866-629-3757

Free Consulation

Call 866-629-3757

Stay Low: Tips for Preventing Social Media Cyber Crime Victimization

March 11th, 2015 | Business Security, Cyber, Privacy, Security

Social media cyber crime photo 1.

March 11, 2015

By Stephanie Kent
Investigative Research Assistant

Social networking websites have not only revolutionized social connectedness, but they have generated a powerful new means of advertising and marketing for small businesses and entrepreneurs. Although it may sound like the ideal medium through which to connect with old friends or engage masses of new customers, social media may be the single thing that will cost you your identity, wealth, business and reputation. Like anything that appears ‘too good to be true,’ social media can have irreversible negative consequences if users do not take the appropriate precautions. The number of con-artists, cybercriminals, and other fraudulent actors who exploit online social networks for iniquitous purposes continues to increase rapidly.

In December, 2013, security experts discovered a cache of approximately 2 million pilfered passwords to popular social media websites. Hackers across the globe had stolen usernames, passwords and credentials through 326,000+ Facebook accounts; ~60,000 Google accounts; 59,000+ Yahoo accounts and ~22,000 Twitter accounts.¹ Today, more than 600,000 Facebook accounts are compromised daily (that’s ~219 million jeopardized Facebook accounts a year)!²

According to the FBI, cybercriminals who exploit social networks can typically be divided into two tactical groups.³ The first employs computer savvy hackers who are well-practiced in writing and altering computer code to gain access or install undesired software on your device. The second group uses “social engineers” who exploit personal relations through social networks such as Facebook, Twitter, Instagram, LinkedIn, etc. These hackers use the World Wide Web to gather information about a person through his or her history of statuses, photos, comments, tweets, online interactions, and other personal information they’ve posted. With this abundance of intimate knowledge about the victim, social engineers know exactly how to assume the target’s identity and manipulate people into getting through all types of security walls. They frame their stories as to appear totally harmless and legitimate, and with the help of human naivety, they often succeed. Falling for this type of seemingly harmless social media scam could be extremely damaging not only for a personal victim, but also for the organization that employs that victim.

To avoid becoming an easy target of social media cyber crime, refer to the simple steps listed below.

How to Better Protect Yourself on Social Media:

1. Create a Strong Password for Every Account

Although hackers may seem like masterminds, nearly 16,000 of the compromised Facebook accounts mentioned above used the same simple password, ‘123456’! These users may as well have gone on vacation, left the house key on the doorstep, and put their passport, wallet, and birth certificate inside the door! Make your password at least 10 digits long, with a combination of various numbers, symbols and letters (include capitals and lower-case). Avoid using the same password for multiple websites because once your universal password is decrypted, every account you own is easily accessible to the hacker.

2. Change Your Facebook Settings to “Friends Only”

View your privacy settings on your Facebook account. Make sure your default privacy setting is not set to public (along with posts and photos you publish on your wall). If you have set it to “Custom,” be sure you are aware and comfortable with any “Networks” with which you’re sharing data.

3. Be VERY Wary of Who You Add as a Friend or Contact on Facebook, LinkedIn, etc.

Many accounts are created under false pretenses in order to gain your information upon your acceptance of the friend invite. If the person inviting you to connect via social media has very few friends or connections, or has published limited information about him or herself, exercise caution! This is probably not someone you know. Even if the person shows one or two mutual friends, ask those friends of yours how they know this person before accepting the individual as your own friend. Remember, social engineers are very clever and will use whatever photos, info and aliases they can to access your profile publicly. Never add people to your social media that you do not surely know and trust with ALL of your posted information!

4. Avoid Posting Personal Information on All Social Media Venues

It is important to note that once something is posted to any social networking website, it is no longer private. Even when you enable the highest security settings on your accounts, your information can certainly be leaked on the Internet! It’s true that the “friends only” setting will help protect you, but the more information you post to social media, the more likely you are to become a target for hackers. The more info you share online, the easier it is for hackers to impersonate you and deceive your contacts into sharing their own information, downloading malware, or providing access to restricted sites, thus feeding the vicious cycle of cyber crime! Avoid posting your personal phone number, birthday, address and email on Facebook. Your Facebook contacts can always send Facebook messages to contact you privately, and if you are close enough to be Facebook “friends” they would most likely have your other personal info anyway.

5. Avoid Dropping Pins with Your Device’s GPS on Social Media

Allowing people to pinpoint exactly where you are in the world at a specific time is not the wisest idea when trying to stay safe from criminal activity (whether cyber or not)! You may as well post a sign on your front door saying “At the international airport, going to be in Europe for two weeks… make yourselves at home!” Just don’t do it. Either privately inform your friends about the upcoming trip, or wait until you have returned to post about it.

