Tuesday, July 26, 2016

"6 Things Parents Should Know About Pokémon Go", Author, Lynette Owen, Global Director of Trend Micro’s Internet Safety for Kids and Families program

7/26/16,  This is a great article, worth sharing,,,,  Rich Coleman, Pittsfield Twp. DPS / CPAM
July 12, 2016  By Lynette Owen
Last week, Nintendo launched Pokémon Go, a mobile gaming app based on its popular game franchise of the same name.  The app is free and is unique in that it requires players to move around in the real world in order to advance in the game and get rewards.  Players create their own avatar which is animated, as are the characters in the game, but they are overlaid onto real images coming through the camera of the player’s mobile device.  It’s the first widely available and, as early reports have shown, wildly popular app that take advantage of augmented reality.
I signed up and tested it within the confines of my home and backyard, my 9-year old looking over my shoulder eager to try too.  The novelty of looking through your phone camera and then suddenly seeing a character sitting on your own couch is definitely a cool experience.   I had to throw Poké balls at these characters in order to continue on in the game. In [my] reality I actually preferred these creatures not disappear because I captured them.
I had hoped to simply move around within a reasonable area within and near my home, but after 20 minutes of walking around – avoiding table legs and door jams – I realized the game is very limited if your geographic boundaries were limited too.  Eventually, I just got bored and stopped playing.
The news circuit has latched onto this craze and for the most part has focused on stories of people’s predictable lemming-like behavior, Nintendo’s stock price rise, and thedangers this new type of game presents (leading you to unsafe places, tracking a lot of personal data as it requires your geo-location, etc.).
I believe it is best to try out the app and judge for yourself.  I also highly recommend you do this beforeor WITH your child before letting them go search for imaginary creatures all over town (and possibly further).  As fun and simple as it may seem, there are definitely risks to be aware of.
Here are 6 things in particular to keep in mind:
  1. The app is called Pokémon Go and it is free. There are a lot of comments in the user agreement about in-app purchases, but I did not use the app long enough to get to that point of needing or wanting to buy anything.  That said, you can make sure your child does not rack up tons of real-world charges to your credit card bill by turning off the in-app purchasing feature, requiring a password for the app to charge against your credit card, or using gift cards for app purchases rather than a credit card.
  2. It is designed to be used on a mobile phone. Don’t use it with your iPad, Kindle Fire, or something that you can’t easily hold with one hand.
  3. There is no age limit.** However, you need a Google account or Pokémon Trainer Account to sign in to use it.  Google already requires you to be 13+ to have a Google account.  Nintendo allows kids under 13 to have a Pokémon Trainer Account, but signing up for one requires parental consent.
  4. **But, the app makers state it is ideally for age 9+. I don’t think many 9 year olds should just go off wandering around town to play this game by themselves, just as I wouldn’t recommend they go off anywhere without adult supervision.  I launched the app again after I left my house, and in the middle of a parking lot I discovered there were several more characters for me to capture. Staring at my phone and swiping towards an imaginary creature is not the safest thing to do there.
  5. You must allow the app to use your geo-location in order for it to work. Be aware of this and the privacy you may be giving up to the app as a result. You are basically signaling your physical location at all times and how long you spend in those places.
  6. The user agreement has many statements about safety, but there isn’t a way to report safety issues. The terms of use encourage players to use the app with care (i.e., watch where you’re going!).  It also states that people should not break any laws while using it (i.e., don’t rob people, don’t break into people’s private property, etc.)  What I didn’t see in those terms or anywhere in the game is a way to report concerns.  This is something I think will be demanded and should be designed into the game in the near future.
In the end, I got a little bored of the app.  I think it could be great fun if I had the time or energy to run around town looking for Pokémon.
That said, the idea of augmented reality has its merits; many applications of this technology are yet to be.  Imagine walking into a big box store, wondering where to find a certain item?  Don’t need to ask anyone, just hold up your camera and arrows will point you the way AND deliver a coupon to you by tapping on the image of the item once you find it.  The advertising potential for this technology is pretty huge (maybe Starbuck’s has something waiting in the wings?).
The Pokémon Go game is an incredible leap forward for augmented reality, and a new use of mobile devices.  For decades, Pokémon has been popular with kids, including the good old fashioned Pokémon trading cards.  But as an app to get kids up off the couch and play outside, I think it is somewhat flawed and has a lot of inherent risk.  If Nintendo made it so younger kids could find lots of characters within the confines of their home or a single park or playground, I would feel much better about my kids using it.
But as a replacement for sedentary gaming?   Not really.  Just have your kids put the phone down and go chase a real soccer ball or shooting star instead.
Lynette Owens is the Founder and Global Director of Trend Micro’s Internet Safety for Kids and Families program.  With 20+ years in the tech industry, Lynette speaks and blogs regularly on how to help kids become great digital citizens.  She works with communities and 1:1 school districts across the U.S. and around the world to support digital literacy and citizenship education.  She is a board member of the National Association of Media Literacy Education and SPARK Kindness, and serves on the advisory boards of INHOPE and U.S. Safer Internet Day.
Follow her on Twitter @lynettetowens

