theft, visit the US Federal Trade Commission’s “Fighting Back Against Identity Theft” website at http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html or http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm
To test your identity security savvy, take the Better Business Bureau (BBB) Identity Fraud Safety Quiz at http://www.bbbonline.org/idtheft/safetyQuiz/.
Identity Theft Series Post:
Identity Theft Part I: Through the mail
Identity Theft Part II: Through the trash
Identity Theft Part III: Through the computer

[i] “Free Annual Credit Reports:AnnualCreditReport.com is the only authorized source” Federal Trade Commission.  Retrieved from http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml (accessed December 16, 2011).
Enhanced by Zemanta

December 22, 2011

Identity Theft Part III: Through the computer


Image from
George G. Nathan Law Offices
Identity Theft Lawyer
Part three of our four part Identity Theft series looks at preventing identity thieves from getting your personal information through the computer. The first two parts of this series looked at protecting yourself from identity theft through your mail and trash. 
Disclaimer: I am not a computer security person so I don’t know all the technical computer mumbo/jumbo; however, as a security person that works closely with their IT gurus, I am aware of the basic user security practices that we should follow.

Computer/Internet
More and more the internet is becoming a lucrative environment for identity thieves to find information.
The US Computer Emergency Readiness Team (US-CERT) recommends the following[i]:
-   Maintain antivirus software and a firewall. These are essential elements for any PC! There are several good free programs(i.e., AVG, MalwareBytes), as well as the main standards (i.e., Norton, McAfee).[ii]

-   Scan your computer regularly for spyware. Better yet, program your computer to automatically scan.

-   Install software updates (especially, operating system, browser and anti-virus updates). Companies routinely issue software updates to patch glitches that are exploitable by hackers. If you have Windows, you can visit http://update.microsoft.com

-   Consider creating separate user accounts on the computer. Have a guest account with no administrative privileges for surfing the internet.

-   Use unique, strong passwords on all your accounts. Using common security passwords like “password,” “passw0rd,” “123456,” “monkey,” “football,” or any other password listed on the 25 Worst Passwords for 2011 is not going to cut the proverbial mustard. Use a combination of letters (uppercase and lowercase), numbers, and when possible, special characters.  

-   Encrypt sensitive files. By encrypting your files and making it difficult for unwanted people to access your sensitive information, you’re decreasing the risk of your information being compromised. Using an encrypted drive in lieu of software is easy and convenient. PC World has an article about encrypted drives at http://www.pcworld.com/article/158775/encrypted_drives_keep_your_files_safe.html. The University of Minnesota provides a good write up at http://www.oit.umn.edu/security/topics/encrypting-data/index.htm.  

-   Properly dispose of files containing sensitive information. Deleting a file does not completely erase all the information (it just makes it a little harder to find).  The US-CERT provides a nice write up on how you can properly erase old files in “Effectively Erasing Files.”
 
Other security tips.
 
Don’t post your sensitive information on social networks. I know this advice seems simple, but many don’t follow it. Right now there are many social network profiles that contain phone numbers, addresses, mother’s maiden names and more for public viewing. This information could easily be used by somebody to social engineer their way into important accounts (but that is a future post!). Some think they’re safe, because they have their security settings set fairly high, but remember, Facebook sets the profiles to “default” settings when they do updates. That default setting is not very secure!
Avoid downloading peer-to-peer (P2P) file-sharing networks. Not only will it get you in trouble with copyright infringements, P2P networks are notorious for harboring viruses, spyware or other unwanted bugs. Additionally, the premise of P2P is it is file sharing. “Many P2P applications automatically share files back onto the network to increase the amount of files on the network available to its users. This data often is set to come from your ‘Documents’ folder where your personal information may also [be] stored. With this information available for others to see and access, it is possible someone could use this information to steal your identity.”[iii] More about P2P is available at http://www.afact.org.au/assets/research/AFACT_p2pfactsheet_RGB_2.pdf.
Related posts:
Identity Theft Part I: Through the mail
Identity Theft Part II: Through the trash
Identity Theft Part IV: Additional protection measures

