Aquaman, King of the Seven Seas May Also be King of Threats

/in /by

Wonder Twin powers activate! Shape of a Pterodactyl! Form of an icicle! Watching the Super Friends on Saturday mornings in my pjs while eating sugared cereal for breakfast and reading comic books was the extent of my relationship with super heroes. Ahh… those were much simpler times.

Today kids can find everything they need to know (and more) about their favorite superhero online. And with computers, Internet-connected game consoles and mobile devices all readily available, they can access this information at any time. But now searching for these super heroes may not be all that innocent as just looking for fun facts.

With the resurgence of the superheroes into mainstream movies (think Iron Man, Hulk, Captain America to name a few), hackers are leveraging their popularity to target consumers. Hackers are most successful when they can attract a large number of victims. One way to target big crowds online is to track current events—everything from celebrity meltdowns and natural disasters to holidays and popular music—and now, superheroes.

McAfee reveals the top Most Toxic Superheroes (#toxicsuperhero) that result in the greatest number of risky websites when you search for them online. The research found that searching for the latest “Aquaman and free torrent download,” “Aquaman and watch,” “Aquaman and online,” and “Aquaman and free trailer” yields a 18.6% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

The study uses McAfee® SiteAdvisor® site ratings, which indicate which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top Superheroes from the research with the highest percentage of risk are:

Aquaman                   18.60%

Mr. Fantastic            18.22%

The Hulk                    17.30%

Wonder Woman       16.77%

Daredevil                   16.70%

Iron Man                    15.63%

Superman                   15.21%

Thor                            15.10%

Green Lantern          15.00%

Cyclops                       14.40%

Wolverine                   14.27%

Invisible Woman      12.40%

Batman                       12.30%

Captain America        11.77%

Spider-Man                 11.15%

Here’s some tips to help you stay safe while searching online (whether it be from your PC or mobile device):

Be suspicious: If a search turns up a link to free content or too-good-to-be-true offers, be wary

Double-check the web address: Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquattting)

Search safely: Use a safe search plug-in, such as McAfee SiteAdvisor software that displays a red, yellow, or green ratings in search results, warning you to potential risky sites before you click on them

Protect yourself: Use comprehensive security software on all your devices, like McAfee LiveSafe™,to protect yourself against the latest threats

Broadly speaking, this study confirms that scammers consider popular trends when deciding which victims to target. This makes common sense. If hackers are motivated largely by profit, the biggest profits can be wrung from the largest pools of potential victims. And on the web, popular trends and visitor traffic are highly correlated—so be smart and don’t fall into their trap.

Discuss on Twitter using #toxicsuperhero

Robert

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

How to Get Free and Secure Wireless Anywhere

/in /by

Portable WiFi can be as little as 20 bucks a month, but for the 200 or so MB you get and the slow speed that comes with it, you’d be better off upgrading to the $50-$60 for carrier WiFi with unlimited data on the faster 3/4G network.

But why pay when you can get it for free? Well, if you don’t have the time to hunt for WiFi or just need it occasionally, then you may have to pay. Otherwise, if you are flexible and can get around easily enough, there are plenty of resources out there for free WiFi.

Resources for free WiFi:

  • Mobiles: If you’re out and about, ask anyone if he or she has a mobile phone that acts as a hotspot. PC Advisor calls this setup tethering or internet sharing, and many smartphones provide this feature, including iPhones, BlackBerrys, Windows Phones and Android handsets. PC Advisor also has a list of phones that can do the trick.
  • Retail shops: Local coffee shops; retail stores; malls; hospitals; chains like Starbucks, McDonalds, Taco Bell, KFC, Burger King and many others provide free WiFi—often without you having to buy anything.
  • CableWiFi: Bright House Networks, Cox Communications, Optimum, Time Warner Cable and XFINITY allow one another’s high-speed internet customers to access more than 150,000 WiFi hotspots. CableWiFi is the wireless network name created as an extension of the WiFi services offered by internet service providers listed here.

