Avoid Risky Web Searching on a Mobile Device

/in /by

The mobile web can be a minefield of malicious links luring you to click so bad guys can infect your device. Search engines do their best to filter out these sites, but nefarious criminals have found ways to get their scammy pages to the top of search results through a process called black hat search engine optimization.

Criminals create fake websites and then use the same techniques as legitimate online businesses do regarding search engine optimization, marketing and online advertising. They use keywords to boost rankings on internet search engines, causing their fake websites to appear alongside legitimate ones.

It is also much harder to tell if a URL is legitimate since due to the limited screen space, mobile browsers especially often truncate web addresses. Also, if you’re clicking on a link to a site from an email you received, it’s hard to see the full sender’s email address; this makes it hard for you to know whether it’s coming from a fake person or company. Finally, the “hover over” option that many of us use to preview URLs on computers doesn’t work yet on most touch screen mobile devices.

Wireless internet also contributes to risky web searching. Unsecured, unprotected, unencrypted and sometimes shared wireless internet communications over WiFi in your home, office or any publicly connected WiFi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers.

On wireless connections that aren’t properly secured—such as public ones—your best line of defense is to use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is Typosquatting?

/in /by

Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”). When users make such a typographical error, they may be led to an alternative website owned by a hacker that is usually designed for malicious purposes.

Hackers often create fake websites that imitate the look and feel of your intended destination so you may not realize you’re at a different site. Sometimes these sites exist to sell products and services that are in direct competition with those sold at the website you had intended to visit, but most often they are intended to steal your personal identifiable information, including credit cards or passwords.

These sites are also dangerous because they could download malicious software to your device simply by visiting the site. So you don’t even need to click on a link or accept a download for dangerous code to install on your computer, smartphone or tablet. This is called a drive-by download and many typosquatters employ this as a way to spread malicious software whose purpose is to steal your personal information.

In some cases, typosquatters employ phishing in order to get you to visit their fake websites. For example, when AnnualCreditReport.com was launched, dozens of similar domain names with intentional typos were purchased, which soon played host to fake websites designed to trick visitors. In cases like this, phishing emails sent by scammers spoofing a legitimate website with a typosquatted domain name make for tasty bait.

In order to protect yourself against typosquatters, I recommend you:

Pay close attention to the spelling of web addresses or websites that look trustworthy but may actually be close imitations of the online retailer you are looking for.

Instead of typing the web address into your computer, make sure you have a safe search tool, like McAfee® SiteAdvisor® which comes with McAfee® LiveSafe™ that provides warning of malicious sites in your browser search results.

Don’t click on links in emails, texts, chat messages or social networking sites.

Invest in a comprehensive security solution like McAfee LiveSafe™ service that protects all your devices, your identity and data.

There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets so make sure you stay educated and use common sense!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Police Officer’s Home Burglarized; Learn How Not to Become a Victim Too

/in /by

Nobody is immune to burglaries. I’ve seen celebrities, priests, politicians and even police officers become victims of burglary.

SFGate.com reports that two people were arrested and charged in the burglary of a central Iowa police officer’s home in which the officer’s gun was stolen.

Not at all cool. Not cool because the cop is just like us and doesn’t deserve his home broken into. Not cool because his gun was stolen and could be used by the whack-job burglar to kill someone. And not cool, frankly, because he is an officer of the law and really should, at a minimum, have a home security system protecting his home and a safe protecting that gun.

Meanwhile, police in Seattle and the West Seattle Herald provided some insight into how burglars operate: “The general profile of our burglars are juveniles in groups of two to three (there are, of course, adults as well), often times [breaking into homes] while people are at work and kids are at school. The modus operandi is to have one person knock on the door (while in communication with the others, usually by cell phone). Meanwhile, the other two are working their way into the backyard where they will break into a window or door once the coast is known to be clear. Once inside, they generally focus on high-end electronics (Apple products are a favorite), gold and silver jewelry, cash and guns.”

Don’t want to end up in the paper? Memorize these prevention tips:

  • Stay safe at home: If someone’s breaking in while you are home, yell out, “Hey, what are you doing!” or “Honey, can you get that?” to make it clear someone (or more than one) is home. Leave, or get to a safe, locked room and call 911.
  • Watch your perimeter: Keep your yard and home easily visible to neighbors so they can see mischievous burglar behavior.
  • Home alarms: Home alarm systems and posted signs letting everyone know they are in place can also act as a deterrent.
  • Summertime security: Don’t leave windows slightly ajar to keep the house cool when you are gone.
  • Neighborhood watch: Start up a block watch with your neighbors. This means folks watching out for folks and their property—and for people on the block who don’t belong.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

EMV Will Help Retailers Prevent Credit Card Fraud

/in /by

EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals.

