LOSS PREVENTION! - Fortuna Chamber of Commerce

Transcription

LOSS PREVENTION! - Fortuna Chamber of Commerce
Business
Loss Prevention
2015
Enoch Ibarra, Crime Prevention Specialist
Fortuna Police Department
707.725.1453
Updated November 13, 2015
Human Engineering
in the context of information security,
refers to psychological manipulation of
people into performing actions or divulging
confidential information.
Homeless or Transient
Door-to-Door Scams
Door-to-Door Scams
•
•
•
•
•
•
•
•
•
•
Traveling Salespeople
Magazine Sales
Utility Workers
Home Repairs
Roof Repairs
Security Inspections
Meat Sales
Energy Audits
Health Check-Ups
Charities
City of Fortuna Municipal Code Chapter 5.32
PEDDLERS, CANVASSERS, AND SOLICITORS
5.32.010 Permit – Required.
It is unlawful for any person to engage in the business of
solicitation or peddling, either in person or by telephone,
within the corporate limits of the city, without first
obtaining a permit therefore in compliance with the
provisions of this chapter. (Code 1961 § 16A-1).
Veterans Charities
But just because the solicitation claims that it is
collecting money for veterans' causes, doesn't
mean the funds are really going there.
Evaluating Charities
http://www.charitynavigator.org/
Warrant for Your Arrest
Citizens are receiving telephone calls from
callers claiming to be with Internal Revenue
Service (IRS), local Police Departments, and
Sheriff’s offices.
The callers tell the person that they owe money
for various reasons. The callers are spoofing the
telephone numbers of the agencies to make the
call seem more legitimate.
If the person hangs up, the caller calls back
almost immediately and spoofs 911.
The suspiciously large first paycheck:
how does this job scam work?
You should never trust any new “job” where your
boss expects you to send money to him, or
otherwise shell out any of your own money
before you can expect to get paid – but you must
also be beware of any job where you get a
check before actually doing any work to earn it.
Source: http://www.consumeraffairs.com/news/the-suspiciously-large-first-paycheck-howdoes-this-job-scam-work-041515.html
The attached message from Notice to Appear
<[email protected]>
was found to contain the virus
"Sanesecurity.Malware.23947.ZipHeur.UNOFFICIAL(33f67
a82d2c388e6333d907eb183a60e:67252)".
The infected portion of the message was removed by Virus
Blocker.
Ransomware / Hostageware
Ransomware is a type of malware that prevents
or limits users from accessing their system. This
type of malware forces its victims to pay the
ransom through certain online payment methods
in order to grant access to their systems, or to
get their data back.
Ransomware / Hostageware
Ransomware / Hostageware
https://www.microsoft.com/security/portal/mmpc/shared/r
ansomware.aspx
https://www.f-secure.com/en/web/labs_global/removingpolice-themed-ransomware
Package theft up
during holiday shopping season
Last year in the United States 2 million
packages were not delivered to the proper
person due to front porch package theft.
Source: http://www.krcrtv.com/news/local/package-theft-up-during-holiday-shopping-season/36455876
If you believe that the delivery will arrive while you are at work, have
the package delivered to your worksite/office, if allowed or practical.
Have the package delivered to a trusted relative, friend or neighbor
that you know will be home.
Track the shipping and routing of the package. This is available and
provided by most shippers and the US Postal Service. Contact the
shipper, if there is a delay in receiving the package as scheduled.
Arrange for the packages to be signed for.
How does Facebook suggest tags?
We currently use facial recognition software that
uses an algorithm to calculate a unique number
(“template”) based on someone’s facial features,
like the distance between the eyes, nose and
ears. This template is based on your profile
pictures and photos you’ve been tagged in on
Facebook.
Source: https://www.facebook.com/help/122175507864081
Walmart’s Use of Sci-fi Tech
To Spot Shoplifters
Distinctive patterns show whether a
person is of African or European descent
http://www.dailymail.co.uk/sciencetech/article-3253295/Fingerprints-reveal-black-whiteDistinctive-patterns-person-African-European-descent.html
A security researcher has uncovered a security hole in Amazon's
Kindle Library that could lead to cross-site scripting (XSS) attacks and
account compromises when you upload a malicious ebook.
AMAZON CREDENTIALS – BOON FOR HACKERS
The flaw affects the “Manage Your Content and Devices” and “Manage
your Kindle” services in Amazon's web-based Kindle Library, which
could allow a hacker to inject and hide malicious lines of code into into
e-book metadata, such as the title text of an eBook, in order to
compromise the security of your Amazon account.
Car thieves' scary new tool
Basically, an amplifier boosts the car's search signal so it
can communicate with the key fob sitting on the kitchen
table inside the house. The car, not realizing the fob, and
the rightful owner, aren't anywhere close, opens and
starts like it is supposed to.
The really scary part is that these power amplifiers are
available online for less than $100, and even as low as
$17. That means anyone can get one and then steal a
car that uses an always-on remote, keyless entry
system.