National Nigtht Out August 2nd, 2016, Police and Community Releations

On Tuesday August 2nd, 2016, law enforcement agencies across the country will be hosting National Night Out events with their community stake holders, "residents, businesses, faith community members" that participate in public safety watch programs. 

The 33rd annual National Night Out is designed to heighten crime & drug prevention awareness; generate support & participation in local anti-crime programs; strengthen neighborhood spirit & police-community partnerships; and lastly send a message to criminals to let them know that neighborhoods are organized and fighting back.

The National Night Out Campaign traditionally involves citizens, law enforcement, civic groups, businesses, neighborhood organizations & local officials.  This year there are several new co-sponsors of interest to Crime Prevention personnel  and the promotion of "after market safety products" for the home.
There are two popular products that consumers are asking crime prevention personnel about, they are "video door security systems".  Consumers are encouraged to educate yourself on how these products work, and how do the mobile apps work to secure your personal information and your home.
Check out the National Association of Town Watch for more details on the event and if your local agency is participating. * Not all agencies register so please contact your local law enforcement agency.
Products for consideration and review: 
Ring - www.ring.com
August- www.august.com  
I'll be  sharing more information in a follow up post on the Social Media sites also sponsoring the NNO event.
Rich Coleman, Pittsfield Twp. DPS / Crime Prevention Assoc. of MI

Friday, July 1, 2016

NFPA Fire Work Safety, Source: NFPA’s Fireworks report, by Marty Ahrens, June 2016

*July 1st, '16, Please check with your local fire department on "open burning bans" and use of fire works.
Each July 4th, thousands of people, most often children and teens, are injured while using consumer fireworks. Despite the dangers of fireworks, few people understand the associated risks - devastating burns, other injuries, fires, and even death.

The Alliance to Stop Consumer Fireworks is a group of health and safety organizations, coordinated by NFPA, that urges the public to avoid the use of consumer fireworks and instead, to enjoy displays of fireworks conducted by trained professionals.

NFPA's Dan Doofus urges people not to use consumer fireworks because they are too dangerous. Fireworks are responsible for thousands of fires and injuries each year.

Fireworks by the numbers

From 2009-2013, U.S. fire departments responded to an average of 18,500 fires caused by fireworks. These fires included 1,300 structure fires, 300 vehicle fires and 16,900 outside and other fires. An estimated two people were killed in these fires.

In 2014, U.S. hospital emergency rooms treated an estimated 10,500 people for fireworks related injuries; 51% of those injuries were to the extremities and 38% were to the head. These injury estimates were obtained or derived from the Consumer Product Safety Commission’s 2014

Fireworks Annual Report by Yongling Tu and Demar Granados. 

The risk of fireworks injury is highest for young people ages 5-9, followed by children 10-19.

More than one-quarter (28%) of fires started by fireworks in 2009-2013 were reported on July 4th. Almost half (47%) of the reported fires on the Fourth of July were started by fireworks.

