5 No-brainers for Keeping Your Email Safe

It’s time to face the fact that for most of us, email is the single most important digital asset we own: more than anything else, it is our digital DNA. To some degree, email is connected to every online account we have; it contains the username, password reset, and an archive of most of our digital doings. It’s been said that if a criminal owns a person’s email, he owns the person.

With more and more people keeping tabs on their financial statements, contact information and other sensitive data via email, it’s time to double-check your email habits to see if you’re putting yourself at risk.

#1 Never use public PCs. A public computer can be likened to a public toilet. You don’t really know who’s used it before you and you don’t know what kind of virus you can catch from it. PCs in libraries, hotel business centers or internet cafés can easily have keyloggers or keycatchers installed that can steal your usernames and passwords. Checking email on an unsecured computer that you don’t have any control over is risky and, frankly, irresponsible.

#2 Use a VPN over wireless. Wireless was born to be convenient, not secure. Sniffers can read wireless communications over free public WiFi and get usernames and passwords. Always use a wireless VPN, such as Hotspot Shield, that encrypts your wireless access.

#3 Log out of your device when not in use. Staying logged in 24/7/365 is risky. Anyone that has access to your computer or mobile device at home or work can own your email. Contractors, cleaners, vendors, burglars and even a spouse can put you at risk.

#4 Delete phishing emails. Any emails you receive that request you to click links to updating accounts, shipped packages, problems with accounts or for special offers are suspect. Phishing leads to keyloggers or compromised username/passwords. If these emails end up in your spam folder, leave them there.

#5 Never click links. I only click links in emails when it’s a “confirmation” email from signing into a new account or when I’m communicating with a friend, family member, colleague or known contact who then sends me a link. Otherwise, I never click links in emails, including in online statements. I always use my favorites menu or a password manager to get where I need to go.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

How the Government (and Bad Guys) Intercept Electronic Data

The news of the NSA spying using PRISM should not come as a surprise to anyone in the intelligence community. Electronic spying is as normal as breathing. And when a 27-year-old American traitor with little life experience (he was 15 when 9/11 hit) blows the lid off of a current spy program, it’s time to define why and what needs protecting.

  • PRISM: This is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. Much of the information collected by PRISM is done via warranted tapping into servers here in the U.S. that route lots of data overseas. Its purpose is to discover “chatter” and prevent manmade disasters.
  • ECHELON: ECHELON is a name used in global media and popular culture to describe a signals intelligence (SIGINT) collection and analysis network created to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War in the early 1960s. The ability to intercept communications depends on the medium used, be it radio, satellite, microwave, cellular or fiber optic.
  • Cell site simulators: Slate.com reports this “equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design, Stingrays, sometimes called ‘IMSI catchers,’ collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service.”
  • Remote-access Trojans: A remote-access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program—such as a game—or sent as an email attachment.

These are just a few of the ways data is collected/gathered/stolen. So should you be worried? If you are up to no good, yes. If you have personal information on your devices that can be used to steal your identity, yes.

However, I’m personally not concerned about data being collected by my government. I’m well aware of what I’m electronically communicating and nothing incriminates me. But what does worry me is when bad guys get hold of data via RATs and use it to take over accounts or open new accounts. Using antivirus, antispyware and a firewall is your best defense.

We can’t do much to protect ourselves from government surveillance other than simply not communicating digitally or using less popular search engines, social sites and email programs. But there are tools such as TOR and Hotspot Shield VPN that mask IP addresses and can be used to anonymize communications.

If you want to seriously hide, then using anonymizers to create accounts and then continuously communicate using them is the most effective way to go.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

How the Proliferation of Mobile Devices is Impacting Consumer Security

Mobile technology is the new frontier for fraudsters.

Most of us don’t protect our smartphones or tablets—and the private information they contain—anywhere near as well as we do our wallets and PCs (even though most us would rather lose our wallets vs. our smartphones). Even the simple safeguard of a four-digit password is too much work for 62% of smartphone users, and 32% of users save their login information on their device.* It’s a simple formula for crime: no password + instant access to online accounts = fraud, identity theft and privacy loss. Maybe that’s why mobile phones were targeted in more than 40% of all robberies in New York City and 38% of all robberies in Washington, D.C. last year.**

Even without getting their hands on your device, hackers can get into and remotely control almost any mobile device, and it is frighteningly easy. Malicious software can be disguised as a picture or audio clip. When you click a link or open an attachment, malware installs on your device. Unlike early PC malware, it doesn’t ask your permission, and your device is figuratively in their hands.

How are mobile devices changing the game?