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Implementation should occur in 2015, Visa announced plans to expand their Technology Innovation Program to the U.S., which will encourage retailers to support cards with microchips by “[eliminating] the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals.” This will go into effect October 1, 2012 for merchants whose point-of-sale terminals accept both contact and contactless chips.

PCMag reported MasterCard followed Visa’s lead stating that it too intends to move U.S. consumers onto so-called chip-and-PIN technology. MasterCard, like Visa, also said that it is preparing for a world where consumers will pay in stores, online, and via mobile devices.

Another method of credit card fraud prevention is device reputation technology. It works to prevent all types of fraud and abuse on the Internet, including account takeovers, which occurs when your existing bank or credit card accounts are infiltrated and money is siphoned out. Iovation the leader in device reputation helps prevent new account fraud, which refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Teen Dies Fighting Off iPad Thief

/in /by

There is nothing that I have, other than family members that I would risk my life for. Whether it is jewelry, money, a wallet, bag or expensive electronic item, I’m simply not going to offer resistance if some whacked-out mentally ill person wants to take it from me. The fact is, I’m too pretty to have a box cutter slashed across my face in exchange for any material item.

Although it’s a normal reaction to fight for what’s right (and what’s yours), it’s not necessarily the right decision when you fight over material items. I think we learn this as kids when we tussle with a sibling over toys. As we grow older, we become territorial when it comes to things like standing in line, driving and even land disputes.

But dying over a $400iPad simply ain’t worth it.

The Las Vegas Sun reports, “A teenager died after a man grabbed an iPad out of his hands and fled in an SUV that ran over the boy as he struggled to hold onto the tablet.”

Investigators determined the boy was walking with the iPad when a white vehicle stopped and a man exited the passenger side of the vehicle. The man attempted to steal the iPad and started to drag the teen, who was trying to hold onto the device, to the vehicle. Facing resistance, the suspect got back into the SUV with the teen still grasping at the tablet, but the vehicle then fled and the boy fell and was struck by the SUV.

Think about it like this:

About 12,000 laptops are lost each week in US airports alone, and 113 cell phones are lost or stolen every minute in the U.S. Now imagine if everyone was fighting over every device. Mind blowing, isn’t it? Instead of fighting over this replaceable item, simply:

#1 Let it go. It’s not worth fighting over.

#2 Activate a lost/locate/lock/wipe software that helps you recover, lock or wipe the data.

#3 Call the police and be happy you are OK.

#4 See if your homeowners insurance will cover lost or stolen devices.

#5 Make sure all your devices are password protected. Do it today. This way, the chances of your data being exposed are reduced.

Better to lose your device—even lose your data—than your life.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Connecting the Dots–How Your Digital Life Affects Identity Theft and Financial Loss

/in /by

You’re on Facebook, LinkedIn and Twitter. You use Gmail, Yahoo! and bank online. You might buy stuff on sites like Amazon and occasionally make purchases from eBay. Sometimes you apply for a loan online and maybe open up a credit card account too. This is all commonplace in today’s digital world.

So how does all this lead to identity theft and financial loss?

With the convenience of the Internet and all the digital devices available to use today—laptops, smartphones, and tablets—we unknowingly provide a lot of information online that could expose us to identity theft. Access to your personal information is what gives hackers the power to tap into your accounts and steal your money or your identity.

Here are some of the ways that hackers use our information against us:

Social media: These sites continue to grow in popularity and you may be putting more information on these sites than you should. Even though you may assume that only people in your personal network can access this information, that’s not always the case.

Email: It’s been said that if you own a person’s email, you own the person. This means that once your email account is hacked, pretty much your entire digital life is up for grabs. So even if you’ve done your due diligence to have all your passwords be different, if your email is hacked and it is associated with your other online accounts, the hacker could simply use a reset password and get access to all your other accounts.

Online shopping: This is another activity where you need to be cautious since hackers can potentially steal your information from an unsecured or phony site. If you’re on a phony site, you are giving your information directly to the hacker or you could be on a site that is automatically downloading malware to your device that could do things like track every site you visit and everything you type on your keyboard and send that to a hacker.