State of MI Fire Marshal's Office

Friday, June 24, 2016

FTC - Online tracking – more than cookies

Wondering why you keep getting online ads targeted to you? Then, check out the FTC’s updated guidance on online tracking. It describes different methods of tracking, how they work, and how you can control them.   

How do websites remember you? For years, the answer has been by using “cookies” – pieces of information saved by your web browser, then used to remember you and customize your browsing experience.
Now, it’s about more than cookies. Without using cookies, companies can use “device fingerprinting” to track you, based on your browser’s unique configurations and settings. Plus, mobile app developers can use “device identifiers” to monitor different applications used on your device. Tracking can also occur on smart devices, like smart TVs.
How can you control online tracking? Here are some ways to get started:
  • Delete or limit cookies. Check your browser’s settings for tools under Help, Tools, Options or Privacy.
  • Reset identifiers on your mobile devices. That makes it harder to associate your device with your past activity. iOS users can do this by following Settings > Privacy > Advertising > Reset Advertising Identifier. For Android, the path is Google settings > Ads > Reset advertising ID. Remember that this will only prevent tracking based on past activity – it won’t prevent tracking going forward.
  • Learn about tracker blockers. There are tools that allow you to block ads called tracker blockers. They prevent companies from using cookies or fingerprinting to track your internet behavior. To find tracker blocking plug-ins, type “tracker blocker” in your search engine. Then, compare features to decide which tracker blocker is best for you.  
Want to learn more about safeguarding your information online? Check out the FTC’s advice on computer security, protecting your personal information, and limiting unwanted calls, mail and email.

Tuesday, June 14, 2016

FTC Alert: June 14, 2016 - Scammers say “Help Wanted”

June 14, 2016, Bridget Small ,Consumer Education Specialist, FTC    
Criminals don’t like getting caught. So, when they want to send and receive stolen money, they get someone else to do the dirty work. Some scammers develop online relationships and ask their new sweetheart or friend to accept a deposit and transfer funds for them. Other cons recruit victims with job ads that seem like they’re for legit jobs, but they’re not. Law enforcement calls the victims ’money mules.’ If you get involved with one of these schemes, you could lose money and personal information, and you could get into legal trouble.
Scammers post ads for imaginary job openings for payment-processing agents, finance support clerks, mystery shoppers, interns, money transfer agents or administrative assistants. They search job sites, online classifieds and social media to hunt for potential money mules.  For example, if you post your resume on a job site, they might send you an email saying, ‘We saw your resume online and want to hire you.’
 The ads often say:
  • the company is outside the U.S.
  • all work is done online
  • you’ll get great pay for little work
If you respond, the scammer may interview you or send an online application. He does that to collect your personal information and make the job offer seem legitimate. At some point, the scammer will ask for your bank account number, or tell you to open a new account, and then send you instructions about transferring money.
If you think you’re involved with a money transfer scam:
  • stop transferring money
  • close your bank account
  • notify your bank and the wire transfer service about the scam
  • report it to the FTC
If you’re looking for work, check out the FTC’s tips about jobs and making money and warning signs of a job scam.

Wednesday, May 4, 2016

May 3, 2016, FBI / Ann Arbor Police Dept. - Apprehend Food Contamination Suspect -- Advisory: Consumers Urged to Throw Away Potentially Contaminated Foods

For immediate release: May 3, 2016 Media contacts:

Jennifer Holton, MDARD, 517-284-5724 or Jennifer Eisner, MDHHS, 517-230-9804

Advisory: Consumers Urged to Throw Away Potentially Contaminated Foods

The Michigan departments of Agriculture and Rural Development and Health and Human Services are cooperating with the Federal Bureau of Investigation and local law enforcement in Ann Arbor on an investigation involving intentional food contamination at retail grocery stores in Ann Arbor. 