[i] Mindi McDowell (2006) “National Cyber Alert System Cyber Security Tip ST06-008: Safeguarding Your Data” U.S. Computer Emergency Readiness Team. Retrieved from http://www.us-cert.gov/cas/tips/ST06-008.html (accessed December 19, 2011).
[ii] Jeremy Gin (February 24, 2011). “5 Easy Ways to Protect Your Identity Online.” Second Nature: The Cyber Security Blog. Retrieved from http://www.staysafeonline.org/blog/5-easy-ways-protect-your-identity-online (accessed December 22, 2011).
[iii] “P2P File Sharing: What’s illegal, what’s at risk, and how to stay safe.” Australian Federation Against Copyright Theft (AFACT). Retrieved from http://www.afact.org.au/assets/research/AFACT_p2pfactsheet_RGB_2.pdf (accessed December 22, 2011).

December 20, 2011

Identity Theft Part II: Through the Trash

Image from
George G. Nathan Law Offices
Identity Theft Lawyer
Part two of our four part Identity Theft series looks at preventing identity thieves from getting your personal information through the trash.


“Identity theft is a serious crime. People whose identities have been stolen can spend months or years – and thousands of dollars – cleaning up the mess the thieves have made of a good name and credit record. In the meantime, victims of identity theft may lose job opportunities, be refused loans for education, housing, or cars, and even get arrested for crimes they didn’t commit.”[i]

Trash.
Image from blog Chars Recipes
The old cliché goes, “One man’s trash is another man’s treasure.” Identity thieves use a practice known as dumpster diving to discover sensitive information to steal another identity. What are they looking for?[ii]
-       Expired credit and debit cards
-       Credit and debit card receipts
-       Unused checks
-       Canceled checks
-       Credit card statements
-       Pre-approved credit card offers and applications
-       Checking and savings account statements
-       Investment statements.
-       Utility and medical bills.
-       Insurance policy and claim information
-       Paycheck stubs.
-       Tax returns and statements.
-       Expired identification documents (i.e. driver’s license, passport)

“Once you put your garbage [or recycling bin] out on the street for trash pickup, it usually becomes open to the public…”[iii] Most identity thieves find more than enough confidential information in the trash to keep them busy for many months, and it was obtained legally. What precious jewels are you giving away for free through your trash?
Image from
 Just Another New Blog's
Fellowes P-8C Paper Shredder: Review
Fortunately, there is a simple solution to prevent identity theft through trash. Shred before you discard. Buy a shredder and shred any documents that contain personal sensitive information (i.e. account numbers, social security number). Examples of items you should shred are insurance forms, expired credit cards, bank receipts, any administrative type forms and bills. [UPDATE: Read our shredder review post]
The confetti style or cross cut style shredders provide more protection than any strip cut shredder. The smaller the shredding, the better! A consumer guide is available at http://products.howstuffworks.com/paper-shredder-reviews.htm.
Related posts:
Identity Theft Part I: Through the mail
Identity Theft Part III: Through the computer
Identity Theft Part IV: Additional protection measures

[i] (2006) “Take Charge: Fighting Back Against Identity Theft” Federal Trade Commission. Retrieved from http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf (accessed December 19, 2011)
[ii] “Shredder” www.identitytheft.info. Retrieved from http://www.identitytheft.info/shredding.aspx (accessed December 19, 2011)
[iii] Jim Stickley (2008) “Identity theft: Your trash, their treasure” MSNBC Today Show. Retrieved from http://today.msnbc.msn.com/id/27011491/ns/today-books/t/identity-theft-your-trash-their-treasure/ (accessed December 19, 2011)

