What is Encryption?

Encryption is the science of encoding and decoding secret messages.  It began as cryptography—the ancient Greeks used it to protect sensitive information that might fall into the hands of their enemies. More recently, governments have used encryption for military purposes, but these days the term if often used in reference to online security.

Encryption is important because it allows technology providers such as website owners to convert sensitive information, such as your credit card number, passwords and other financial details, into a code that cannot be read by cybercriminals or other unauthorized third parties. As an Internet user you should be aware of when encryption is being used, and when it is not, since it can help protect your personal information when doing sensitive transactions.

So, when you’re doing online banking or online shopping, or registering with a site that requires your personal information, look to see that the website address begins with “https:” instead of just “http:” since this indicates that this site is using encryption. You can also look for the lock symbol, since this is another indication that the site offers improved security.

In addition to online shopping and banking destinations, other sites have started offering the option of switching to a secure “https:” page.  Facebook, Twitter, and LinkedIn, for example, now offer encryption since their users are sharing so much of their personal information. Keep in mind, however, that not all websites need this kind of security. Don’t be alarmed if you are on a news site, for example, that doesn’t offer encryption since you generally read content on these sites but do not send or share personal details.

Knowing about encryption and how it can protect you is important, so remember to follow these tips to protect yourself online:

Look for “https:” and the lock symbol when making sensitive transactions online

Always be careful about how much personal information you share online

If you use social networking sites, check your privacy settings to make sure that your information stays private

Use comprehensive security that protects your identity, data and all your devices, like McAfee LiveSafe™ service

Encryption may sound complicated but it is just a high-tech way of creating a code to protect your information, just as the Greeks did long ago. Now that you know what encryption is, be on the lookout for secure sites that can increase your Internet security.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Medical Identity Theft: Ins and Outs

Medical identity theft is the deadliest form of identity theft—and I say this without hyperbole or exaggeration. When financial gain is the general motivation for stealing medical information, insurance cards, records, etc., the crime is a form of account takeover fraud. Medical identity theft—the real kind—occurs when the thief’s motivation is obtaining medical procedures or healthcare.

Insurance cards allow access to a hospital or doctor’s office. When requests for additional forms of identity are requested, the thief produces fake IDs. Often, the thief conspires with an employee at the facility who “sweethearts” the transaction so the thief can get medical services.

Insurance cards are just paper or plastic and can easily be counterfeited. Many are often lost or stolen, and simply possessing an insurance card allows a thief access. Hospitals rely on the honor system, believing patients are who they say they are—but people lie. And while most of the administrators are doing their jobs ethically, some lie too.

When a thief steals a medical ID to procure medical care, the thief’s medical condition and diagnosis are added to the victim’s medical record. Ouch. This may end up as a misdiagnosis, and the introduction of data that might conflict with the victim’s medical history or conditions. Such would-be contraindications as allergies, drugs the victim may be allergic to, and other health issues may not be considered. Finally, getting misinformation or fraud removed from a victim’s medical record can be extremely difficult and sometimes impossible.

To protect yourself from medical identity theft:

  • Install a locking mailbox. This helps prevent mail from being stolen.
  • Never carry insurance or medical cards on your person unless you have an actual appointment.
  • Protect medical information documents in locking file cabinets or encrypted files. Shred all throwaway documents.
  • Get identity theft protection. When a thief can’t steal your financial ID, your medical ID will be less attractive.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

11 Types of Grey Charges

Grey charges: “Deceptive and unwanted credit and debit card charges that occur as a result of misleading sales and billing practices.” Technically, grey charges aren’t considered fraud because the legalese spells it all out, and trusting consumers sign on the dotted line. Merchants know levying grey charges is legal, but they also know it’s unethical, and they don’t seem to care.

Free-to-Paid. Consumer receives goods free for a trial period. After the trial period, the seller automatically charges a fee unless the consumer affirmatively cancels or returns the goods or services within the obscure return period.

