docLOSS PREVENTION! - Fortuna Chamber of Commerce
download 
Report Transcription
LOSS PREVENTION! - Fortuna Chamber of Commerce
Business Loss Prevention 2015 Enoch Ibarra, Crime Prevention Specialist Fortuna Police Department 707.725.1453 Updated November 13, 2015 Human Engineering in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. Homeless or Transient Door-to-Door Scams Door-to-Door Scams • • • • • • • • • • Traveling Salespeople Magazine Sales Utility Workers Home Repairs Roof Repairs Security Inspections Meat Sales Energy Audits Health Check-Ups Charities City of Fortuna Municipal Code Chapter 5.32 PEDDLERS, CANVASSERS, AND SOLICITORS 5.32.010 Permit – Required. It is unlawful for any person to engage in the business of solicitation or peddling, either in person or by telephone, within the corporate limits of the city, without first obtaining a permit therefore in compliance with the provisions of this chapter. (Code 1961 § 16A-1). Veterans Charities But just because the solicitation claims that it is collecting money for veterans' causes, doesn't mean the funds are really going there. Evaluating Charities http://www.charitynavigator.org/ Warrant for Your Arrest Citizens are receiving telephone calls from callers claiming to be with Internal Revenue Service (IRS), local Police Departments, and Sheriff’s offices. The callers tell the person that they owe money for various reasons. The callers are spoofing the telephone numbers of the agencies to make the call seem more legitimate. If the person hangs up, the caller calls back almost immediately and spoofs 911. The suspiciously large first paycheck: how does this job scam work? You should never trust any new “job” where your boss expects you to send money to him, or otherwise shell out any of your own money before you can expect to get paid – but you must also be beware of any job where you get a check before actually doing any work to earn it. Source: http://www.consumeraffairs.com/news/the-suspiciously-large-first-paycheck-howdoes-this-job-scam-work-041515.html The attached message from Notice to Appear <[email protected]> was found to contain the virus "Sanesecurity.Malware.23947.ZipHeur.UNOFFICIAL(33f67 a82d2c388e6333d907eb183a60e:67252)". The infected portion of the message was removed by Virus Blocker. Ransomware / Hostageware Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Ransomware / Hostageware Ransomware / Hostageware https://www.microsoft.com/security/portal/mmpc/shared/r ansomware.aspx https://www.f-secure.com/en/web/labs_global/removingpolice-themed-ransomware Package theft up during holiday shopping season Last year in the United States 2 million packages were not delivered to the proper person due to front porch package theft. Source: http://www.krcrtv.com/news/local/package-theft-up-during-holiday-shopping-season/36455876 If you believe that the delivery will arrive while you are at work, have the package delivered to your worksite/office, if allowed or practical. Have the package delivered to a trusted relative, friend or neighbor that you know will be home. Track the shipping and routing of the package. This is available and provided by most shippers and the US Postal Service. Contact the shipper, if there is a delay in receiving the package as scheduled. Arrange for the packages to be signed for. How does Facebook suggest tags? We currently use facial recognition software that uses an algorithm to calculate a unique number (“template”) based on someone’s facial features, like the distance between the eyes, nose and ears. This template is based on your profile pictures and photos you’ve been tagged in on Facebook. Source: https://www.facebook.com/help/122175507864081 Walmart’s Use of Sci-fi Tech To Spot Shoplifters Distinctive patterns show whether a person is of African or European descent http://www.dailymail.co.uk/sciencetech/article-3253295/Fingerprints-reveal-black-whiteDistinctive-patterns-person-African-European-descent.html A security researcher has uncovered a security hole in Amazon's Kindle Library that could lead to cross-site scripting (XSS) attacks and account compromises when you upload a malicious ebook. AMAZON CREDENTIALS – BOON FOR HACKERS The flaw affects the “Manage Your Content and Devices” and “Manage your Kindle” services in Amazon's web-based Kindle Library, which could allow a hacker to inject and hide malicious lines of code into into e-book metadata, such as the title text of an eBook, in order to compromise the security of your Amazon account. Car thieves' scary new tool Basically, an amplifier boosts the car's search signal so it can communicate with the key fob sitting on the kitchen table inside the house. The car, not realizing the fob, and the rightful owner, aren't anywhere close, opens and starts like it is supposed to. The really scary part is that these power amplifiers are available