WiFi locators:

  • WiFinder (iOS/Android) enables your WiFi card to find secured and unsecured wireless connections wherever you are. WiFinder provides the ability to quickly search for open WiFi networks from your home screen.
  • WeFi (Android) claims to be the most popular WiFi connection manager on the market. With WeFi, you always get the best WiFi connection while keeping battery consumption to a minimum.
  • Free Zone is the app that helps you find free WiFi hotspots—and it really works, with more than 300,000 WiFi totally free hotspots.

But keep in mind that “free” generally means unencrypted, wide open and unsecured, so they’re susceptible to hackers using sniffing hardware and software to steal your information.

When you’re hopping on free WiFi, make sure to download and install Hotspot Shield VPN on your mobile, tablet or laptop to encrypt your wireless communications so evildoers can’t see your data or install a Trojan on your device.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Easily Install Locks and Increase Home Security

/in /by

It’s not that hard to protect your home. In less than 30 minutes, you can install a strong lock, like a Schlage, to fit common prepped doors and you only need a screwdriver.

Ever install a door lock? There are certain activities in life that everyone should know how to do. Change a tire, give CPR, perform self-defense, swim, and change a lock. All of these things revolve around safety and security, and I’m betting you know how to do maybe two or three out of the five. (P.S. – if you know all five, then you are awesome!)

Knowing how to DIY a lock change isn’t entirely necessary, as you can always get someone else to it for you. (In my own life I can count at least a handful of times when someone called me to change locks in an emergency situation whether due to losing keys or a bad roommate situation) But why go through all the time of finding someone and maybe even a significant expense if you can do it yourself in less than 30 minutes – sometimes even in less than 15?! Today’s doors are pre-fit with all the necessary holes, so all you have to do is assemble the lock in place. Rarely will you need to retrofit or drill additional holes. When installing, most locks require two to four screws and you’re done! It’s the simple!

Installation instructions are always included in new lock packaging, with detailed examples of all the parts and how to put them together. Videos such as this one for Schlage’s Keypad Entry Lock, show exactly how to install a new lock.

More videos and installation instructions for Schlage’s strong locks can be found here.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Tech 2013 Hits and Misses…So Far

/in /by

2013 is turning out to be the “year of the wear”, and mobile payments are looking grrrreat too!

HIT: Glass: Wearable tech is all the rage with Google Glass leading the field. Google Glass is a wearable computer with an optical, head-mounted display that is being developed by Google with the mission to producea mass-market, ubiquitous computer. Google Glass displays information in a smartphone-like, hands-free format that can interact with the Internet via natural language voice commands. Even though Glass hasn’t officially been available for sale on the mass market, the demand for it is incredible.

HIT: Fitness tech: CNET reports:“For example, Fitbit announced a new tracker, called the Fitbit Flex, which is squarely aimed at the Nike FuelBand and Jawbone Up. A wristband-style gadget, the Flex connects to iPhones and Android handsets to share stats such as the number of steps you take and the quality and duration of your sleep. In the same vein, startup company Basis Science finally disclosed plans to bring its Basis Band health tracker to market.”

HIT: Mobile payment: Phys.org reports: “There are players of all sizes in the burgeoning mobile payment systems industry, including big U.S. financial institutions such as Bank of America and small startups such as Square in San Francisco. It has become a crowded field, and some of the bigger players are expanding their products to set themselves apart.”

MISS: Tablets that aren’t running Apples iOS. Certainly, many people are using tablets and there are a few people not using the iPad. But, well, who’s not using an iPad? Where are they? Anyone I see pecking away is on an iPad. I keep reading articles such as “Death of the Windows Tablet”. I think it’s just a matter of time.

MISS: Symbian mobile operating system. Techweek reports: “Nokia has stopped shipping the devices with Symbian. The PureView808, was the last handset to run the Symbian operating system. The OS loved by many Nokia enthusiasts is well and truly dead – though its death warrant was signed much earlier, in 2011, when Nokia pinned its hopes on Microsoft’s Windows Phone OS.”