Phantom. Consumer completes a primary transaction and receives an additional product from the seller or a third party that is distinct from the party offering the initial product.

Service and Luxury Fees. Charges paid to acquire luxury items and for the privilege of having a bank account, special card, processing a special request, etc.

Zombie. A subscription or membership that doesn’t end even after it has been canceled.

Unintended Subscription. Consumer completes a one-time transaction that turns into an unwanted and ongoing subscription.

Misleading Advertising. Occurs when a consumer is presented with an advertisement containing false promises, unsubstantiated claims, incomplete descriptions, false testimonials or comparisons, partial disclosures, visual distortion of the product being purchased, or qualifications presented in small-print.

Membership. Consumer joins a discount club. In exchange, the consumer agrees to receive merchandise periodically unless the club is notified not to send it. If the consumer takes no action on time, the seller charges the consumer and sends the goods.

Unwanted Auto-renewal. Consumer enters into an annual agreement to purchase goods or services. If the consumer does not cancel the arrangement prior to the cancellation deadline, the seller automatically renews the subscription for another term and bills the consumer the requisite fee without formal notice.

Unintended Purchase. Misleading information during a sign-up process leads to an unintended purchase.

Hidden Fee. Extra charges that were either non-disclosed or deceptively disclosed that were added to the price originally agreed to by the consumer.

Other. Includes charges that the consumer finds deceptive. However, they aren’t considered fraudulent and don’t clearly fall into one of the other categories.

Don’t get taken! Here’s how to outwit the grey chargers:

  • Scrutinize your statements carefully,
  • Demand refunds when grey charges occur,
  • Threaten a “chargeback”, which is a transaction in which a bank pulls money back out of a merchant’s account, and

Robert Siciliano is a personal security expert & and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

5 Myths and Misconceptions About Home Security

Security is one of those topics we’d rather not discuss because it requires us to acknowledge the fact that we are vulnerable to miscreants bent on doing harm. Sorry, but this is Real Life 101 here—which, unfortunately, means most people don’t do anything about their security proactively; hence, so many people are victimized and end up in complete disbelief about how that could possibly have happened.

Here are 5 things I hear as to reasons why people don’t think they need security:

The “can’t happen to me” syndrome seems to be an American thing. I find in my travels that Americans, more than any other culture, simply don’t believe they can be a victim of a crime such as a burglary or home invasion. But believe me, it happens often—every day, as a matter of fact. The FBI says a home is burgled every 15 seconds. Seriously.

“I live in a safe neighborhood.” Your neighborhood is safe…until one of your neighbor’s kids decides to start doing meth or a sex offender decides to move in because he thinks he’ll go undetected. Safe neighborhoods are a myth.

If they want to get in, they will get in.” There’s some truth there, but it’s misguided. Sure, burglars can ram a truck through your front door, but the attention they get will prevent them from going too far. Having multiple layers of security, alarms, monitoring, etc. decreases the chances of your home being chosen and increases the bad guy’s chances of being caught.

“I have nothing of value, so know one will break into my home.” You might not have much, but the act of breaking into a family’s home at 3:00 a.m. and pulling them out of bed and torturing them for fun is appealing to many. A break-in isn’t always for profit.

“I don’t want to live paranoid, so no alarm for me.” Did you really just say that? Are you an idiot? Do you really think having a security system meant to prevent a predator from assaulting your babies while they sleep makes you mentally ill? Paranoia is what you get after the assault; it’s an effect of post-traumatic stress. It makes you question the safety, security, stability, structure and protection of everything around you all day.

Stop the nonsense. Get an alarm system.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How the Average Consumer Can Keep Their Smartphone Secure and Private, a Conversation with Identity Theft Expert, Robert Siciliano

By David Geer (bio: http://www.linkedin.com/in/daviddgeer)

“A mobile phone is lost every 3.5 seconds. More than half of those devices are smartphones. 40% are not password protected.” – Identity Theft Expert, Robert Siciliano

Smartphones outnumber PCs. Though the devices are more personal than “personal” computers, they can certainly be less secure. Malware (mal = bad, ware = software) such as viruses, apps that are not secure or that funnel out private information, and the loss or theft of unprotected devices are all threats that lay in wait for unprepared users.

