BillGuard: Grey Charges Equal Legal Fraud

Grey charge: When you buy something with your credit card and you get charged for something you didn’t want. Often a merchant will tack on additional products and services to a legitimate purchase you make, and you “sorta” know about the charge…but not really.

For example, you might be in the process of purchasing something and a pop-up windowreading “Get 25 percent off your order NOW! CLICK HERE!” comes up. And in the fine print below “CLICK HERE!” it says, “By getting 25 percent off, you are agreeing to get a free month of a one-year membership to our discount clubfor which you will be charged$19.95 per month after the first month. You may cancel at any time, but you are required to give us 30 days’ notice in writing.”

Or something stupid like that.

Then, a couple of months go by and you get your credit card statement and see this charge for $19.95 and wonder what it’s for. You call the number on the statement and someone answers and puts you on hold for an hour. By the time you are done yelling and pulling all your hair out of your head, you will probably end up gettingcharged for two or three months for something you never wanted.

And that’s IF you even pay attention you your credit card statements, because nine out of 10 people don’t check their bills, or merely skim them quickly for large purchases. This is what the scammy merchant bets on when initiating a grey charge.

Is it legal? Well, it’s not illegal…but it IS sneaky and deceptive.

According to BillGuard’s internal research, one in four users has incurred some type of erroneous or deceptive charge in the last 12 months. And among those users who have been affected, the average of these charges is about $350 a year.

So pay attention to your statements and refute unauthorized or grey charges ASAP. And don’t forget: Read the fine print—and remember that any offer that sounds too good to be true is.

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

What Kind of Wireless is Secure…and What Isn’t?

Wi-Fi was born to be convenient—but not secure. More than anything, though, it depends more on what kind of wireless we’re talking about.

Public. Free, unsecured Wi-Fi is the least secure. Shared Wi-Fi in public, at home or in the office lacks encryption of the data packets streaming from the connected devices. In other words, your data is unlocked and free for the picking. Is the threat of data or identity thieves widespread? You bet. Your local coffee shop or airport could easily (and probably does) have a hacker sniffing out data for fun or profit.

WEP. Home or office Wi-Fi with Wired Equivalent Privacy (WEP) encryption offers minimal security. This encryption is 15 years old and has since been compromised to the point where it’s basically useless. As a result, newer routers aren’t even equipping routers with this antiquated security.

WPA. Home or office Wi-Fi with Wi-Fi Protected Access (WPA) encryption is better than its predecessor, WEP. WPA is a certification program that was created in response to several serious weaknesses researchers found in WEP. WPA and WPA2 are tougher to crack, but not impossible.

Mobile 3/4G. Mobile broadband has a degree of encryption that has been cracked, but the necessary hardware isn’t widely deployed by criminals. Researchers have demonstrated how the system can be hacked, but it’s still more secure than other options.

Cover all your bases by installing Hotspot Shield. A free, ad-supported program, Hotspot Shield VPN protects your entire web surfing session by securing your connection, no matter what kind of wireless you are using—whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. It also offers an iPhone and Android version.

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

3 Wi-Fi Myths That Put Your Data at Risk

The holidays are over, the Consumer Electronics Show has passed, and now you have all these new shiny wireless gadgets you’re just itching to play with. Now, before you go and connect to the internet, please understand that it’s all fun and games until someone gets hacked. And many times, this means when you are using wireless.

But it’s often the security lies that can get us in the most trouble, and today I’m exposing them.

Hiding your SSID is bunk. Your router’s Service Set Identifier (SSID) is its broadcasted signal, and by default it might be called “Linksys,” “Belkin,” “Netgear” and so on. Or some people customize the SSID and name it “My Neighbor Should Clean His Yard.” Lots of security articles will tell you that one way to secure your wireless is to hide it or turn off its broadcasting. But really, this doesn’t help. There are a plethora of tools that can detect your hidden wireless network, so this presents a false sense of security. Broadcast your signal, but encrypt it.

The idea that Wired Equivalent Privacy (WEP) is “good enough” is bunk. WEP is bad enough in that if you use it to encrypt your wireless network, you might have your neighbor (the one who should clean his yard) hacking into your network and placing spyware on your devices so he can frame you for crimes you didn’t commit so you can go to jail and find that his lawn hygiene is the least of your problems. WEP is a dinosaur that was extinct a long time ago. Use WPA2 encryption and live happily ever after.