online for less than $100, and even as low as $17. That means anyone can get one and then steal a car that uses an always-on remote, keyless entry system. Source: http://www.komando.com/happening-now/304689/car-thieves-scary-new-tool/2 'Unhackable' car security system takes just half an hour to crack We know that a $32 gadget can open just about any car or garage door, flaws in Chrysler-Fiat entertainment systems could let a hacker take control of your car, cars with OnStar can be remotely hijacked and other car hacks will probably appear on a regular basis until manufacturers start taking security seriously. http://www.komando.com/happening-now/329328/unhackable-car-security-system-takes-just-half-an-hour-to-crack/2 Those New Credit Card Chips Known as EMV Won’t Defeat the Data Thieves Source: http://abcnews.go.com/Business/credit-card-chips-emv-wont-defeat-datathieves/story?id=33504803 IR Debit & Credit Card PIN Skimming Bluetooth Skimmers http://krebsonsecurity.com/tag/bluetooth-skimmer/ http://krebsonsecurity.com/2015/09/tracking-bluetooth-skimmers-in-mexico-part-ii/ http://consumerist.com/2015/09/17/6-things-we-learned-about-bluetooth-atm-skimmers-in-mexico/ Hackers Can Silently Control Siri From 16 Feet Away Source: http://www.nydailynews.com/news/world/hackerssilently-control-siri-google-article-1.2398517 Social Media 20:45 08112104 Could Facebook swing an election? Firm under fire for experiment in influencing voting - as it reveals it will mine users posts in 2014 and 2015 votes Is this creepy website live-streaming YOUR living room? 73,000 webcams now viewable to anyone because their owners haven't set a password Website … running footage from more than 73,000 cameras Users can view businesses, factories, building sites and private homes Source: Dailymail.co.uk Chinese Government Accused of Intercepting Traffic Between Google and CERNET // The Hacker News China is the world’s largest exporter of IT goods, but it has been criticized by many countries due to suspected backdoors in its products, including United States which has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing… CIA Email Hackers Return With Major Law Enforcement Breach HACKERS WHO BROKE into the personal email account of CIA Director John Brennan have struck again. This time the group… says it gained access to an even more important target—a portal for law enforcement that grants access to arrest records and other sensitive data, including what appears to be a tool for sharing information about active shooters and terrorist events… Source: http://www.wired.com/2015/11/cia-email-hackers-return-with-major-law-enforcement-breach The anatomy of an unbreakable password The longer the password, the harder it is to crack. Consider a 12-character password or longer. Things to avoid: Names, places, dictionary words. Mix it up. Use variations on capitalization, spelling, numbers, and punctuation. https://open.buffer.com/creating-a-secure-password/ Recent Articles Check to see if your neighbors are stealing your Internet http://www.komando.com/tips/239494/checkto-see-if-your-neighbors-are-stealing-your-internet http://www.foxnews.com/tech/2015/11/14/catch-and-stop-neighbors-stealing-yourinternet.html?intcmp=hpff See who is stealing your Internet http://www.komando.com/downloads/2251/see-who-is-stealing-your-internet http://www.komando.com/tips/11672/keep-criminals-off-your-wi-fi-with-ease Fortuna Police Department Citizen RIMS Daily Crime Bulletins http://forpd.crimegraphics.com/2013/default.aspx Valuable Sites • http://thehackernews.com/ • http://www.komando.com/ • http://www.cnet.com/how-to/spot-and-avoid-the-latestonline-scams/ • http://www.hoax-slayer.com/latest-information.html Valuable Sites • http://www.fbi.gov/scams-safety/e-scams • http://www.consumer.ftc.gov/scam-alerts • http://www.bbb.org/council/news-events/lists/bbb-scamalerts/ • http://netforbeginners.about.com/od/scamsandidentitythe ft/ss/top10inetscams.htm Check if you have an account that has been compromised in a data breach https://haveibeenpwned.com/ 4 TIPS TO FOLLOW IF YOU'VE BEEN VICTIMIZED: File a police report. Tell your credit card company and bank. Report the fraud to the three credit reporting companies. – Equifax: (800) 525-6285 – Experian: (888) EXPERIAN or (888) 397-3742 – TransUnion: (800) 680-7289. Gather evidence. In addition to the police report, save what you can related to the suspected fraud… letters/emails of solicitation, prospectuses, cancelled checks, cash receipts, receipts for cashier's checks or money orders, bank statements, investment statements, or medical statements ... Source: https://action.aarp.org/site/SPageNavigator/FWN_Holiday_Scams.html?cmp=HOLDASCM_NOV25_014 http://www.ic3.gov/crimeschemes.aspx https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc https://www.bbb.org/consumer-complaints/file-a-complaint/get-started
