How to Search Twitter Faster

Twitter has about 500 million tweets every day. However, not all of them are available in the search feature within Twitter. Here are a couple advanced search tips to help you find what you’re looking for:

For exact phrases use quotes (“”) around your search term. This is especially useful when your search includes slang, abbreviations, names, or acronyms. For example, in the search box type “shoplifter hits.” This will help eliminate false positives and only return results with the exact phrase “shoplifter hits.”

For tweets from a specific person or organization, type in their handle preceded by the @ sign (for example, “@cnn”). This will only return results tweeted by “@cnn.” This can be helpful in investigations when you know the suspect’s twitter handle (user name).

Two Tips for Quicker Google Search

Site-specific search is one of my favorites. To find information on a specific site, simply add “site:url” after your search term. For example, by looking up “active shooter site:d-ddaily.net” Google would only return results for active shooter on d-ddaily.net.

My next favorite search shortcut is to search for a file. Let’s say you wanted to find PDF files about shoplifting. Typing in “shoplifter filetype:pdf” will return PDFs (not regular web pages) with “shoplifting” in the title. You can also try “shoplifting filetype:docx” to do the same for Word documents.

This works for publicly available documents only and can be very useful in doing research.

A Brief History of RFID

The first use of RFID technology was in WWII for help identifying aircraft. Further development occurred in the 60’s and 70’s, extending the use of the technology into civilian space. The first patent for RFID was in 1973 for door card readers. By the 80’s RFID was used for tracking nuclear material, cattle, toll payments and many other applications.

Faster data transfer was achieved for transmission over longer distances in the early 90’s. This is the UHF RFID period. In the late 90’s UHF RFID tags started interacting with the Internet. Between 1999 and 2003 the EPC (Electronic Product Code) introduced.

Finally, after more than 50 years, a standardization occurred and now a wider adoption of the technology is happening.

Three Types of Social Engineering That Keep Coming after Retailers

(This article originally appeared in Loss Prevention Magazine)

When you think of hacking, breaches, or cyber security, what do you think of? Probably software or technology. We often forget the human side. But humans continue to play a big role. In fact, more than half of breaches and cyber-security events start with a human error or social engineering. Many are a combination of both.

So what exactly is social engineering? It is the manipulation of people into performing actions or divulging confidential information. It is a confidence (con, for short) trick for information gathering, fraud, or system access. And while it is like a con, it differs from a traditional con in that it is often one of many steps in a more complex fraud scheme. Wikipedia says, “While the term social engineering is not directly related to computers, information security, or traditional security professionals, most recently it has become a major part of our industry.” In this article I will review some of the most common types of social engineering and how they occur in retail.

Baiting

Baiting occurs when the social engineer leaves a malware-infected device, such as a USB flash drive or CD, in a common area where it is most likely to be found. Several devices can be left at one time to increase the likelihood of success. Bathrooms, hallways, and mail drops are easy targets for baiting. Humans are curious creatures, especially loss prevention professionals. The intent of the social engineer is that someone will pick up the infected device and plug it into their computer to see what’s on it. That’s when the malware installs itself. A lot of times the USB drive or disk will be labeled “important” or “private.” Once the malware is installed, the social engineer may have access to the computer or whole networks.

One example of baiting in a retail environment is when a social engineer applies for a job, schedules an interview, and meets with HR. After the meeting, he leaves a USB drive on the HR person’s desk. Because of his long commute, he uses the restroom and leaves a second USB drive on the bathroom sink. Then, for good measure, he places one more on a random desk while exiting. What would you do if you found a USB on your desk that was marked “private?” The answer to that question could make the difference between your company finding itself on the front page of the newspaper for all the wrong reasons in a few months or not.

Phishing

Phishing occurs when a social engineer creates fraudulent communications with a target, appearing legitimate and often claiming to be from a trusted or known source. Phishing is one of the more well-known tricks of social engineers and still one of the most successful.

The most common phishing attempts are unexpected urgent emails, usually involving banking, shipment, bill payment, or online accounts. Another common attempt is an email that appears to come from a person of importance, like your boss, your CEO, or a law enforcement official. The intent of phishing is to gain access to accounts, install malicious software, or steal money.

Here is one example of phishing in a retail environment. You receive an email from Jack, your good buddy in IT, and the email says, “Hey bud, can you reset your password? Just click the link below.” You have known Jack for years and often work on projects together. You click the link and reset your password. But the email wasn’t from Jack; it was someone trying to steal your login credentials, and that person has now accessed your HR profile in order to redirect your paycheck to his account. Don’t click on any links. Call the person. Or go directly to the source and reset the password.

Vishing

I have personally seen a lot of vishing in my past retail loss prevention assignments. Vishing is when the social engineer (a criminal, let’s be clear) calls an employee within a company posing as a trusted individual or a representative of a bank, credit card company, IT, or loss prevention. Then the social engineer tries to get information from the person in the business. In more complex examples the social engineer will call several people using the information obtained from each to further the scam. The main purpose of vishing is to get information or to cause someone to act.

Let’s review two real-life examples I have seen in the past. A call comes to a cashier at a register. The caller (a visher) acts as if he works for IT. He asks the cashier if the register is working correctly and claims to see an outage. He then asks the cashier to ring a test transaction to a gift card for $250. Once the test is complete, he asks for the gift card information from the cashier. Once he hangs up, he immediately places a fraudulent online order using that gift card number.

Another example of vishing is when a caller contacts someone in the shoe department and asks for the department manager’s name (say, Mike), the previous department manager (say, Bob), and the store manager’s name (say, Jack) because he wants to write a thank-you note to them. The visher then calls the CEO’s office and says, “I bought two pairs of shoes, and both were damaged. I have spoken to Bob, Mike, and Jack, and no one can help me. All I want is my money back. I left the shoes with Bob several months ago. I paid for them in cash and want a check mailed to me, or have it returned to my debit card today. I am a lawyer/doctor/federal agent/judge.” I have personally heard all of the above. He continues, “If you don’t refund me today, I want to meet with the CEO. I can’t believe I am getting the run-around for $290!” This scam happened to every retailer I have ever worked for. Imagine what happens when the visher calls ten retailers a day, and two give a refund!

These are only three types of social engineering. There are more, but these are the most relevant to retail. You will notice in all of the above scams the risk of being caught is low, and the potential reward is high. The most important ways to prevent falling prey to social engineering are training, awareness, and policy. The more you talk and train, the less likely you are to become a victim.


Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit losspreventionmedia.com