Data Destruction St Louis | Secure Document Destruction of St. Louis

by

Fighting off Keyless Car Hackers

Photo of a keyless car hacker

Does your car have a keyless entry system? If so, it may be an easy target for sophisticated car thieves who have figured out how to hack the technology designed to make your life easier.

Car makers, the insurance industry, and law enforcement are playing catch-up on fob-related car theft techniques that have become a growing problem with modern cars.

Here’s what you need to know to protect yourself from these criminals.

How Is Fob Hacking Possible?

A key fob is designed to be small, so it can be carried around inconspicuously, just like a key chain. The term fob and small key chains have been used interchangeably for many years.

Keyless cars use a fob to communicate low-power radio signals to car doors, ignition and start/stop buttons. They’re only effective when the fob is within three feet of these components. However, hackers have developed special equipment to amplify the communication signals between vehicles and smart fobs, greatly extending the system’s effective range. Signals can also be cloned using an RFID transmitter or by hacking into a smartphone app which is also used to start cars.

These are known as relay hacks and can trick the car into thinking the fob is next to the car door or ignition system when it is really somewhere else. Thieves use the relay hack to unlock and start the vehicle.

Some relay thieves use wireless transmitters held up to the front door or window of a house or the pocket of a car owner to capture the signal from a genuine digital key and relay it to a target vehicle. Another person standing close to the vehicle captures the signal, fooling the car into thinking the key is within range, allowing it to be unlocked. Once inside the vehicle, the process can be repeated to start the engine.

Typically, these attacks happen in residential areas where many people have their keys hanging by the door or in the kitchen, such as in a condo or apartment community where keys tend to be closer to where a car is parked.

Other thieves use signal jamming by transmitting on the same radio frequency as the fob. This blocks the signal that locks the door, allowing thieves to open the door when the owner walks away.

These methods are commonplace because they don’t require any special or expensive equipment. It’s also easy to find online videos on how to hack a key fob, which makes a crook’s job even easier.

Not all cars can be hacked by the methods above. For example, only vehicles manufactured during 2009-2017 can be hacked by key cloning, and the most vulnerable makes are Toyota, Hyundai, Kia, and Tesla. Also, encryption flaws are usually common among older cars sold outside the USA.

How Can I Prevent My Key Fob From Being Hacked?

You have several options to reduce or eliminate key fob hacks.

Block the fob signal. A Faraday bag is one of the most effective ways to do this. It’s made of flexible metallic fabric to stop any signal from getting out or in the bag. They’re already in common use and come in different sizes and price ranges so finding one that best suits your needs should be a relatively simple task. If you don’t want to use a Faraday bag, you can store your fob in a safe or another metal object.

Reprogram the fob from time to time. A locksmith can do this for you in just a few minutes, but it’s probably more of a hassle and will cost more money and time than using a Faraday bag.

Physically place your fob away from doors or windows in your home or office, effectively reducing or blocking a hacker’s signal-stealing technology.

Look for a fob flash. When you lock your car with a fob by touching the door handle or clicking the button on a remote, make sure the indicators flash and listen for the clunk of locks.

Keep up with software updates. As cars, phones, and other technology are more connected than ever, it’s crucial to keep thieves at bay by installing the latest software on your vehicle and phone.

Keep your key fob in a shielded wallet when you’re out and about. Some people think wrapping a fob in aluminum foil will provide enough protection, but that may not be true. Again, a Faraday bag is still your best bet when in public.

Attach a lock to your steering wheel. It’s old school, but metal bars that lock steering wheels are an effective and visible deterrent for thieves trying to steal your vehicle. You may go a little more extreme and get a lock for one of your car wheels. Just remember to remove it before you attempt to drive off!

Install a tracker. Unusual activity is monitored, and you are alerted if it appears a car is not where it should be. You can also trace the vehicle via GPS if it is stolen.

Switch off the fob when not in use or use a motion sensor fob. Some fobs can be turned off, which is what you should do when it’s not in use. Other fobs have motion sensors, meaning the fob stops transmitting a signal if it’s left idle for a certain amount of time. This negates the use of relays to steal your fob signal.