I spoke with Identity Theft Expert, Robert Siciliano for a Q&A about consumers’ top smartphone security and privacy concerns. Genuinely concerned and personally involved, Robert details how the average consumer can keep their smartphone safe.

David Geer: What are the average consumer’s smartphone security concerns?

Robert Siciliano: We are hearing a lot about malware. We are hearing a lot about privacy issues with the apps people download. There are apps that violate user privacy by communicating information the user may not want to communicate (without their knowledge). Though the vendors often state in the TOS (Terms of Service) what these apps will do, some apps share personal information despite what their TOS say. There are also issues with lost or stolen phones, especially when the user has not password protected their device.

There are thousands of examples of malware targeting mobile devices. But while consumers are more concerned about that, the loss or theft of their phone is a larger issue. A mobile phone is lost every 3.5 seconds and more than half of those devices are smart phones. Forty percent of phones are not password protected. An overwhelming number of phones are lost with no password protection.

Then there are the issues we have seen with people stealing people’s phones. I think the biggest concern should be password protecting your phone as opposed to worrying about malware. That is not to say you should not be concerned with malware.

DG: What are some real-world cases of smartphone threats occurring?

RS: A woman contacted me saying, “Robert, I was at a concert last night and I lost my phone.” When she got home, she logged on to her Facebook page and someone had posted all of her naked photos from her phone to her Facebook page.

There are two issues here. One is the fact that her phone was not password protected. The other is that she and many, many starlets are taking nude photos and storing them on their phones. That is a big detail. I have read a half dozen stories in the past year about young, successful actresses that had nudes on their devices and these have ended up on the web because the device was hacked or stolen. These starlets are giving other women the green light to go ahead and do the same thing. We have an entire culture that is engaged in this behavior and not doing much if anything to protect their data.

Our digital devices store our most private information: usernames, passwords and access to private accounts including banking and social accounts. Exposing all the intimate details of our lives because of a lost, stolen or hacked phone is serious business.

McAfee studied password sharing with ex-spouses. A significant number of people surveyed said that they have or would expose their former significant other’s most private photos and videos in the event of a bad breakup. They had access to the passwords and had the same data on their own devices because they took it from their significant other’s phone.

G: Most smartphone users have no interest in becoming technical gurus. What are some things any consumer can do to protect their devices and themselves from these concerns?

RS: It boils down to common sense in recognizing the risks. It is common sense to password protect your device. Beyond that, users should have lock, locate and wipe software whether the vendor built it into the phone or users download it. (This enables the user to lock the phone against access, find the phone or completely wipe all sensitive data from the phone remotely). Then the user should have anti-virus software on the phone.

Do not root or jailbreak your phone. This breaks down the defenses the OS software developer put in place. There is only one store where you can download safe, secure apps for the iOS (Apple) and one where you can download them for Android. When you jailbreak the phone to gain access to the hundreds of other stores and their downloads, neither Apple nor Google have tested these apps.

Jailbreaking is what gets the user and their employer who offers bring-your-own-device options into trouble.

DG: Are there any smartphone settings that can help without frustrating the consumer technically?

RS: Yeah. Turning off Bluetooth, especially when not in use will help. Turning off your location-based services will, too. You have options on what to do in the event that someone does try to access the password. So, for example, if they try to enter the password more than 10 times, then the device will wipe. That is something that you can turn on or off.

DG: Are there any free or modestly priced software solutions that can help without frustrating the consumer technically?

RS: I am a McAfee spokesperson, so I always recommend McAfee’s line of mobile security products. Some are free; some require a small fee. All are very user friendly. Other than that, there is whatever software is already on the device.