Wireless networking—Even if you are being cautious with our online activities, hackers can still grab your information if you aren’t smart when using Wi-Fi connections. That’s why when you’re using those free hotspot connections in cafes or airports, it’s important for you not to access your banking or personal sites as the transmission of data is not secure.

There are many ways to skin a cat, as they say (a rather morbid expression), but having your identity stolen and losing money is unfortunately too easy when your information is spread so thin. So it’s not enough to just sit back and hope you aren’t hacked. The fact is you need to up your security intelligence and invest in additional layers of security.

All of these scams prey on your trust and on your personal information, so follow these basic steps to protect yourself:

Click with caution: Be careful when clicking on links in emails, texts, social media posts, and instant messages, especially if they are from people you don’t know.

Be careful what you share: Think about what you post online—is that thing you so badly you want to share something you’re ok with your grandmother or an employer seeing? If not, then don’t post it. In fact, you should consider anything posted on the Internet as something written in permanent pen, not pencil—as in, it’s there forever.

Use common sense: Follow the old caveats about not clicking on links in emails, texts, social media posts, and instant messages from people you don’t know, and always exercise caution when it comes to sharing any sensitive information.

Educate yourself: Keep up to date about the latest scams and tricks hackers use to grab your information so you can avoid potential attacks.

Use comprehensive protection: Because there are a variety of ways in which hackers can access your information, you need to make sure that you employ a comprehensive security solution like McAfee LiveSafe™ service that protects all your devices, your identity and your data.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

5 Ways to Protect Your Credit Card

/in /by

Credit card fraud happens in a number of ways. Sometimes your bank or credit card company will notify you of fraud and other times they won’t. So it’s up to you protect yourself. Smart retailers on the other hand are already protecting consumers behind the scenes by implementing multiple layers of fraud protection.  

1. Whenever you hand over your credit card to anyone — a waiter, gas station attendant, store clerk, etc. — keep a close eye on them as long as they are in possession of the card, or at least watch the card as it is being processed. You want to see where your card is going, and how it’s being used. The idea is to make sure the card isn’t being “skimmed” with a device designed to collect card data. This is good advice when it’s possible, but since waiters typically take the card out of sight to process, it really only works in scenarios where the clerk never leaves the terminal.

2. Cover your PIN. This is absolutely necessary at any point-of-sale terminal or ATM. The public nature of these devices makes it very easy for someone to “shoulder surf” and see your PIN. A cell phone video camera over your shoulder, a video camera 50 feet away, binoculars, or even a hidden camera attached the to face of the ATM can all compromise your PIN.

3. Change your card number. With millions of card numbers hacked over the last few years, chances are yours has been compromised at some point. I have had three changes of credit cards due to proactive card issuers sending me a new card whether I liked it or not.

4. Check your credit card statements every day. This is an extra layer of protection that requires savant-like attention. You check your email every day, so checking your credit card statements every day is manageable, right? Even once a week is sufficient, and every two weeks is okay. Just be sure to confirm your bank’s cut-off date to refute unauthorized withdrawals. For most credit cards, it’s 60 days.

5. Protect your PC. Viruses on your computer will almost certainly result in account takeover. Install antivirus, anti-phishing, anti-spyware, and a firewall.

One very effective fraud detection technique smart retailers are using is to implement device identification and device reputation, which alert businesses to known fraudsters on their websites. iovation Inc. takes this service to another level by analyzing the device’s reputation to assess the potential risk of every transaction.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

6 More Tips for Apartment Security

/in /by

Did you know that 1 of every 5 homes will experience a break-in or violent home invasion? And that 80 percent of break-ins occur forcibly through a locked door—and, even scarier, that a burglary occurs every 15 seconds in the United States? And if you live in an apartment, the National Crime Prevention Council says you will have an 85 percent greater chance of being burglarized than a single-family dwelling.

When looking into apartment living, consider my first six tips on apartment security, as well as the following:

  1. Gated access: Keypad, remote controlled and including an emergency firebox.
  2. Key building access: Look for a schedule that involves locking exterior doors and making sure the property is secured.
  3. Neighborhood watch-type programs: If a stranger is in the area or paying unwanted attention to us or the property, we call one another to decide what we may do in response. There’s always strength in numbers.
  4. Background checks: Does the landlord do anything in regard to background checks?
  5. Neighborhood crime: What is the immediate neighborhood like? Are there drug houses, etc., nearby? Contact local law enforcement and ask for a record of recent crimes committed. Get some statistics. Some law enforcement agencies will be more or less cooperative. You want to know about the prevalence of violent crimes, sex offenders and theft. One of the most effective ways to get the pulse of the community is by buying the local newspaper. Reading the police blotter over a one-month period is telling.
  6. Interview the landlord: While the landlord may interview you, you should interview the landlord. Find out what his/her processes are for security. What is the annual investment? What is the landlord’s philosophy regarding apartment security? Does the landlord even have one? What is the existing security at the property? Ask about lighting, cameras, locks on doors and windows, and whether the keys have been changed since the last tenant left.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Secure Your Identity When Traveling