December 19, 2011

Identity Theft Part I: Through the mail

Image from
George G. Nathan Law Offices
Identity Theft Lawyer
Identity Theft is one of the fastest growing crimes that can have lasting devastating effects on the person whose identity was stolen. “It can occur when a criminal steals personal identifying information such as name, birth date, Social Security number or your mother’s maiden name and uses it for their own gain.”[i] The three main locations identity thieves obtain your sensitive information is from 1) mail, 2) trash, and 3) computer/Internet. In a four-part series, Security Checks will look at ways to minimize your risk of becoming a victim of identity theft. This post will look at how identity thieves steal your information through the mail.
Mail. Lots of sensitive information comes through our mail, like bank statements, and credit card offers, which explains why mail makes a lucrative target to an identity thief. Most identity theft starts with stolen mail. Identity thieves shift through mail looking for:
- Identifying numbers, such as Social Security Number, bank account number, medical account identification numbers.
- Passwords: Banking account online access password, computer passwords.
- Names: Mother’s maiden name
- Mailing addresses (current and past addresses)
- Personal checks you wrote to pay bills – they will alter the checks and cash them
- Credit cards – they’re usually fairly successful in using the 800 number to activate new cards.[ii]
Opt out of pre-screening credit offers at https://www.optoutprescreen.com/?rf=t to reduce the amount of mail with your sensitive information. It is a simple process that only takes a couple of minutes. OptOutPrescreen.com is the official Consumer Credit Reporting Industry website to accept and process requests from consumers to Opt-in or out of firm offers of credit or insurance. While it will not totally stop all pre-approved offers, it will significantly reduce the amount coming into your mailbox.
If available, opt to have electronic statements in lieu of paper copies mailed to you. Many banks and credit cards provide this option, some even offer an incentive to go this route. Again, reducing the overall volume of mail with your sensitive personal information on it, reduces your risk.
Don’t place outgoing mail in your mailbox. Instead drop it off at an official Postal Service collection box or directly at the Post Office.
Don’t go with the traditional mailbox; get a mailbox that locks. Once the mail carrier drops off your mail in the mailbox, what is keeping it secure until you pick it up? Better yet, go with a P.O. Box if you can.
If you’re going on vacation, notify the Post Office to hold your mail. For the U.S. Post Office, you can call 1-800-275-8777 or go online to https://holdmail.usps.com/holdmail/.
If you noticed your mail was stolen, report it immediately to the police.
Related posts:
Identity Theft Part II: Through the trash
Identity Theft Part III: Through the computer
Identity Theft Part IV: Additional protection measures

[i] “Identity Theft Prevention” Seattle Police Department. Retrieved from http://www.seattle.gov/police/prevention/theft/id_theft.htm (accessed December 19, 2011)
[ii] “How a Mail Thief Operates” Montclair Safety and Improvement Council. Retrieved from  http://montclairsic.org/howthievesoperate.htm (accessed December 19, 2011)

December 16, 2011

Home Security

According to the FBI’s Uniform Crime Reporting (UCR) for 2010, there were over two million burglaries in the United States. Burglary is defined as “the unlawful entry of a structure to commit a felony or theft…Burglaries of residential properties accounted for 73.9 percent of all burglary offenses.”[i] While it is nearly impossible to completely protect your home from a bound and determined burglar, there are ways to reduce your risks of a home invasion. Most crimes committed are a crime of opportunity, so by reducing the opportunity, you decrease the likelihood of your home being a target. This posting provides some tips in helping you keep your home secure.

Exterior Doors. Most home invasions gain entry through the door. Ensure the door and doorframe are sturdy and made of solid material (i.e. wood, metal). If you opt for a wood door go for hardwood like oak, instead of softwood like pine. The City of Tacoma recommends “reinforc[ing] the door frame by filling empty space between the door jamb and 2x4 stud with solid piece of wood and shims. This will prevent a thief from pushing or prying back the doorframe.”[ii] Use all-metal deadbolts locks that go at least one inch into the door frame. Strengthen the door lock by replacing the strike plate, which is the mounted metal plate in the door jamb the lock bolt slides into.[iii] Remember, even the most expensive, secure lock won’t work if you don’t use it. Lock your door! “30 to 50% of home and apartment burglaries happen because someone didn’t lock a door…”[iv] If your home still has the same locks from the contractor or previous owner, you may want to replace the locks. This reduces the likelihood of extra keys to your home being around. Use security hinge pins on the hinges; otherwise, the thief will bypass the lock by removing the hinges.