Install CCTV or a smart doorbell. This may not prevent your car from being stolen, but if thieves see active cameras on your property, that may be enough of a deterrent for them to move on. These devices also make it easier to find your car if it does get stolen. Good exterior lighting and an active Neighborhood Watch are also added deterrents that are easy to implement.

by

Take a chunk out of property fraud with St. Louis County’s free Property Fraud Alert program.

Saint Louis Property Fraud Protection program graphic

Residents of St. Louis County now have a way to get alerts via email or phone when documents with their name are recorded with St. Louis County. The service is free.

The service is called Property Fraud Alert (PFA) and it is designed specifically to address the rapidly growing crimes of property and mortgage fraud.

It provides a valuable service in a time when identity thieves are relentlessly looking for ways to defraud individuals. We have seen the impact of thieves filing false tax returns. Well, those same thieves could file paperwork to transfer ownership of your home to them.

It sounds crazy, but it’s not. It’s a real threat.

The sign-up process is very simple. Go here on the St. Louis County website and you’ll be done in less than a minute.

by

What to do When a Hacker Comes After Your Accounts

What to do When a Hacker Comes After Your Accounts

Hacking and identity theft are as prevalent as ever. At some point, don’t be surprised if one or more bad guys come looking for your sensitive information to criminally exploit.

New scams pop up constantly. You know this if you’ve ever gotten one of those “potential data breaches” emails or letters which I suspect most people have by now. Nobody is 100% safe in a digital environment, but there are several things you can do to make it harder for hackers in advance of an attempted breach and actions you can take after an attempted hack.

What to do Before an Attempted Hack Occurs

If you haven’t done so already, the easiest and smartest thing to do is turn on two-factor authentication for your financial accounts. Hackers may try to get around this by going after password manager systems instead.

That means that you could be contacted by text or email that you’ve been targeted by a hacker trying to steal your information. However, don’t automatically assume security protocols have kicked in due to an attempted breach. Some people are contacted repeatedly by hackers who appear to be administrators. Before you give up sensitive password change information, it’s best to reach out to the institution supposedly requesting the change to verify they have actually done so.

After you verify, start the process of changing your potentially impacted passwords. While it’s unsettling that a hacker obtained at least one of your passwords, be thankful that virtually every financial institution now has red flags and warning systems to alert you to suspicious activity.

You should also know that there are multiple types of two-factor authentication. Biometric data is one of the more secure ways to protect your accounts. Two-factor authentication via text is secure, but it is susceptible to hacking. Criminal activity is why the industry is slowly moving away from passwords. Hackers long ago learned how to defeat almost any password system.

If you have the option, switching your two-factor authentication from SMS (text message) to an authenticator app is not a bad idea.

If you suspect a hack is taking place, another way to lock out criminals is to freeze your credit. Freezing your credit at the three major credit bureaus makes it difficult for anyone to open accounts in your name with your Social Security number. You can easily unfreeze your credit if you want to open a new account or other similar reasons.

You’ll need to go through Experian, Equifax, and TransUnion separately to freeze your records.

What to do After a Hack

Here’s the #1 rule you must follow after being hacked.

Act fast!

Do not let data breaches or hacks of any kind go into your “I’ll get to it eventually” stack of things to do. Treat the breach urgently to minimize damage to your accounts and online identity. Don’t be surprised if you start getting notifications after a breach from your banks, credit card providers, Google, online merchant accounts, and other places where your identity lives.

Not every hack is large or steals information from millions of accounts. Some hacks also take a while to uncover, meaning that your data may be compromised over a long period. Many hacks are small such as your credit card information being compromised by a crooked online merchant, a credit card skimmer at a local gas station, or just about anyone you hand your card to while shopping and dining.

You may not notice anything unusual until you get your next statement. Always read those bills and figure out what every line means, even the smallest of the charges that appear. Card thieves sometimes put through a few small purchases just to make sure the card is “live” before making a big purchase.

An identity thief can also use your personal information to open credit accounts without your knowledge. This could lead to months of charges until somebody spots the problem and notifies you. One way to limit the duration is to use AnnualCreditReport.com to request a free report from Equifax, Experian, and TransUnion once per year, spreading the requests out at four-month intervals.