6. Password Protect All of Your Devices

Yes, folks, that means your Macs, your PCs, your tablets, your iPads, your iPhones, your Androids, your iPods, your Blackberrys, and every other device under the sun that connects to Wi-Fi! Not only password protect them, but get those creative juices flowing beyond ‘123456.’

7. Put a Google Alert on Your Name4

This is a very easy way to be aware of what’s being posted about you online. It takes under a minute to do. Go here: https://www.google.com/alerts and enter your name and variations of your name with quotation marks around it. Finished!

8. Log Out Of Your Online Accounts When You’re Finished Using Them

Not only does this help reduce the chances of being tracked as you surf the Web, it prevents the next person who uses that computer from loading one of your accounts and snooping. This is especially important when using a public computer. Remember, ‘x’ing out of a page does not mean you are logging out! People often forget this and suffer the horrible consequences of personal invasion.

9. Turn On 2-step Authentication in Gmail

One small step for a Gmail man, one giant leap for his Gmail security! 2-step authentication requires that you enter a code (that’s sent to your phone) each time you attempt to access your account from a new device. Therefore, even if the malicious type decodes your password, they won’t be able to sign into your account from an unauthorized device.

If you believe that either you or your organization has been victimized by cyber-criminal behavior, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation, or visit us online at www.jsainvestigations.com. All inquiries are strictly confidential.

References:

1http://www.dailymail.co.uk/news/article-2518540/Facebook-Twitter-hackers-steal-passwords-2m-social-mediaaccounts.html
2http://www.insecpro.com/index.php/articles/cyber-crime-statistics
3http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks
4http://www.forbes.com/pictures/gdfd45efkm/put-a-google-alert-on-your-name/

Jennings Smith Associates Launches New Website

December 16th, 2014 | Press Release

Leading private investigation and security consulting firm continues to set industry standards for best practices.

Jennings Smith Associates, Inc. (www.jsainvestigations.com), a leading provider of investigative and security solutions to private industry and public institutions, today announced the launch of its new corporate website located at www.jsainvestigations.com.

Jennings Smith AssociatesThe site was designed to be user friendly, quick loading, and fully functional when viewed with any modern browser. In keeping with best practices for web accessibility, the new configuration adapts to all current platforms including desktops, laptops, tablets, and smartphones.

“Our goal continues to be providing a positive user experience for current and potential clients, while detailing our entire range of private investigation and security consulting services,” said Jennings Smith Associates president and licensee, Bill Smith. He continued, “JSA has had a long-standing commitment to utilizing best practices in our work. The new site provides us with the ability to extend that commitment to our online presence.”

While every effort has been made to enhance the accessibility of the information provided by the website, the success of the project will ultimately be decided by its users who are encouraged to provide feedback via the “Contact Us” page located at https://www.jsainvestigations.com/company/contact-us/.

About Jennings Smith Associates, Inc.

A highly-experienced team of professionally licensed and credentialed private investigators and security consultants, Jennings Smith Associates provides a complete range of investigative, security, and forensic services to state and local government agencies, K-12 schools and colleges, financial institutions, insurance companies, legal practitioners, employment specialists, business professionals, and individual clients in New York, New Jersey, and Connecticut, throughout the United States, and across the world. Free consultations are available by phone or via e-mail. Call 866-629-3757 with questions or specific service requests.

Contact:
William J. Smith
President
Jennings Smith Associates, Inc.
866-629-3757
https://www.jsainvestigations.com

###

Ineffective Employee Background Investigations of Educators and Staff

April 25th, 2014 | Education, Privacy, Security

An increase in the number of cases involving sexual misconduct by teachers, administrators and staff in our nation’s schools prompts this investigative response. Recent arrests reported by media have publicized and uncovered flaws within hiring practices and educator candidate vetting. Protocols and procedures for the thorough vetting of new hires and even the notion of adding existing staff in predetermined sequential years for re-vetting needs review. While cursory reviews typically take place during the initial hiring process, clearly, thorough background investigations are not routinely conducted. If comprehensive vetting is performed by trained staff, it would likely uncover issues such an out of state arrest or prior litigation that would evidence the applicant’s or an employee’s past and most recent history.

background-investigation-documentsQuite alarming is the number of documented incidents reported to Administrators who have failed to take appropriate action and cause a more detailed personnel or incident investigation.