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

What is Mobile Banking? Is it Safe?

/in /by

Mobile banking (mBanking) or text (SMS) banking refers to online banking that occurs via mobile phone rather than via a PC (online banking). The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and the Apple iOS and Google Android operating systems, mobile banking is now primarily offered through applications as opposed to through text messages or even a mobile browser.

Mobile banking allows you to review transactions, transfer funds, pay bills and check account balances via your mobile device. MBanking also offers enhanced security with SMS transaction notifications and the ability to turn card accounts on or off; the development of new technologies like mobile check deposit (where you simply take a picture of the check using your smartphone’s built-in camera) is contributing to the increasing popularity of mobile banking. Eventually, mobile phones may even replace automated teller machines (ATMs) and credit cards.

However, studies show that many Americans are still uncomfortable with mobile banking, citing security as a top concern. According to Javelin Strategy and Research, “Between 2009 and 2010, the number of consumers who rated mobile banking as ‘unsafe’ or ‘very unsafe’ increased by a shocking 54 percent.”

While banks are working to do their part, users have to take additional steps to make sure their mobile data is protected. Here are some tips for mobile bankers of all ages to help keep you safe while banking on the go:

  • Download your bank’s mobile application so you can be sure you are visiting the real bank every time and not a copycat site.
  • Connect to your bank’s mobile site or app securely by making sure that your wireless network is secure.
  • Never send sensitive information over an unsecured wireless network, such as in a hotel or cafe. Use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. My favorite, Hotspot Shield VPN software, has been downloaded over 120million times.
  • If available, use additional layers of authentication in which the account holder authorizes various transactions via text message or phone calls with the bank to give an additional code.
  • Configure your device to auto-lock after a short period of nonuse.
  • Don’t store data you can’t afford to lose on an insecure device.
  • Use mobile security protection that offers multiple layers of protection including anti-theft, antivirus, antispyware, anti-phishing and app protection.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How Secure is My Mobile Carrier’s Network?

/in /by

The National Security Agency (NSA) prescribes security regulations covering operating practices, including the transmission, handling and distribution of signals intelligence (internet, phone, etc.) and communications security material under control of the NSA’s director. The NSA acts as the national manager for national security and answers to the secretary of defense and the director of national intelligence.

The NSA uses the Android operating system with double encryption for voice communications and a unique routing scheme for 3G wireless communications. You’ve got to figure that if their people are communicating with the president of the United States, then they need to be on a secure, protected network. But you, on the other hand, aren’t the NSA and don’t really need that.

While there is no such thing as 100 percent secure, your mobile carrier’s wireless is pretty much as secure as it can be due to the way it is setup, and the security technology is built into the way the network communicates with the hardware in your mobile device. There are numerous encryption methods, keys and authentication tools designed to identify each user and provide a secure channel of communication.

Mobile broadband (your carrier’s network, which you use to send and receive data over 3G/4G) has a degree of encryption that has been cracked before—hence the reason why the NSA uses double encryption—but the necessary hardware isn’t widely available to criminals. Researchers have demonstrated how the system can be hacked, but it’s still more secure than other options—particularly WiFi, which is unsecured.

Standalone, unprotected WiFi is far from NSA-grade secure and requires additional encryption for anyone at any level to be protected. On WiFi, at a minimum, use a secure virtual private network (VPN) such as the free Hotspot Shield VPN proxy that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

 

A Digital Life Through the Eyes of a Child

/in /by

McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kidsexamines the online habits and interests of tweens, teens, and young adults. It found there is an alarming and significant disconnect between what they do online and what their parents believe they do.

The study shows that 80% of parents did not know how to find out what their kids were doing online, while 62% did not think that their kids could get into deep trouble online. As for the young people, the study found that 69% said that they knew how to hide what they did online from their parents, and (disturbingly) 44% cleared their browser history or used private browsing sessions to hide their activity from their parents.