Thanks to citizen tips, the suspect was apprehended by the Ann Arbor Police Department. During interrogation, the suspect admitted to intentionally contaminating salad bars and/or produce sections of at least three grocery stores in the greater Ann Arbor area – Whole Foods, Meijer, Inc. and Plum

Market – at least twice in the last month. The suspect claims to have sprayed the food with a mixture of a commercial mouse poison, alcohol-based hand-sanitizer and water. Samples have been sent for further laboratory analysis to determine concentration.

The chemicals found in this mixture are a form of anti-coagulant, similar to what is found in medicines that have an anti-clotting function. Based on the known ingredients in the mixture at this time, MDHHS does not anticipate any adverse health effects on individuals who may have ingested potentially contaminated products.

The stores involved have been contacted and additional samples have been collected by law enforcement for further testing. MDARD food inspectors are in the stores this evening conducting follow-up assessments of the potentially affected stores.

“Out of an abundance of caution and to protect public health and food safety, I encourage consumers to dispose of any foods purchased from salad bars, olive bars and ready-to-eat hot and cold food areas from these stores between mid-March and the end of April,” said Jamie Clover Adams, MDARD director. “Although most of these types of foods may have already been eaten or disposed of, some may still be in refrigerators or freezers.”

Based on FBI investigation, there is the potential that other stores in Michigan may also have been targeted. These stores include:

2240 S Main Street
Ann Arbor, MI
Cupcake Station
116 E Liberty
Ann Arbor, MI
Family Fare
2026 North Saginaw
Midland, MI
3838 Richfield Road
Flint, MI
Meijer, #108
7300 Eastman Ave
Midland, MI
Meijer, #64
3145 Ann Arbor-Saline
Ann Arbor, MI
Meijer, #213
9515 Birch Run Rd
Birch Run, MI
Millers Mini Mart
3001 Bay City Rd
Midland, MI
Plum Market
375 North Maple
Ann Arbor, MI
2000 Waters Road
Ann Arbor, MI
Tsai Grocery
3115 Oak Valley Drive
Ann Arbor, MI
910 Joe Mann Blvd
Midland, MI
7000 E Michigan Ave
Saline, MI
Whole Foods
990 W Eisenhower Pkwy
Ann Arbor, MI
Whole Foods
3135 Washtenaw Ave
Ann Arbor, MI

“While the risk for adverse health effects appears to be low, more investigation is being done to determine what level of exposure may have occurred,” said Dr. Eden Wells, chief medical executive, MDHHS. “If you have any health concerns, contact your healthcare provider or call Michigan Poison Control at 1-800-222-1222 with questions.”

The departments would like to acknowledge the diligence of employees at Whole Foods, the quick response of the FBI, law enforcement agencies, and local health officials, and those who provided tips via social media, which has led to a speedy resolution to this issue.

Food industry employees and consumers are reminded to be vigilant and to report any suspicious activities. Remember, “If you see something, say something.” Any suspicious activities should be immediately reported to local law enforcement.

Examples of things to watch for include employees or strangers who:

·         spray unknown substances in your store

·         enter or exit your operation through the wrong doors

·         hang around display cases, exposed food displays (e.g., produce or salad bars) or cold/hot food         displays

·         loiter in aisles

·         leave suspicious materials in your store

MDARD and MDHHS will continue to coordinate with all agencies involved, along with Washtenaw County Health Department and Michigan’s retail grocery industry.


Updates will be provided as new information becomes available.



Monday, April 18, 2016

2016, IRS Taxpayer Guide to Identity Theft

IRS - Taxpayer Guide to Identity Theft

For 2016, the IRS, the states and the tax industry joined together to enact new safeguards and take additional actions to combat tax-related identity theft. Many of these safeguards will be invisible to you, but invaluable to our fight against these criminal syndicates. If you prepare your own return with tax software, you will see new log-on standards. Some states also have taken additional steps. See your state revenue agency’s web site for additional details.

We also know identity theft is a frustrating process for victims. If you become a victim, we are committed to resolving your case as quickly as possible.

What is tax-related identity theft?

Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.