Turning off file sharing when using public Wi-Fi is partly bunk. Yes, you should turn off shared files on your devices when you leave your home network and access a public network, but that’s not going to protect all of your files. If you are on a shared public network without any encryption—which is what makes it public—then the data you share over Wi-Fi is vulnerable. When using public Wi-Fi, download a free program called Hotspot Shield to encrypt all wireless communications on your Windows, Mac, iOS and Android.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

5 Ways To Protect Your Data On Public Wi-Fi

Wireless connections can cost hundreds of dollars annually, so it makes fiscal sense that many people seek out free connections when they are out and about. But free doesn’t necessarily mean secure.

By now you’ve heard all the warnings that publicly connected Wi-Fi, such as that found in coffee shops, airports and hotels, are vulnerable to sniffers. Sniffers read the wireless data as it is transmitted through the air and convert it into words, numbers and computer code so other devices and administrators (including those with poor intentions) can read it.

Public Wi-Fi usually means that access is free and not password protected—which often means the Wi-Fi is unsecured, unprotected, unencrypted and just plain open.

Here’s how you can protect your data when out on a public network.

#1. Turn on automatic Windows Updates. In older versions of the Windows XP operating system, updates were all manual. With Windows XP SP2, updates are automatic by default. Windows Vista, 7 and 8 all have auto updates on by default. Keep it that way—there’s a reason for that. The reason is that attackers use certain software programs to search out vulnerabilities from outdated, unpatched systems.

#2. Turn off file sharing. On an encrypted home network, it’s reasonable to share files and folders with everyone in your family or with all the devices you access from different locations of your home and office. However, when you are out and about and accessing unsecured Wi-Fi, your data will be vulnerable due to settings in your firewall. With new Windows versions, you can specify whether or not you are on a “home” network, as opposed to a “public” network. Choose wisely; Microsoft has all the information here. At the most basic level, it is best to turn off all file sharing when heading out. Depending on your operating system, use these instructions from Carnegie Mellon to find out more.

#3. Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. If your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device will connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.

#4. Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device.

#5. Use a freeVPN for Wi-Fi security like Hotspot Shield. Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Dinner With the CEO Stars of Tech

A dinner, hosted by Yahoo’s CEO and another 11 CEOs and execs from Twitter, Google, Apple and more, recently took place in Silicon Valley. These major players, responsible for shaping our world of tech, simply sat down to break bread. You gotta wonder what the conversation was like.

So this got me thinking: With whom would I want to sit down to dinner, and what would I ask them? The “dinner” part of this dinner is already a problem for me. I’m thinking I’d want to eat ahead of time so I could engage my companions in conversation; otherwise, when I eat, it’s similar to a hyena taking down an antelope in the plains of the Serengeti. While some people do get a kick out of my eating drama and it certainly makes for great entertainment, it might not be the ideal scenario for a repast of this gravity.

Facebook CEO Mark Zuckerberg. Mark, fascinating platform you’ve built here. When you designed and built it, it was for college kids only. But what happened that made you decide to open it up to everyone? And at what point did you recognize the real value of connecting the way everyone has? How did you know that so many people would freely share they way they have? Is there a way you can prevent people from sharing so much? Don’t worry—I’m not bringing up privacy. I’m talking about how I’m pretty sure many of us have heard enough!

Gemalto CEO Olivier Piou. Olivier—I’m sorry, Mr. Piou…or is it Sir Knight? I’m sorry to be asking this, but in your bio it says you are “a Knight of the Legion of Honor in France,” and I’ve never been to France or met a knight. The closest I’ve come to a knight is the 1976 white Corvette that I bought when I was 18, with WHYNYT on its license plate. I know—corny, but the babes loved it. Anyway, I’m just going to call you Mr. Piou. Great company you’re running. My only question: What’s it going to take to convince all the world’s citizens that we need to be properly identified, proofed and documented, keeping their privacy in mind but in a way that prevents fraud, deception and identity theft by ensuring accountability for everyone? I know YOU are the guy to do it! CEO Tony Hsieh. Tony, dude, NICE JOB! Love Zappos! Did you model your business after Amazon? Because you’ve made shopping for shoes and everything else as easy as Amazon has made it for getting books and macadamia nuts. Can you sprinkle some Hsieh dust on me?

Microsoft founder Bill Gates. Bill, thank you for all you’ve done. I know you’ve caught a lot of grief over the years, but seriously, thank you. And fabulous job you’re doing with saving the world with all your charity work. One question: Could you tell the developers at Microsoft to stop making Internet Explorer so annoying?

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Should I Give Them My Data?