Keep in mind that credit monitoring agencies are not immune from hackers either. A recent breach of Equifax went on for months and exposed sensitive data of millions of accounts. Equifax ended up paying $650 million in damages after the discovery.

Another way to monitor your credit is to use Credit Karma. This free service automatically pulls your credit from TransUnion and Equifax weekly to keep an eye on your credit. These are “soft” inquiries, not the “hard” inquiries that companies make when you apply for more credit. Soft inquiries have no impact on your credit score. Hard inquiries can degrade your score if there are too many in a short period.

There are several other credit monitoring services you should consider: 

  • Avast BreachGuard and IDX Privacy  regularly monitor the Dark Web to ensure your personal data hasn’t come up for sale. 
  • Norton 360 Deluxe includes a similar scan, powered partly by the company’s LifeLock identity theft technology.
  • Some monitoring services such as Keeper and LastPass also include password manager tools which make it easier to change potentially hacked passwords to a strong, unique password you don’t use for any other site.

Hacked credit cards used by someone else are easier to recover from because you’re not responsible for the fraudulent charges, and once the bank has issued a new card, the problem is solved.

Regaining control of a hacked email account is tougher. You must contact the email provider and prove that you’re the true account holder. This is problematic if the hacker changes your password and you can’t use your regular email to contact the provider. To minimize this, have more than one email address and make each the alternate contact address for the other.

Also, if you used the password from your hacked email account at any other sites, those accounts are compromised too. A hacker who gets hold of your login credentials for one site may try the same username and password pair on many other popular sites.

Resetting your passwords can be a challenge too. When you forget a website password, the first thing you do is hit that “Forgot Password?” link to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts. After a simple password reset, the hacker owns those accounts, exponentially compounding your problems.

When you recover from an email hack, visit every site associated with that email address and change your password.

When you’re out and about, shop at merchants accepting chipped credit cards, which secure in-person transactions. However, they can’t help with online transactions where the chip does not come into play.

Mobile-based payment systems like Apple Pay and Google Pay are more secure than physical credit cards. Each transaction uses a unique number, so hackers gain nothing by stealing existing transaction data. You can use the mobile payment system for online purchases as well. Be sure to protect your mobile device with a fingerprint or a strong passcode, and always keep it with you.

After you’ve done all you can to shut down the breach, you’ll still need to monitor your accounts closely for at least a couple of weeks and maybe longer to make sure all your breach bases are covered.

Another smart action you can take is to visit IdentityTheft.gov to report the theft and get help developing a recovery plan. The information you provide can help authorities monitor the latest trends and develop proactive deterrents to minimize impacts on other potential victims.

by

Guarding Against Phone Scams

Guarding Against Phone Scams

Scammers are more sophisticated than ever, and they’re doing it by returning to one of the most basic forms of communication we have…our phones.

It seems almost impossible to avoid every oddball or unknown phone number that calls you. While some are harmless, others are more intentional about trying to separate you from your money, identity, and your sanity.

Types of Scams

There are several common types of calls that demonstrate red flags you should look out for.

The one-ring scam happens when scammers use robocall technology to place internet calls that ring only once on cell phones. If you pick up, the robocall drops the line. However, if you miss or ignore the call and later call back the number, you could be on the hook for international calling fees with area codes outside the U.S. Those fees can be as much as a whopping $15-$30 per minute!

The Federal Trade Commission (FTC) says you should never call back numbers in these area codes:

  • 268: Antigua and Barbuda
  • 284: British Virgin Islands
  • 473: Grenada, Carriacou and Petite Martinique
  • 664: Montserrat
  • 649: Turks and Caicos Islands
  • 767: Commonwealth of Dominica
  • 809, 829, 849: Dominican Republic
  • 876: Jamaica

When an unfamiliar number comes in, you’re better off waiting for a voicemail to determine if the call is legitimate before calling back. You can also Google the phone number on the chance that others have already posted about the number and whether it’s legitimate or not.

How prevalent are robocalls? It’s estimated more than 36 billion robocalls have been placed in 2022 according to the YouMail Robocall Index

With a prize-winner scam a caller will tell you that you’ve won a prize or a lottery. But then they’ll ask you for a fee to confirm the prize and shipping costs or for another reason related to unlocking your winnings.