Source: http://www.komando.com/happening-now/304689/car-thieves-scary-new-tool/2
'Unhackable' car security system
takes just half an hour to crack
We know that a $32 gadget can open just about any car
or garage door, flaws in Chrysler-Fiat entertainment
systems could let a hacker take control of your car, cars
with OnStar can be remotely hijacked and other car
hacks will probably appear on a regular basis until
manufacturers start taking security seriously.
http://www.komando.com/happening-now/329328/unhackable-car-security-system-takes-just-half-an-hour-to-crack/2
Those New Credit Card Chips
Known as EMV Won’t Defeat
the Data Thieves
Source: http://abcnews.go.com/Business/credit-card-chips-emv-wont-defeat-datathieves/story?id=33504803
IR Debit & Credit Card PIN Skimming
Bluetooth Skimmers
http://krebsonsecurity.com/tag/bluetooth-skimmer/
http://krebsonsecurity.com/2015/09/tracking-bluetooth-skimmers-in-mexico-part-ii/
http://consumerist.com/2015/09/17/6-things-we-learned-about-bluetooth-atm-skimmers-in-mexico/
Hackers Can Silently Control Siri
From 16 Feet Away
Source: http://www.nydailynews.com/news/world/hackerssilently-control-siri-google-article-1.2398517
Social Media
20:45 08112104
Could Facebook swing an election?
Firm under fire for experiment in influencing voting - as it
reveals it will mine users posts in 2014 and 2015 votes
Is this creepy website live-streaming
YOUR living room?
73,000 webcams now viewable to anyone
because their owners haven't set a password
Website … running footage from more than
73,000 cameras
Users can view businesses, factories, building
sites and private homes
Source: Dailymail.co.uk
Chinese Government Accused of
Intercepting Traffic Between Google and
CERNET
// The Hacker News
China is the world’s largest exporter of IT
goods, but it has been criticized by many
countries due to suspected backdoors in its
products, including United States which has
banned its several major government departments,
including NASA, Justice and Commerce
Departments, from purchasing…
CIA Email Hackers Return With Major
Law Enforcement Breach
HACKERS WHO BROKE into the personal email
account of CIA Director John Brennan have struck again.
This time the group… says it gained access to
an even more important target—a portal for law
enforcement that grants access to arrest records
and other sensitive data, including what appears
to be a tool for sharing information about active
shooters and terrorist events…
Source: http://www.wired.com/2015/11/cia-email-hackers-return-with-major-law-enforcement-breach
The anatomy of
an unbreakable password
The longer the password, the harder it is to
crack. Consider a 12-character password or longer.
Things to avoid: Names, places, dictionary words.
Mix it up. Use variations on capitalization, spelling,
numbers, and punctuation.
https://open.buffer.com/creating-a-secure-password/
Recent Articles
Check to see if your neighbors are stealing your Internet
http://www.komando.com/tips/239494/checkto-see-if-your-neighbors-are-stealing-your-internet
http://www.foxnews.com/tech/2015/11/14/catch-and-stop-neighbors-stealing-yourinternet.html?intcmp=hpff
See who is stealing your Internet
http://www.komando.com/downloads/2251/see-who-is-stealing-your-internet
http://www.komando.com/tips/11672/keep-criminals-off-your-wi-fi-with-ease
Fortuna Police Department
Citizen RIMS Daily Crime Bulletins
http://forpd.crimegraphics.com/2013/default.aspx
Valuable Sites
• http://thehackernews.com/
• http://www.komando.com/
• http://www.cnet.com/how-to/spot-and-avoid-the-latestonline-scams/
• http://www.hoax-slayer.com/latest-information.html
Valuable Sites
• http://www.fbi.gov/scams-safety/e-scams
• http://www.consumer.ftc.gov/scam-alerts
• http://www.bbb.org/council/news-events/lists/bbb-scamalerts/
• http://netforbeginners.about.com/od/scamsandidentitythe
ft/ss/top10inetscams.htm
Check if you have an account that has been
compromised in a data breach
https://haveibeenpwned.com/
4 TIPS TO FOLLOW
IF YOU'VE BEEN VICTIMIZED:
File a police report.
Tell your credit card company and bank.
Report the fraud to the three credit reporting companies.
– Equifax: (800) 525-6285
– Experian: (888) EXPERIAN or (888) 397-3742
– TransUnion: (800) 680-7289.
Gather evidence. In addition to the police report, save what you can
related to the suspected fraud… letters/emails of solicitation,
prospectuses, cancelled checks, cash receipts, receipts for cashier's
checks or money orders, bank statements, investment statements,
or medical statements ...
Source:
https://action.aarp.org/site/SPageNavigator/FWN_Holiday_Scams.html?cmp=HOLDASCM_NOV25_014
http://www.ic3.gov/crimeschemes.aspx
https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc
https://www.bbb.org/consumer-complaints/file-a-complaint/get-started