Criminals know that your mobile device is an indispensable extension of your life. Your smartphone or tablet stores some of your most private conversations and confidential information. It is your phonebook, email account, family photo album, social media connection and even your wallet, all rolled into one device. Chances are, if you own a smartphone, it is connected to your money or financial accounts in some way. For many, it’s like your right hand (or, in my case, left hand).

That smartphone is always on and always with you—connecting you to, creating, and storing important and often confidential information. That information has value to other people. Just like on your PC, software can track and record social network activities, online search behavior, chats, instant messages, emails, websites, keystrokes and program usage. It can also record bank account numbers, passwords, answers to security questions, text messages, GPS locations and more.

While it builds on the experiences of the PC, the mobile game is different. It’s more sophisticated because there is more information, and it is more fast-paced and dynamic. Things change, and they aren’t what they appear to be. You need to get out some new tools and learn some new tricks to win this one.

Protecting your devices is essential to protecting your identity. But no longer is it enough to just protect your PC with antivirus; you need to protect all your devices. Invest in a comprehensive security solution like McAfee LiveSafe™ service that includes antivirus but also protects the identity and data of you and your kids on ALL your devices.

* Javelin Strategy and Research, “Identity Fraud Rose 13 Percent in 2011 According to New Javelin Strategy & Research Report”
** http://www.informationweek.com/news/government/mobile/232900070


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Before You Share, Ask Yourself “Is This TMI?”

Social networks and new online services make it easy to share the details of our lives, perhaps too easily. With just a few clicks, posts and messages, you can give away enough personal information to compromise your privacy and even open yourself up to identity theft.

Hackers use information you post online to try and trick you into giving up access to your email, social networking and financial accounts. And sometimes they can use the information you post online to reset your account passwords so you no longer have access to them as your pet’s name, mother’s maiden name are often the security challenge questions for online sites.

Where you went to elementary school, your favorite food, where you honeymooned, your first grade teacher, father’s middle name, mother’s maiden name, kids names, birth dates, where you vacation, your high school sweetheart, your home phone number, mobile number and even your email address: All this information, believe it or not, unfortunately, is way, way, Too Much Information (TMI).

Not sure if you are guilty of online TMI? Take a look at some of these numbers:

Consumer Reports found that 52% of social network users have posted personal information online that can increase their risk of becoming victim of a cybercrime.

McAfee’s recent study found that 95% of 18-23 year olds believe it is dangerous to post personal or intimate information (social security number, banking information about yourself, who you date, personal activities, etc.) yet 47% of them post this type of information online.1

80% of 18-24 year olds have used their smartphone to send personal or intimate text messages, emails or photos and 40% of them have asked their ex to delete intimate photos or messages and later regret sending those photos or videos.2

78%  of recently jailed burglars admitted they used social networks like Facebook, Twitter, and Foursquare to plan burglaries around their victims’ posted vacation times.3

1 in 3 employers reject applicants based on Facebook posts, according to a survey of 2,300 hiring managers released by CareerBuilder.com.

McAfee found that 20% of 18-24 year olds know someone who has been fired or they themselves were fired because of personal images or messages posted online.

Here are some tips to remember:

Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.

Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.

Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.

Only send personal data over a secure connection—Never shop, bank, or enter passwords or credit card numbers over public Wi-Fi or free hotspots, like in cafes or airports.

Turn off the GPS (Global Positioning Service) function on your smartphone camera—If you are going to be sharing your images online, you don’t want people to know the exact location of where you are.

Consider sharing vacation photos when you’re back home—Sharing photos of your trip and announcing you’re on vacation is fun, but it’s also announcing to would-be thieves that it’s a good time to rob your home.

Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so keep it positive.

Posting personal information and photos on networking sites can be fun and convenient, but it can also lead to identity theft, cyberbullying, or hurtful gossip. What’s more, mistakes and triumphs that used to fade over time in the real world are now archived on online for all to see. In an age when smartphones double as shopping carts, photo albums, and even personal assistants, knowing what personal information you share matters more than ever. Before you post, remember to: Stop. Think. Is this TMI?”

To join the conversation use #IsThisTMI or follow McAfee on Twitter @McAfeeConsumer or Facebook. And help spread the word about TMI by going to www.mcafee.com/TMI and learn how you can be entered to win an Intel-inspired Ultrabook™ or subscriptions to McAfee LiveSafe™ service.

1 TRU and McAfee, Online Safety survey, April 2013

2 MSI and McAfee, Love, Relationships and Technology survey, January 2013
3 http://www.friedland.co.uk/EN-GB/NEWS/Pages/Whats-your-status.aspx
4 MSI and McAfee, Love, Relationships and Technology survey, January 2013


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)