Scammers also prey upon you with threats that you’ll get arrested or face fines if you don’t comply with law enforcement actions or those related to a federal agency. You may immediately be coerced into paying IRS penalties, taxes, or other debt.

Scammers may also call you with a limited time offer and force you to commit to something that sounds too good to be true. Here’s a hint. If it sounds too good to be true and the caller on the other end of the line wants a decision or money from you now, it is too good to be true. Hang up immediately.

Debt relief and credit repair scams are also common. Callers will offer you lower credit card rates, promise to fix your credit, or agree to help you get debt forgiven for an upfront fee.

Another quasi-government scam is someone calling purporting to be from a government agency and asking you to confirm sensitive information such as your Social Security number, bank accounts, or other similar private information. Government agencies never do this! Do not divulge anything if you get a call like this.

Charity scams always pop up, especially immediately following a large-scale natural disaster. Never feel pressured to give until you’re ready to help. Always check out a charity before you give or give only to well-known charities such as the Red Cross.

Someone you’re unfamiliar with may call you with a legitimate sounding deal but will ask you to pay with cash, a gift card, wiring money, or some other form of payment that gives you no recourse to get your money back if they take off with it. Only pay with negotiable instruments that protect you in case you’re victimized.

A recent scam making the rounds is a robocall that starts with the simple four-word phrase “Can you hear me?” in hopes of recording your response and using it to commit fraud.

The phrase is designed to trick the victim into responding “yes,” while the person or computer on the other end records the response. The scammer can use the recording to access important online accounts, make purchases and commit fraud like identity theft. All they must do is play the recording of your voice saying “yes” when asked to authorize a log-in or agree to a major purchase.

What You Can Do to Lessen Scam Calls

The first and most obvious thing you can do is never answer calls from numbers you don’t know. Let calls roll to voicemail.

All the major wireless carriers offer robocall blocking. There are also several free and paid third-party apps that you can also use to block scam phone numbers. A little online research should produce another added layer of protection.

If you’re on the National Do Not Call Registry, you shouldn’t get live sales calls from companies you haven’t done business with before. Those calls are illegal. If someone is already breaking the law calling you, there’s a good chance it’s a scam.

Also, don’t trust your caller ID. Scammers can spoof you and make any name or number show up on your caller ID. Even when a number looks like it’s a government agency or the call is from a local number, it could be a scammer calling from anywhere in the world.

What if You’ve Already Been Scammed

Scammers know which methods of payments make it challenging for you to get your money back. Sometimes that money is gone forever, but there are ways to protect yourself.

If you paid a scammer with a credit or debit card, you may be able to stop the transaction. Contact your credit card company or bank right away. Tell them what happened and ask for a “chargeback” to reverse the charges. The same action applies if you paid a scammer with a gift card, prepaid card, or cash reload card. Call and ask for a refund as quickly as possible, and you may be able to recover your money.

Contact the app company if you paid a scammer using a money transfer app like PayPal or Venmo. However, contact your credit card company or bank first if the app is linked to a credit card or debit card.

In instances where you gave your username, password, or other sensitive information to a scammer, change your information right away. If you use the same password for other accounts or sites, change it there, too.

If you gave a scammer your Social Security number (SSN), visit IdentityTheft.gov to learn how to monitor your credit report to see if your SSN is being misused.

You should report scams as well.

When you’ve lost money to a phone scam or have information about the company or scammer who called you, report it at ReportFraud.ftc.gov. If you didn’t lose money but want to report a call, you can use the reporting form at DoNotCall.gov.

by

LAUSD Data Hack Highlights Growing School Cyber Vulnerabilities

School Data Hack Case Study

On a Saturday morning on the first weekend of September 2022, just days before school was scheduled to start for more than 400,000 students in the Los Angeles Unified School District, the district fell victim to a massive cyberattack. Hackers threatened to release the private data of students and families throughout the second largest school district in the nation. The FBI, the Department of Homeland Security, and local investigators were called in immediately to assess the real and threatened damage.

Until investigators could determine the extent of the breach, they completely shut down the district’s digital footprint. At the time, the district did not know whether student information — assessments, grades, class schedules, disciplinary records, reports about disabilities — was accessed by hackers through the district’s online student management system.