DG: If all this is still too much, where can a consumer go for help?

RS: You have heard the term, “Google is your friend”. There generally is not an issue where someone did not ask a question and someone else did not answer with respect to technology. Do a search and find a variety of forums where people have asked the same question you have and someone has answered it. It is a matter of knowing how to ask the right question. Beyond that, your device’s manufacturer or service provider is good places to start.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

Keeping Tabs on Your Kids From the Office

Look, I hear this all the time: “I want to respect my children’s privacy, but I also want to keep tabs on them.” OK, I get it. Kids need their privacy. But at what age does that start? In my mind, they can have their privacy at 18 years of age—because up until that time, a parent is 100 percent legally responsible for what those kids say and do. So if you condition your children early on that there is no privacy until 18, then to a degree it is at least understood that their life is an open book to Mom and Dad. Plus—let face it—as teens, we didn’t always make the right choices. Today, those choices can be made very public with social media. So for many reasons, you want to keep tabs on your kids.

You might be at work eight to 10 hours a day and when the kids get home, it’d be nice to know they are safe…and not having a keg party. There are many technology offerings to keep you in tune, from mobile apps to home security cameras. The key is to balance functionality with cost and keep basic privacy in mind.

Security cameras: Want to see the kids getting home? How liberating would it be to discreetly glance down at your smartphone during a meeting and see exactly what’s going on in your living room? You can—Nexia™ Home Intelligence has teamed with Schlage Home Indoor Cameras to create convenient scenarios like this, and more. Today’s wireless home security cameras are easy to install, connect to the internet, and can be viewed on a PC/Mac browser, smartphone app or tablet. Cameras are so cost effective and provide such peace of mind, I have 16 of them.

Mobile phone spy software: There’s no mistaking what Stealth Genie does. The company says it has the most powerful cell phone spy and tracking software anywhere that lets you monitor ALL the activities of any jailbroken iPhone, BlackBerry or Android phone. It starts uploading the monitored phone’s usage information and exact location instantly, which then can be viewed by logging in to your StealthGenie user area from any computer in the world within minutes.

Life360 app: This is pretty cool. You may want to wring their necks sometimes, but you’d do anything to keep your family safe. Everything Life360 does is designed to help you manage the chaos that is daily family life. From seeing where everyone is on a map to letting them know you’ll be five minutes late, Life360 is designed to make things a lot easier and help you keep tabs.

Canary: This is a mobile phone safe driving application that keeps you in tune with your kids’ driving speeds and talking/text habits to end distracted driving. This is a no-brainer that keeps you abreast of potentially dangerous activity when they are on the roads.

Know your kids’ passwords: You bought the phone and the computer, you pay the phone bill and you own the devices. Your kid basically uses your electronics. All the passwords for the phone and its apps have to be provided to you as a condition of its use. Simple as that.

Friend them: If your kids are on Facebook, then they need to friend you. Keep in mind they may have more than one profile, which is when spyware and having access to their (your) devices comes in handy.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Why Home Security Matters

Your home is your castle, as they say. This means it’s supposed to be a place of safety, security and respite. But what happens when it’s burglarized and it’s no longer that safe haven? I’ll tell you: people move. And they are never the same after.

Let’s face it—people are crazy. Some studies have shown as much as 50 percent of all people are mentally ill in some way. That’s a lot of nuttiness going on. As a result, there’s drug abuse, kidnapping, assaults, rapes, robberies and just plain murder for fun. Crazy often means violent—and crazy combined with violent means no safety or security.

As a species, we require security. Note these words from Abraham Maslow about safety needs, published in his 1943 paper, “A Theory of Human Motivation”:

With their physical needs relatively satisfied, the individual’s safety needs take precedence and dominate behavior. In the absence of physical safety—due to war, natural disaster, family violencechildhood abuse, etc.—people may (re-) experience post-traumatic stress disorder or transgenerational trauma.