Steps to take if you become a victim

If you are a victim of identity theft, the Federal Trade Commission recommends these steps:

File a complaint with the FTC at identitytheft.gov.

Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:

Equifax, www.Equifax.com, 1-800-766-0008

Experian, www.Experian.com, 1-888-397-3742

TransUnion, www.TransUnion.com, 1-800-680-7289

Contact your financial institutions, and close any financial or credit accounts opened without your permission or tampered with by identity thieves.

If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:

Respond immediately to any IRS notice; call the number provided or, if instructed, go to IDVerify.irs.gov.

Complete IRS Form 14039, Identity Theft Affidavit, if your efiled return rejects because of a duplicate filing under your SSN or you are instructed to do so. Use a fillable form at IRS.gov, print, then attach the form to your return and mail according to instructions.

Continue to pay your taxes and file your tax return, even if you must do so by paper.

If you previously contacted the IRS and did not have a resolution, contact us for specialized assistance at 1-800-908-4490. We have teams available to assist.

Click the link below to access IRS Form 14039

Tuesday, March 22, 2016

FBI / NHTSA Consumer Alert: Motor Vehicles Increasinlgy Vulnerable to Remote Exploits

FBI / NHTSA Consumer Alert Public Service Announcement:
March 16, 2016

Motor Vehicles Increasingly Vulnerable to Remote Exploits
As previously reported by the media in and after July 2015, security researchers evaluating automotive cybersecurity were able to demonstrate remote exploits of motor vehicles. The analysis demonstrated the researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities. While the identified vulnerabilities have been addressed, it is important that consumers and manufacturers are aware of the possible threats and how an attacker may seek to remotely exploit vulnerabilities in the future. Third party aftermarket devices with Internet or cellular access plugged into diagnostics ports could also introduce wireless vulnerabilities.

Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.
Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality. While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk. Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.

How are computers used in modern motor vehicles?
Motor vehicles contain an increasing number of computers in the form of electronic control units (ECUs). These ECUs control numerous vehicle functions from steering, braking, and acceleration, to the lights and windshield wipers. A wide range of vehicle components also have wireless capability: from keyless entry, ignition control, and tire pressure monitoring, to diagnostic, navigation, and entertainment systems. While manufacturers attempt to limit the interaction between vehicle systems, wireless communications, and diagnostic ports, these new connections to the vehicle architecture provide portals through which adversaries may be able to remotely attack the vehicle controls and systems. Third-party devices connected to the vehicle, for example through the diagnostics port, could also introduce vulnerabilities by providing connectivity where it did not exist previously.

What are some of the ways an attacker can access vehicle networks and driver data?
Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.

Example: Recently Demonstrated Remote Exploits
Over the past year, researchers identified a number of vulnerabilities in the radio module of a MY2014 passenger vehicle and reported its detailed findings in a whitepaper published in August 2015.a The vehicle studied was unaltered and purchased directly from a dealer. In this study, which was conducted over a period of several months, researchers developed exploits targeting the active cellular wireless and optionally user-enabled Wi-Fi hotspot communication functions. Attacks on the vehicle that were conducted over Wi-Fi were limited to a distance of less than about 100 feet from the vehicle. However, an attacker making a cellular connection to the vehicle’s cellular carrier – from anywhere on the carrier’s nationwide network – could communicate with and perform exploits on the vehicle via an Internet Protocol (IP) address.
In the aforementioned case, the radio module contained multiple wireless communication and entertainment functions and was connected to two controller area network (CAN) buses in the vehicle. Following are some of the vehicle function manipulations that researchers were able to accomplish.
  • In a target vehicle, at low speeds (5-10 mph):
    • Engine shutdown
    • Disable brakes
    • Steering
  • In a target vehicle, at any speed:
    • Door locks
    • Turn signal
    • Tachometer
    • Radio, HVAC, GPS

What did the manufacturer in the recent case do to fix or mitigate the identified vulnerabilities?