Our research indicates that most school districts conduct background checks focused primarily on qualification and credentialing to determine if the prospective employee possessed the educational certifications and experience to qualify for the position. While fingerprinting is required of applicants in most school districts, the responding agencies including the F.B.I. do not provide arrest information, only records of convictions reported to those agencies. In some instances, the state bureau of identification may not have updated criminal conviction files in a timely fashion and may, as a matter of routine, purge criminal conviction information. Typically this takes place after ten years from the date of adjudication.

The safety, security and welfare of our children is the foremost responsibility of American educators. As such, thorough and comprehensive background investigations of educators and staff, to whom we entrust our children, must be given high priority. Simply put, both Public and Private Schools must do a better job to preclude and prevent abuse of our children.

 

EMERGENCY RESPONSE TRAINING IN OUR SCHOOLS : FAILING TO TRAIN MEANS PLANNING TO FAIL

September 24th, 2013 | Education, Security

Lisa Bull DiLullo, Senior Security Consultant
Jennings Smith Associates

As the White House in June formally underscored the need for schools to align their emergency planning practices with those in place at the national, state and local levels, it delivered a sobering statistic: A recent survey has indicated that that only 52% of schools nationwide with a written response plan in the event of a shooting had drilled their students on the plan during the previous year.

For nearly half of our nation’s schools, this survey said there had been no drill about what to do if faced with an active shooter. With no drill, there is no communication about what works and what can be improved. That translates into no conversation about “what if”, a vital component of risk management and crisis prevention.

classroomWho is prepared to explain to grieving parents that their children had not drilled emergency measures or, worse, that the “written response plan” was actually a piece of paper taped to the teacher’s desk?

I fear that, in the rush to purchase the latest protective hardware, perhaps school administrators are inadvertently slighting the development and practice of the ever-important emergency response plan? And are we canting our emergency response plan perilously toward only the school shooter – at the expense of developing an all-inclusive emergency plan for the myriad other natural disasters, accidents and crises to which our school children may fall victim?

It is true that since the earliest U.S. school shooting on July 26, 1764, when four men entered a Pennsylvania schoolhouse and killed the schoolmaster and nine students, few crimes have inspired more impassioned outrage and grief.

But as Sir Winston Churchill so simply stated, “Let our advance worrying become advance thinking and planning.” Churchill understood that preparation and planning – which includes practicing our response plans – for all hazards are the keys to not only mitigating worry, but also to ensuring safety and success.

The Panic Button Program

June 26th, 2013 | Private Investigator, Security

Have any of you heard of this program yet? The Panic Button Program is a new school safety plan that was introduced in Connecticut. The program was created after the horrific incident that took place at Sandy Hook Elementary school when a gunman shot and killed 26 people.

Panic Button Program

After the incident at Sandy Hook Elementary School, a task force was created to brainstorm ideas to help prevent an incident like that from ever happening again. The task force suggested that each classroom have what’s called a “panic button” installed in it. Once that button is pushed, an announcement is made alerting everyone in the school that there is currently a life threatening situation going on. The school’s door automatically close and lock up, and a notice is immediately send to all emergency personnel to alert them of the situation.

Find out more information here about the “Panic Button” Program.

  • Jennings Smith Associates Professional Certifications

    • Professional Certified Investigator (PCI), ASIS International
    • Certified Protection Professional (CPP), ASIS International
    • Physical Security Professional (PSP), ASIS International
    • Certified Homeland Security Level 5 (CHS-V), American Board for Certification in Homeland Security
    • Certified Business Continuity Professional (CBCP), Disaster Recovery Institute International
    • Certified Healthcare Safety Professional (CHSP), Board of Certified Hazard Control Management
    • Certified Healthcare Emergency Professional (CHEP), Board of Certified Hazard Control Management
    • Certified Safety & Health Manager (CSHM), Institute for Safety and Health Management
    • Certified Hazard Control Manager (CHCM), Board of Certified Hazard Control Management
    • Certified Forensic Consultant (CFC), American College of Forensic Examiners International

    Certifications Continued

  • NEW SERVICE OFFERING

    Cyber Forensic Investigations

    JSA's cybersecurity experts are ready to assist you with a complete array of cybercrime protection, data recovery, and evidence collection services. Cyber forensic Investigations include: unauthorized data access; PII (personal identifiable information) exposure; IP (intellectual property/proprietary information) theft; employee social media/email/messaging abuse; ransomware data corruption; and more.

    Cyber Forensics Continued

  • Share

    Share
  • Major Credit Cards Accepted