That’s serious stuff, but think of it like this: If your child experiences some form of trauma at school, like bullying, he or she will most likely not want to go back. And in some cases, the child even takes his or her life because of that trauma. And if your home is ransacked, you will be traumatized too.

But frankly, don’t worry about it. I don’t. But you should DO something about it. I have systems in place that work to keep my family and me safe. Home security isn’t something that you or I should take for granted, because when the “security” of your home is taken away, life becomes a struggle.

Peace of mind can come from locking your doors, having a home alarm, and putting additional systems in place that allow you to rest comfortably, knowing your home is being watched over.

Take control over your domain. Let’s face it—we all require a degree of control over our lives, and by investing in home security you are taking necessary steps in gaining that control.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Why Should You be Careful When Using Hotspots or Free Wi-Fi?

These days, it’s not uncommon for us to connect to Wi-Fi wherever we go. In fact, we’ve come to expect there will be a Wi-Fi connection—at hotels, coffee shops, airports, and now even on some flights—pretty much everywhere. While the ability to connect just about anywhere is convenient, it also has opened the door for hackers to gain access to our personal information.

If you are using an unsecured connection—in public, at home or in the office—you run the risk of exposing your sensitive data to hackers. While it may seem strange to worry about bad guys snatching our personal information from what seems to be thin air, unfortunately, it’s more common than we think. If they hack the Wi-Fi connection you are using, they can not only see data stored on your computer, but see data you are typing into online sites.

Some hackers specifically search for unsecured wireless connections driving to different areas to find them and sit quietly across the street while accessing all your info. They also will often set up fake free Wi-Fi connections or hotspots specifically aimed to steal your information.

The good news is there are things you can proactively do to help protect yourself when using Wi-Fi connections:

Basic Connection Tips:

Turn off Wi-Fi. When you’re not using your Wi-Fi connection on any of your devices, it’s good practice to turn it off. That way it won’t automatically connect to any Wi-Fi that is in the area. And for your mobile devices, it will help save your battery life since your mobile will not be constantly searching for an available Wi-Fi connection.

Only connect to secure connections and save your sensitive searching for home. Make sure that any network you connect to away from home, such as those in cafes and hotels, are secure. You can tell when a network is not secured because you will see a message when you connect saying that you are “connecting to an unsecured network.” And if you are using an unsecured network, do not shop online or access any of your personal and financial sites.

Only use HTTPS. HTTPS, or hypertext transfer protocol (HTTP) with secure sockets layer (SSL, hence the S after HTTP), is a more secure option set up by a website owner who knows security is essential. Look for “HTTPS://” in the address bar to signify you are on a secure page. Even on an open, unsecured wireless connection, HTTPS is more secure than HTTP.

Tips to Protecting Your Home Wireless Connection:

Password protect your Wi-Fi connection. You can set your router to allow access only to those users who enter the correct password. These passwords are encrypted (scrambled) when they are transmitted so that hackers who try to intercept your connection can’t read the information.

Change the password on your router. Router manufacturers usually assign a default user name and password allowing you to setup and configure the router. Hackers often know these default logins, so it’s important to change the password to something more difficult to crack so your router settings cannot be changed by a hacker.

Change the identifier on your router. Each router is also assigned a default identifier, or Service Set ID (SSID), by its manufacturer. This ID is usually broadcast by the router to announce its presence to any devices in the area. Once again, hackers have done their homework and use default IDs to try to gain access to your network. Your best bet to keeping the bad guys out is changing the identifier to something only you know. For some routers, you can also turn off the broadcasting of this ID, so it can’t be seem by other devices when trying to connect.

Knowing that you could be vulnerable on Wi-Fi connections is a good first step to taking the proper precautions to protect your data and information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Does Identity Theft Protection Really Work?