In this case, NHTSA believed the vulnerability represented an unreasonable risk to safety based on a number of critical factors: once exploited, the vulnerability allowed access to and manipulation of critical vehicle control systems; the population of vehicles potentially at risk was huge; and the likelihood of exploitation was great given that the researchers were scheduled to publish the bulk of their work product. As a result, almost one and a half million vehicles were recalled (NHTSA Recall Campaign Number: 15V461000). Before the researchers’ report was released, the cellular carrier for the affected vehicles blocked access to one specific port (TCP 6667) for the private IP addresses used to communicate with vehicles. However, the recall was still necessary to mitigate other, short-range vulnerabilities.
The manufacturer and cell service provider have provided a remedy to mitigate the specific vulnerabilities. The manufacturer announced it would notify owners of vehicles affected by the recall and would mail them a USB drive containing the update and additional security features for the vehicle software. Alternatively, the manufacturer announced that owners could visit a Web site to check if their vehicle was included in the recall and to download the software update to a USB drive. Owners who did not wish to install the update via USB to their own vehicles were given the option to have their vehicle dealer install the update.

Cybersecurity Recalls and Consumer Action
How can consumers determine whether their vehicle has been recalled for a vehicle cybersecurity issue?

When a vehicle is included in a recall, the manufacturer sends a notification to vehicle owners informing them of the issue and how to obtain a free remedy to address the problem.
In general, it is important that consumers maintain awareness of the latest recalls and updates affecting their motor vehicles. This can be done by following the instructions on NHTSA’s safercar.gov Web site, media and news announcements of recalls, contacting your nearest vehicle dealership, or checking the vehicle manufacturer’s Web site for recall-related information. Vehicle owners should check the vehicle’s VIN for recalls at least twice per year using this Web link: http://vinrcl.safercar.gov
Consumers can also look for other related information for their vehicles at the following Web links:

How can consumers help minimize vehicle cybersecurity risks?

1. Ensure your vehicle software is up to date
If a manufacturer issues a notification that a software update is available, it is important that the consumer take appropriate steps to verify the authenticity of the notification and take action to ensure that the vehicle system is up to date.
As a note of caution, if manufacturers regularly make software updates for vehicles available online, it is possible that criminals may exploit this delivery method. A criminal could send socially engineered e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software (malware). The malware could be designed to install on the owner’s computer, or be contained in the vehicle software update file, so as to be introduced into the owner’s vehicle when the owner attempts to apply the update via USB. Additionally, an attacker could attempt to mail vehicle owners USB drives containing a malicious version of a vehicle’s software. To mitigate potential risks, vehicle owners should always:
  • Verify any recall notices received by following the steps for determining whether a vehicle has been recalled for a vehicle cyber security issue, as outlined above.
  • Check on the vehicle manufacturer’s Web site to identify whether any software updates have been issued by the manufacturer.
  • Avoid downloading software from third-party Web sites or file-sharing platforms.
  • Where necessary, always use a trusted USB or SD card storage device when downloading and installing software to a vehicle.
  • Check with the vehicle dealer or manufacturer about performing vehicle software updates.

If uncomfortable with downloading recall software or using recall software mailed to you, call your dealer and make an appointment to have the work done by a trusted source.

2. Be careful when making any modifications to vehicle software
Making unauthorized modifications to vehicle software may not only impact the normal operation of your vehicle, but it may introduce new vulnerabilities that could be exploited by an attacker. Such modifications may also impact the way in which authorized software updates can be installed on the vehicle.

3. Maintain awareness and exercise discretion when connecting third-party devices to your vehicle
All modern vehicles feature a standardized diagnostics port, OBD-II, which provides some level of connectivity to the in-vehicle communication networks. This port is typically accessed by vehicle maintenance technicians, using publicly available diagnostic tools, to assess the status of various vehicle systems, as well as to test emissions performance. More recently, there has been a significant increase in the availability of third-party devices that can be plugged directly into the diagnostic port. These devices, which may be designed independent of the vehicle manufacturer, include insurance dongles and other telematics and vehicle monitoring tools. The security of these devices is important as it can provide an attacker with a means of accessing vehicle systems and driver data remotely.
While in the past accessing automotive systems through this OBD-II port would typically require an attacker to be physically present in the vehicle, it may be possible for an attacker to indirectly connect to the vehicle by exploiting vulnerabilities in these aftermarket devices. Vehicle owners should check with the security and privacy policies of the third-party device manufacturers and service providers, and they should not connect any unknown or un-trusted devices to the OBD-II port.