Garage Door. Most people often overlook securing the garage, which typically has a door that leads into the house. If you don’t have one already, go with an electronic door opener, which makes it harder for a burglar to force the door open. Make sure you change the security code from the factory default, and don’t have the same setting as your neighbor.[v]

Sliding Glass Doors.  These are favorite targets since the manufacturing mechanical locking device is very cheap and easy to overcome. Install several flathead screws in the upper track of the door with the screw’s head protruding out to prevent the door from being lifted up and out. Additionally use a wooden dowel or old broom handle in the lower track to make it difficult to force the door open.[vi]

Keys. Don’t leave spare keys to your house under the door mat, in the mailbox or in those cheesy fake rocks. Most hiding spots are well known by burglars! While this helps you to get back into your house in the event you lock yourself out, it also helps a potential thief.

Windows. Ideally your windows should use laminate glass, since this is harder to break than regular glass. “For traditional, double-hung windows, drill a small hole at a slight downward angle through the first sash and into, but not through the second (back) sash. Then slip a large nail into the hole.”[vii] Illustration below. Of course none of this matters if you don’t get in the habit of locking your windows. Use window covers to keep your expensive toys (i.e. large flat screen TV) out of view from the exterior of your home. This helps keep temptation to a burglar at bay.  


Image from Stearns County, MN Law & Public Safety website

Lights.
            Interior. The chances of your home being broken into are significantly higher if you’re not home. Placing a few interior lights on timers give the illusion that somebody is home. Make sure you regularly change the time the timers go off and on.

            Exterior. Focus on lighting the entry points such as doors and ground level windows, which make these areas visible at night and deter potential burglars. Thieves want to get away with their crime, so they don’t want to be seen committing the crime. Placing lights on motion sensors provide some security without running up your electric bill. Do It Yourself provides instructions on how you can cheaply install motion sensor exterior lights at http://www.doityourself.com/stry/h2securehome. Make sure the sensitivity level on the sensor is not set too high, otherwise it will become more of a nuisance than a deterrent.

Landscaping. Unkempt bushes and trees provide great hiding spots. To increase visibility:
    - Keep shrubbery below three feet from the ground and trimmed away from doors and windows. For low maintenance, consider low-growing varieties.
    - Keep tree branches trimmed away from doors and windows, as well as trimmed at least seven feet off the ground.
 
Providing clear lines of sight near points of enter, along with exterior lighting makes your home unappealing to a potential thief. When you’re done with landscaping, ensure you secure your yard tools (i.e. ladder, trimmers) so they’re not used as tools to break into your home.

Safe. If you have a small safe, ensure that it is bolted down to the floor; otherwise, the burglar will just take the safe to a different location and take his/her time cracking it. You want the safe to secure your valuables, not be used as a heavy carrier to take them away by the burglar.


[i] Federal Bureau of Investigation. (2011) “2010 Uniform Crime Reports: Burglary.” Retrieved from http://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2010/crime-in-the-u.s.-2010/property-crime/burglarymain (accessed December 15, 2011)
[ii] City of Tacoma. “A CPTED Safe Home” Community Bases Services: Securing your home. (2010) Retrieved from http://www.cityoftacoma.org/File.ashx?cid=3126 (accessed December 15, 2011)
[iii] Echo Surina.  "Home, Safe Home: 10 Ways to Secure Your Home"  14 July 2010.  HowStuffWorks.com.  Retrieved from http://tlc.howstuffworks.com/home/10-ways-to-secure-your-home.htm (accessed December 15, 2011).
[iv] “Securing Your Home” Stearns County Minnesota: Law & Public Safety. Retrieved from http://www.co.stearns.mn.us/LawPublicSafety/CrimePrevention/SecuringYourHome (accessed December 15, 2011)
[v] Wayne McGruf “Practical Tips To Secure Your Home” HowtoAdvice.com Retrieved from http://www.howtoadvice.com/HomeSecurity (accessed December 15, 2011)
[vi] Ibid.
[vii] “Securing Your Home,” Ibid.