Do identity protection service really work? How effective are their scanning/monitoring methods? Can they truly protect consumers? The answers may vary. Identity theft protection is designed to protect you from new lines of credit being opened in your name—and along with the recovery/restoration component, it’s designed to clean up the mess.

It’s safe to say I’m an expert on identity theft protection. But honestly, sometimes I get confused by what different companies offer for identity theft protection. Sometimes their marketing copy is confusing and often misleading. There has always been a lack of transparency when it comes to identity theft protection.

Identity protection should be transparent. If you are spending 10 or more bucks a month, you want to know what you are getting.

  • Monitoring of credit bureaus: Monitoring may consist of one to three credit bureaus. So when a credit check is made, you are notified.
  • Monitoring of Social Security numbers (SSN) via credit applications: Some services have technology that is in place with major creditors and phone companies, and this technology looks for your SSN and alerts you when it’s in use by anyone, including you.
  • Monitoring of the internet: There are chatrooms and forums filled with criminals who broker our stolen data. There are websites that store our information. If your sensitive data shows up, you are notified.
  • Medical identity theft protection: Some companies say they will help protect you from medical identity theft. I’m not sure how, but maybe they have relationships with the Medical Information Bureau.
  • Recovery: When you read the fine print, it usually says the company will only help you recover from identity theft when the service’s product fails to provide the protection you bought. However, most protection services will at least walk you by the hand or point you in a direction to solve your issues. They don’t usually leave you stranded.
  • Lost wallet protection: With this, you can register your credit cards with the service so in the event your wallet goes missing, one call to the service will shut them all down and reorder new cards.
  • Credit card protection: Identity theft protection can’t protect your credit cards. Your bank might offer a service that involves a form of “zero liability” in the event your card is compromised.
  • Bank account protection: Identity theft protection can’t protect your bank account, but their recovery services may help you in the event you are hacked.
  • Service guarantee: Many offer a million-dollar service guarantee or something comparable. The point of this guarantee is to let you know the service will spend up to that dollar amount to fix your problem. In reality, it shouldn’t take more than a few dozen phone calls by a professional and maybe the services of a lawyer to make identity theft go away.

These services know what they are doing. It’s their life. And we at BestIDTheftCompanys.com know what we are doing, so check out how we disseminate what’s what—and decide for yourself.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Location-based GPS Services are Risky

It’s pretty simple: Your mobile’s global positioning system (GPS) functionality allows location-based services to locate and publish information about your whereabouts on various applications and within the code of photos posted online. Various applications allow you to “check in” using your mobile and share your whereabouts with the world. These applications tap into your device’s GPS longitude and latitude data.

GPS certainly can be useful, such as with directions or when trying to find a local restaurant, but letting the world know where you are and where you aren’t every minute of the day is a little insane to me.

For example, when your location is broadcast on social networks, anyone can see it. An example is when you check into a hotel while on vacation. Thieves can see you’re not home, do an online search for your home address and burgle your house. Not cool.

Adults, teens and some kids use these services to meet up, but what could happen if your child’s exact location fell into the wrong hands? Parents now have to be particularly vigilant if their children use location-based services.

Freaky stalkers use GPS to track their victims. A stalker may not necessarily be a stranger but instead a family member, ex-boyfriend or ex-girlfriend using his or her personal access to manually turn on GPS tracking.

Always be aware of an application’s policy and access permissions. GPS data is also used in geotagging, which tracks exactly where photos and videos are taken by including data in the image file that records locations.

Many of us are unaware of this tracking feature, even though sharing images online has become immensely popular. Websites such as Facebook, Instagram, Flickr and YouTube are filled with pictures and videos that include location information. Always keep in mind this is personal information that you may be sharing inadvertently.

By using a VPN (virtual private network) appsuch as Hotspot Shield VPN, your mobile’s IP address is masked; this confuses some of the functionality in geotagging. So if you’re going to go without it, think before you turn on GPS and start snapping pictures to post.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Robert’s FREE ebook text- SECURE Your@emailaddress -to 411247.