4. Be aware of who has physical access to your vehicle
In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle.

What should you do if you suspect you are a victim of vehicle hacking?
In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle.

1. Check for outstanding vehicle recalls or vehicle software updates
It is important that you check to identify whether there are any outstanding recalls related to your vehicle. This can be done by following the steps outlined above. You may also check on the manufacturer’s Web site to determine whether there are any software updates that may need to be applied.
2. Contact the vehicle manufacturer or authorized dealer
An important step is being able to diagnose whether any anomalous vehicle behavior might be attributable to a vehicle hacking attempt. Contact your vehicle manufacturer or authorized dealer and provide them with a description of the problem so that they can work with you to resolve any potential cyber security concerns.
3. Contact the National Highway Traffic Safety Administration
In addition to contacting the manufacturer or authorized dealer, please report suspected hacking attempts and perceived anomalous vehicle behavior that could result in safety concerns to NHTSA by filing a Vehicle Safety Complaint.
4. Contact the FBI
In addition to the above steps, please reach out to your local FBI field office and the Internet Crime Complaint Center (IC3).
Agency and Industry Action
What is NHTSA doing on vehicle cyber security?
NHTSA is the regulatory agency that sets and enforces the federal motor vehicle safety standards for new vehicles. They are actively working on several initiatives to improve the cyber security posture of vehicles in the United States. More information about their vehicle cyber security activities can be found at:

What are automakers doing on vehicle cyber security?
In addition to the steps taken by individual automakers to address vehicle safety and security, the auto industry has established an Information Sharing and Analysis Center (ISAC) to provide a trusted mechanism for exchanging cyber security information. The Auto ISAC will act as a central hub for gathering intelligence to help the industry analyze, share, and track cyber threats. Automakers are also collaborating on best practices for enhancing the cyber resiliency of motor vehicle electronics and associated in-vehicle networks.

a Online research paper; Chris Valasek, Charlie Miller; IOActive Security Services Technical Whitepaper; “Remote Exploitation of an Unaltered Passenger Vehicle”; 10 August 2015; http://www.ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf; 17 September 2015. IOActive is a computer security services company. Authors have researched vehicle vulnerabilities for several years.

Thursday, February 18, 2016

MI AG - Feb. 17, 2016, "Schuette Offers Tips to Michigan Consumers on How to Avoid Tax Scams"