In a news conference shortly after the attack was revealed, LAUSD Supt. Alberto Carvalho, Los Angeles Mayor Eric Garcetti, and Los Angeles Police Chief Michel Moore said the hackers have encryption skills to cover their tracks and “shut us out of what they have or what they saw.”

If the district had lost the ability to manage its fleet of buses, “over 40,000 of our students would not have been able to get to school,” Carvalho said. If food services or payroll systems had been taken down, the impact “would have been significant, very disruptive and debilitating to our school system.”

Investigators discovered hackers had launched a ransomware tool that temporarily disabled systems, froze others, and had access to some degree of data. There were indications that the hack could have originated in a foreign country, and although no ransom demand was made initially, it eventually made its way to school officials.

The attempted theft of data was one element of the attack on LAUSD. The other involved attempting to disable district computer systems, making them inaccessible. Although both elements of the attack were only partly successful, full recovery has been difficult.

During the initial rebooting, technicians found so-called tripwires left behind that could have resulted in more structural damage or the further theft of data.

The LAUSD attack has been linked to a criminal syndicate called Vice Society, although authorities have declined to confirm it. However, Carvalho has acknowledged that the attack came from a group that is familiar to law enforcement and known for attacking school systems.

To lessen the hack impact, district officials took the unprecedented move of shutting down all district systems. But recovering from the shutdown created other problems. Assignments and lesson plans were inaccessible, and no student or employee had access to the system until they were able to reset their password. This process began on the following Tuesday with school already in session.

LAUSD was an attractive target for hackers because of how many people could be affected when district systems become unavailable. According to cybersecurity experts, this makes the impacted organization potentially more willing to pay a ransom to recover its system and encourages criminals to seek larger payments.

The hackers can demand ransoms both to restore systems and to keep private data from being posted publicly, which is exactly what happened with a similar breach to the Clark County School District in Nevada.

These are not isolated incidents. In 2021, cybersecurity firm Emsisoft, which tracks cyberattacks in education and other sectors, reported 88 educational organizations were affected by ransomware: 62 school districts and 26 colleges and universities.

While the LAUSD hack is massive, it is not the biggest to ever take place. In May, the Chicago public school system announced that a massive data breach exposed four years’ worth of records of nearly 500,000 students and just under 60,000 employees.

A recent cyberattack targeted a company, Illuminate Education, whose clients include LAUSD and whose services reach more than 17 million students in 5,200 schools and school districts.

To combat this disturbing trend, over the past several years, the Cybersecurity and Infrastructure Security Agency (CISA) and its partners have responded to a significant number of ransomware incidents. Unfortunately, malicious parties have adjusted their ransomware tactics to be more destructive and impactful, becoming bolder as they exfiltrate data and then threaten to sell or leak it if the ransom is not paid.

LAUSD officials took several measures to respond to the attack, starting with creating an independent Information Technology Task Force. It was charged with developing recommendations within 90 days which are now focused on:

  • Deploying technical staff across the vast school system to assist with issues that arise in the coming days.
  • Reorganizing departments and systems “to build coherence and bolster data safeguards.”
  • Appointing an expert technology advisory council and naming a technology advisor who will focus on security procedures and practices and an overall data center operations review.
  • Adding budget dollars as needed and improving employee training.
  • Analyzing systems with help from federal and state law enforcement.

Mayor Garcetti emphasized the need for all government agencies to be proactive and vigilant, announcing that the city must fend off 1 billion cyberattacks every month: “That’s with a B,” he said.

Protecting Schools Before an Attack

Although LAUSD minimized damage after the fact, there are several things school districts can do before they fall victim to a cyber hack and ransom demands. Strategies for protecting data and devices from an attack should be technical and procedural.