We’ve heard lots and lots about data breaches in the last decade. And with the term “cloud” becoming more prevalent (which, incidentally, just refers to a computer server connected to the internet), people are asking how secure their data is on the various websites they agree to host it.

For example, online banking, online backup, social media, email and the various free services you may subscribe to are cloud-based and house lots of personal information. But are they secure? The answer is, “It depends.”

For example, BillGuard utilizes bank-level 256-bit AES encryption (the same level of encryption approved by the National Security Agency for storing top-secret data) for all communications and data processing; it also is performed on servers isolated from direct access to the Internet. (That additional level of security is also very important.) BillGuard’s systems are monitored by its own security staff 24/7 and audited daily by VeriSign and McAfee Secure, and a company called Security Art performs regular penetration testing to preemptively ward off data intrusion.

Furthermore, BillGuard does not store your credit/debit card account login credentials or ask for any personally identifiable information beyond an email address (for alerts) and your zip code. Not storing your data is good too.

Chances are, your bank uses the same level of security too. Deciding if you should give up your data depends on the potential risk and return. Do you give your credit card number to a waitress for a burger? You probably shouldn’t, but you do. Do you give your Social Security number to an insurance agent for identification on your policy? We pretty much have to hand over our data for services, and if you want to protect the data, we really should hand it over to companies that are in the business of protecting it—as long as they are responsible with it.

So when deciding to “give it up,” I say you should see what security measures these parties have in place and then decide. I’m sure your waitress has it all covered, anyway.J

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

6 Ways You Are Vulnerable On Wi-Fi

Whether you are on your home or office network or seeking out a free connection on public Wi-Fi, there are known risks that can be managed simply by using a free VPN.

#1. Outdated operating system-critical security patches. When an operating system is released, it often is secure—or at least as it can be for the moment. But once good-guy and bad-guy hackers take a look at it en masse, they discover vulnerabilities. When on an unprotected network, criminals can use software programs that search out vulnerabilities from outdated, unpatched software on your devices; once found, they use whatever tools are available to take advantage of those vulnerabilities and dig deeper into your devices.

#2. Unsecured wireless. Unencrypted Wi-Fi networks at home or in the office, or on the road at coffee shops, airports and hotels, are vulnerable to sniffers. Sniffers read the wireless data as it travels through the air and converts it so other computers (and those who administer them) can read it in words, numbers and computer code.

#3. Poorly secured wireless. Protected Wi-Fi that employs WEP, or Wired Equivalent Privacy, is vulnerable. WEP, introduced in 1997, is the original version of wireless network security. Over the past decade and a half, however, WEP has been cracked, hacked and decimated.

#4. Sharing network passphrases. You might share a wireless connection with people you trust. Perhaps you have roommates, or you live in a condo or apartment and like your neighbor so much that you give her your passphrase so she can hop on your wireless internet. But by doing this—and no matter how nice your network-sharing friends may be—you are letting other devices scoot by the encryption your router employs.

#5. Hijacked cookies.Session hijacking is when you log onto a website and your login data is stored via a cookie—a small bit of code that lets the website know you are logged in. If HTTPS isn’t used and these cookies aren’t encrypted—which, often, they are not—an attacker can copy that cookie onto his or her device and surf on that device just as though it were yours. You’ve been hijacked!

#6. Man-in-the-middle attack. When you are on an unprotected network and another device intercepts or eavesdrops on your internet communications, then communicates with the designated website acting as though it is you, the other device communicates with the website—and the website has no idea it is communicating with an attacker.

The easiest way to avoid all this drama is by protecting your devices’ wireless communications witha free VPN likeHotspot Shield. Hotspot Shield VPN protects your entire web surfing session, enables private browsing while securing your connection at both your home internet network and publicInternetnetworks.

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

What’s a Wireless “Sniffer” and Why Should I Care?

A sniffer is a software program used by IT administrators to monitor network usage, investigate network problems, investigate network misuse and abuse, identify configuration issues and determine the state of a network’s security. Sniffers ultimately decode the data so it is readable in words, numbers and computer code.

Note that last part: “determine the state of a network’s security.” That is a big one. This is because while good-guy IT security professionals use sniffers to determine the security of a network, bad guys also use them to see your data as it travels from your device to the router communicating the wireless internet signal.

Unsecured, unprotected, unencrypted and sometimes shared wireless internet communications over Wi-Fi in your home, office or any publicly connected Wi-Fi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers. A sniffer employed by a criminal can be used to spy on anything you communicate wirelessly. Criminals can steal your data, get your usernames and passwords, and potentially hijack your device…and your life.