MI AG Press Release  - Feb. 17, 2016
"Scam artists use email, phone calls to catch residents off guard"
LANSING – Michigan Attorney General Bill Schuette today issued an updated consumer alert for tax season with tips on how to avoid the latest tax and IRS related scams. Tax season is typically a time the Attorney General’s Consumer Protection Team sees an uptick in complaints relating to tax-related scams.
“Tax season can be stressful enough without the added worry of falling victim to a scam artist,” said Schuette. “I encourage residents to file early and take a look at these tips to provide an extra layer of security during tax season.”
Schuette noted that the IRS will never contact you asking for personal information by phone or email. Schuette encourages any residents who believes they have received fraudulent calls or emails to contact the IRS directly.
Schuette’s Consumer Protection Team has reported the following as scams to watch out for:
Phone Scams to Watch For:
  • A high pressure call that threatens legal action which can only be avoided by immediate payment.
  • A caller identifies themselves as an IRS employee and tells the targeted victim that they are eligible for a sizable rebate for filing taxes early if they submit bank account information for direct deposit of the rebate or refund.
  • A person claiming to be an IRS employee indicates the IRS sent a check that has not been cashed and the IRS needs to verify the individual's bank account number.
IRS Email Scams to Watch For:
  • Using the official IRS logo.
  • Using whole sections of text from the IRS's website.
  • Using a fake "from" address that looks similar to the IRS.
  • Using forms with numbers similar to those the IRS already uses.
The IRS will never contact you via email so don’t be fooled.
What to Do if You Get an Email or Phone Call Claiming to Come From the IRS:
  • If you don’t owe taxes, hang up immediately or delete the email without opening it. Report any suspicious solicitation to the Treasury Inspector General for Tax Administration hotline at 800-366-4484.
  • If you do owe on your taxes, call the IRS at 800-829-1040 if you need federal tax assistance.
  • Do not click on any links embedded in a suspicious email.
  • You may forward emails to phishing@irs.gov, the address established by the IRS to receive, track, and shut down these scams. Detailed instructions for how to send the emails are available through the IRS. You may not receive an individual response to your email because of the volume of reports the IRS receives each day.
  • Report misuse of the IRS name, logo, forms, or other IRS property to the Treasury Inspector General hotline at 800-366-4484.
  • The only genuine IRS website is www.irs.gov. You should never get to this site using a link embedded into an email - instead enter the address in your browser. A website link embedded into an email can easily take you to a fake site.
View the full Attorney General Consumer Alert, “IRS Phone and Email Tax Scams”.
For general consumer protection questions or complaints, you may reach the Attorney General's Consumer Protection Division at:
P.O. Box 30213 Lansing, MI 48909
517-373-1140 Fax: 517-241-3771
Toll free: 877-765-8388
www.michigan.gov/ag (online complaint form)

Wednesday, January 20, 2016

Federal Trade Commission: This year’s Tax Identity Theft Awareness Week is January 25-29, 2016

It’s tax season, and you know what that means: identity thieves who want to steal your tax refund are at work. Find out how to stop them during Tax Identity Theft Awareness Week, January 25-29.
The FTC and its partners are hosting a series of events to help you understand tax identity theft, how to minimize your risk of becoming a victim, and what to do if thieves have stolen your tax refund.  Check these out:
  • January 26, 2 p.m. – an FTC webinar for consumers, co-hosted AARP’s Fraud Watch Network and Tax Aide Program. Learn how tax identity theft happens and what you can do if it happens to you.
  • January 27, 11 a.m. – the FTC and the Department of Veterans Affairs (VA) will host a Twitter chat with information about tax identity theft for veterans. Join the conversation at #VeteranIDTheft.
  • January 27, 2 p.m. – the FTC, TIGTA and the VA will host a webinar with information about tax identity theft for veterans.
  • January 29, 2 p.m. – the FTC and the Identity Theft Resource Center will co-host a Twitter chat about tax ID theft. Join the conversation at #IDTheftChat.
Help promote awareness about tax identity theft. We have free resources to share in your community. Want to know more about identity theft in general? Visit www.IdentityTheft.gov, the government’s one-stop resource to help identity theft victims recover.

FTC- 2016 Tax Week tips

A National Data Privacy Day Event, Jan. 28, '16, " Washtenaw County Elder Justice Coalition Town Hall Meeting " Financial Exploitation of Seniors"

Washtenaw Elder Justice Coalition Town Hall meeting: Financial Exploitation of Seniors

“A National Data Privacy Day Event”

January 28, 2016, 9-11:30 a.m., Pittsfield Twp. Administration Bldg., 6201 W. MI Ave, Morris Hall

Free and open to the public

Keynote Speaker, Mr. Ron Tatro, V.P. of Elder Law of Michigan, followed by a panel discussion moderated by Ritchie Coleman, Public Safety Community Coordinator, P.T.D.P.S, with Lisa Fisher, Adult Protective Services, Tish Lee, Legal Services of South Central Michigan, Mr. Brian Mackie, Washtenaw County Prosecuting Attorney, and Lou Morse, Bank of Ann Arbor

For more details click on the link to the Washtenaw County Blue Print for Ageing.

Washtenaw County Blue Print for Ageing