With in-house IT professionals or the help of a cybersecurity expert who specializes in the education sector, an effective plan should include the following:

  • Store data securely to ensure that the whole school community’s data are kept private and to comply with the Family Educational Rights and Privacy Act (FERPA).
  • Regularly back up data in case of accidental or deliberate corruption or destruction of data.
  • Create firewalls and an approved list of individuals with access to the school’s or school district’s networks and systems. The list should be regularly reviewed to ensure that only those individuals who have permission to access the systems can do so.
  • Monitor networks continually to assess the risk from cyber threats. Schools and school districts can get support from the U.S. Department of Homeland Security or data security firms.
  • Ensure the devices and software your school uses always have the latest updates.
  • Install antivirus software on all your devices.
  • Use a secure connection to access your school’s network or systems remotely.
  • Make sure paper records for disposal containing sensitive information are disposed of or destroyed securely.
  • Check that your school website is not disclosing any personally identifiable information that scammers could use.
  • Payroll, accounts, and leadership staff should also review what personal information they are disclosing publicly on social media and adjust their privacy settings if required.
  • Educate students, parents, front-line staff, teachers, and administrators about the need to maintain strict procedures and protections to avoid data hacks.
  • Develop, review, and test an incident response plan with your IT professionals. The plan should cover what procedures you will follow in the event of a cyber-attack.

UPDATE: As of early October, LAUSD officials had received a ransom request but refused to pay or negotiate with the hacking group. An initial deadline for payment passed, and the group released some data, but it was not as large or sensitive of a release as officials had initially feared. Like many cyberattacks, this situation is still active and ongoing and may continue for many more months.

Testimonials

"Thanks, John. Your company is first rate and I have already recommended it to several friends and relatives. Keep up the good work!"
Mike W.
"Thank you John. The service provided by SDD was outstanding. You provided everything that was promised and at the designated time arranged and I might add that your man that handled the job couldn't have been nicer or accommodating.. It is rare to find businesses that follow through with their promises. We appreciated doing business with you and would recommend SDD to anyone needing this service. Thank You!"
Joe B.
Distribution Sales, Leviton Manufacturing
"John did a great job! Friendly, answered all my questions, very helpful. Thanks for providing good service!"
Lana E.
Alton, IL
"We had a problem when our previous shredding company raised their prices sky-high. When we called SDD; John gave me a quote over the phone and came out the next day. They performed the same size job in about half the time, … at a lower price! We would recommend them highly to anyone who needs shredding."
Chris K.
Missouri Insurance Exchange
"It gives our company "peace of mind" to depend on the professional & personable, fast & efficient shredding services of Secure Document Destruction of St. Louis. I would highly recommend SDD STL. The service and price is exceptional!"
Laura K.
La De Da Entertainment
"Secure Document Destruction is AWESOME!! John always takes great care of us, the service is fast and reliable; John, our service/driver is great too. Looking back, I wish I would have switched to SDD sooner! 5 out of 5 stars!"
Tracy T.
Central Bank of St Louis
"Thank you! Everything went very well. Great customer service from beginning to end!! I am sure we will be in touch for future clean up projects."
Amy F.
Oasis Institute
"THANKS!!!! My house feels better with ALL that paper gone! The service was excellent!!! Thanks again!"
Kathy Ames
Desoto, MO
"SSD provided the shredding services for my business when I closed in 2013 and again in 2024 when I called on them to shred the last of the documents that had been held in storage. They were friendly, honest and very helpful throughout the difficult process which was made easy with their professionalism over the years I dealt with them and I highly recommend them."
Bob L.
Rock Hill, MO
"You and John are wonderful people and I thank you so much for working with me. God Bless you both."
Laura E
"Your service/driver guy, JP just came and did our pickup. He is such a nice, friendly person and so are you. It is great doing business with you guys."
Berry Silberberg Stokes PC

Contact Us

Secure Document Destruction of St. Louis
2517 Adie Rd.
Maryland Heights, MO 63043
(Appointments only at this location. Please call 314-795-0004)

314-795-0004
Fax: 618-281-7153
In Illinois: 618-281-3245

Email Us

About Us

Services

Onsite Shredding Service
Business Shredding Service
Residential Shredding Services
Hard Drive Destruction
Data Destruction
Routine Service
One-time or Purge Service
Document Shredding Services
Mobile Shredding Services
Document Destruction Services
Residential Shredding Services
Medical Records Shredding

Categories

STLCHAMBERLOGONAID AAA LogoOFallon-Chamber-Logo

Review Us