/in /by

As summer travel starts to pick up, consumers need to be aware when they’re preparing for, or going on, summer vacations.

Stealing your mail. While you’re on vacation, your mailbox fills up with credit card offers and bank statements. The bad guy can steal this mail and use it to open new credit cards in your name, or to take over existing accounts. Get a mailbox that locks to prevent thieves from stealing your mail. Have a trusted friend retrieve your mail while you’re away. Opt out of prescreened credit card offers.

Credit card fraud. When you are out and about, anyone who handles your credit card can steal your digits and make unauthorized charges, as can anyone on the other end of an online purchase. Check your credit card statements as frequently as possible. Review them weekly, at a minimum. Federal law requires that credit card companies allow you to refute unauthorized charges for up to 60 days. Keep your receipts and scrutinize those statements.

Internet cafe spyware. Anytime you use any PC other than your own, your identity is at risk. Spyware is software installed on a computer that records every keystroke, username, password, and website visited. Autocomplete is a browser function that remembers your passwords. Autocomplete on a public computer means potential identity theft. If at all possible, avoid business center or Internet cafe PCs. Many mobile phones can function as a temporary replacement for a PC.

Online dating scams. Millions of people use online dating sites to broaden their networks and meet potential mates, but not every person on these sites is sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust and, eventually, your money. Only use reputable sites. The minute anyone asks you to forward them money via wire transfer, delete the message.

WiFi insecurity. Whether you travel for business, or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. Wireless networks broadcast messages using radio, and are thus more susceptible to eavesdropping than wired networks. Use Hotspot Shield VPN to protect your data by tunneling through an encrypted wireless network.

Overseas skimming. Card skimming is the act of copying credit card data off a magnetic stripe card, whether on an ATM or in person. US-based cards are more vulnerable because they are mostly magnetic. Overseas, particularly in Europe, EMV or “chip and PIN” cards are standard. Chip and PIN cards are much harder to hack. Many merchants will not, or cannot, accept US cards with magnetic stripes, which could put you in a difficult position when you need gas or have to buy a train ticket.

Check with your bank to see if they offer EMV. JPMorgan Chase began issuing cards with embedded microprocessor chips last year, and more major card issuers have followed suit by incorporating EMV technology. American Express have also announced plans to release chip-based cards in the United States.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Drug-addicted Teen Burglar Sentenced to Prison

/in /by

Burglars aren’t the people you see in the movies driving expensive cars, living lavish lifestyles and vacationing in the Caribbean. Burglars are usually addicted to drugs, unemployed because of their habit, and have sucked the lives and savings out of their families and so must turn to crime to get their fix.

You’ve heard “desperate people do desperate things,” and that statement can be directly equated to the mindset of a drug addict. People under the influence are sick and irrational and will stop at nothing to get what they need. Often, their illness has such a grip on them that in their minds, scenarios that actually result in violence leading to murder begin to seem normal. To them, it makes perfect sense that such things are what they need to do to get high.

People often ask, “Why?” “Why would anyone do that?” Because drugs have such a grip on them that the ability to make sound, rational decisions is no longer a part of their psyche.

It’s even worse when a teenager is the addict and perpetrator. At a young age, his reality isn’t quite developed. Leo Ray and his wife were victims of an invasion at their Idaho home. Ray told the Times-News in an interview that he answered the door at about 6 a.m. the day of the robbery to three guns in his face, then two men held guns to his head while another—whom he later identified as a 16-year-old boy—stood across the room with a rope and another gun. The men tied up the Rays and ransacked their home, stealing guns, computers and other valuables.

The prosecutor stated, “The teen has had significant substance abuse treatment and significant opportunities for counseling in the juvenile justice system.” But he obviously was beyond repair.

Bad, sick, dysfunctional people are everywhere. This doesn’t mean you should hide under your bed and worry; it means you need to keep your head up, be aware, know your options, live your life and invest in your personal and home security.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.