The kind of data that is most vulnerable to sniffers is that which is unencrypted; this can include something as simple as files being copied and pasted or shared from one device to another. Any information coming through your browser that isn’t coming from or going to a website employing encryption designated HTTPS—the S means secure—is also vulnerable.

On wireless connections that aren’t properly secured—such as those public ones I mentioned earlier—your best line of defense is to use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft expert  consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

BillGuard is Personal Finance Security

If I had a dime for every time I’ve been asked, “How do I protect my credit card number?” I’d be living on my own island in the Pacific. My response has always been, “Use your card whenever and wherever and don’t worry about it, but pay close attention to your statements,” because that’s really all you can do. But due to most people not carefully checking their statements, my sage advice has fallen on deaf ears.

The good news is, the agony associated with checking credit and debit card statements from different banks and painstakingly reviewing each charge is as close to being solved as ever. BillGuard, a personal finance security service, analyzes millions of consumer billing complaints to find deceptive and unwanted charges that result from misleading sales and billing practices on your credit and debit card statements all in one place.

All you do is register the cards you want protected by granting BillGuard secure, read-only access to the credit issuer’s website that displays your credit card’s transaction activity. BillGuard then scans your card activity daily, running each transaction through over 100 automated security tests, including checking the web and banks, for complaints about the merchants and charges that appear on your bills and statements. BillGuard identifies hidden charges, billing errors, misleading subscriptions, scams and fraud on your bills and statements and alerts you via email when your attention is required. A scan report email is sent monthly, providing a quick overview of your cards—and, along with it, much-needed peace of mind.

BillGuard provides a beautifully combined view of all your credit and debit cards in one place and makes it easy to understand every charge on your statements. No more painstaking calls to the bank to explain unrecognized charges! BillGuard saves you both money and time, even helping you get your money back when needed.

I’ve been using BillGuard since 2011 and it has alerted me to numerous charges that required my attention. Having a personal finance security company watching my cards (and watching my back), has helped me understand my statements and the various strange charges that most people don’t acknowledge, often resulting in hundreds of dollars lost each year.

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

5 Ways to Ensure Online Privacy for Kids

Congress and the Federal Trade Commission (FTC) have taken special steps to ensure that children under 13 years of age don’t share their personal information on the Internet without the express approval of their parents. Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 and the FTC wrote a rule implementing the law. The FTC currently is conducting a review of what changes, if any, should be made to COPPA to reflect the changes that may have been brought about from technology, such as the rapid adoption of mobile devices.

Parents who lack experience with the Internet, computers, or mobile devices must learn the basics before they can adequately monitor their children’s habits. A parent’s discomfort or unfamiliarity with technology is no excuse to let a child run wild on the Internet. In fact, in McAfee’s study, “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” showed that an alarming 70% of teens have hidden online behavior from their parents.

As with any task, one should start with the fundamentals. Spend as much time as possible with kids in their online world. Learn about the people with whom they interact, the places they visit, and the information they encounter. Be prepared to respond appropriately, regardless of what sort of content they find. Remember, this is family time.

Here’s some tips to help you protect your kids:

Narrow down devices: In the past, many of us set up our family computer in a high-traffic area, like the family room, but this becomes less feasible as more children have their own laptops and mobile phones. I recommend limiting time online and also limiting the number of devices your child has.

Teach then appropriate online behavior: Kids will be kids, but that doesn’t mean it’s okay to say cruel things, send racy pictures, make rude requests, or suggest illegal behavior, just because they are online. If it isn’t okay in the physical world, it isn’t okay on the Internet. Also discuss with your kids what is and is not okay with regards to the kinds of websites they may visit and what type of content is ok to share or not share. They should also be taught to not open attachments or click on links from people they don’t know.

Use parental controls: Consider investing in software with parental controls, which limit the sites your kids can access, times they are allowed online and the amount of time they spend online each day.

Discuss stranger danger: Just like in the real-world, kids should be taught to never meet someone they know only online in person and that they should not chat or friend people they do not know.

The Internet is forever: You and your kids need to understand that once things are posted online, they could live on forever. You no longer have control over that photo or video and it could come back to haunt them. They should follow the rule of thumb that they should not post or share anything they would not share with everyone.

The key to good online parenting lies in the basics of good offline parenting. Talking to your kids about the “rules of the road” for the Internet is just as important as talking to them to about things like looking both ways before they cross the street.

Robert Siciliano is an Online Security Evangelist to McAfee(Disclosures)