While youths understand that the Internet is dangerous, they still engage in risky (and sometimes illegal) behavior. Not only are they hiding this activity from their parents in a variety of ways, but in the study almost half (46%) admitted that they would change their behavior if they knew their parents were paying attention.

86% of youths believed that social sites are safe and were aware that sharing personal details online carries risks, yet kids admitted to posting personal information such as their email addresses (50%) and phone numbers (32%).

48% have viewed content they know their parents would disapprove of.

29% of teens and college-aged youths have accessed pirated music or movies online.

Adding to this problem is how clueless parents are regarding technology and their kids’ online lives: 54% of kids said their parents don’t have time to check up on their online behavior, while 42% said their parents don’t care what they do online. And even worse, only 17% of parents believed that the online world is as dangerous as the offline world, and almost 74% just admitted defeat and claimed that they do not have the time or energy to keep up with their kids; theysimply hope for the best.

Parents must stay in the know

Kids have grown up in an online world. They may be more online savvy than you, but giving up isn’t an option. You must challenge yourself to become familiar with the complexities of the online universe and stay educated on the various devices your kids are using to go online.

Here are some things you can do as parents to get more tech savvy:

Get digitally savvy: Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless, or software, learn it. Get to know the technology as good as or better than your kids.

Get on social media: By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. This is a good way to learn a key method that your kids use to communicate.

Manage online reputations: Google yourself and your kids to see what’s being said. Teaching your kids what is and what is not appropriate online is a must these days. And as a good rule of thumb, you should teach your kids that things posted online stay there forever.

Get secure: There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Update your devices’ security software and invest in programs to manage and filter their access.

Two great online resources are www.wiredsafety.org and www.staysafeonline.org.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Summertime is Burglary Time: Lock up!

/in /by

According to U.S. Department of Justice statistics, an American home is broken into about every 15 seconds. Summer marks a busy time of year when Americans need to be extra aware of heightened home security breaches. According to the FBI, July and August have the highest monthly burglary rates, as intruders look to take advantage of increased travel during the summer months.

Homeowners are advised to take action and prevent intrusions by strengthening home security. The best defense against burglary is preventionand with proper planning you can help make your home unappealing to burglars. Burglars watch to see when you are traveling on vacation and even look for signs you are gone for minutes or hours at a time.

Here are a few tips to keep your home secure during summer months:

  • Protect your home’s main point of entry by installing a strong lock like the Schlage Touchscreen Deadbolt. I like this product because it offers the highest grade residential security available and has a built-in alarm, anti-pick shield and is even easy enough for you to install on your own.
  • Don’t leave windows open and unlocked while you are gone. Close and lock them even if you are just leaving for a few minutes. This will cut off easy access to your home.
  • Don’t leave outside lights on 24 hours a day. Using timers on indoor and outdoor lights is an easy way to give the illusion that you’re home – even when you are not.
  • Don’t leave your driveway empty and even ask a neighbor to park their car in your driveway while you are gone.
  • Don’t allow your overgrown grass to grab attention. Schedule time for a landscaper or have someone trusted mow your lawn if you’re going to be gone for weeks at a time.
  • Don’t pack your car openly before a trip. This should be done in your garage or late at night under the cover of darkness.
  • Do have trusted friends, family, or neighbors collect your deliveries and let the police know you are traveling.
  • Don’t list your vacation plans on social media. Burglars love when you tell them you are 2,000 miles away and wait until you get home to post all those photos.
  • Lock all your doors and unplug garage door openers.
  • Don’t share your travel plans on a voicemail outgoing message and make sure to collect all your voicemails so the “mailbox is full” messages don’t play.
  • Don’t leave valuables sitting on dressers or in unlocked draws and make sure to lock everything of significant value in a safe.
  • Use a home automation system like Nexia Home Intelligence to check in on your home from afar. By using a system like this with a Schlage Camera, homeowners can monitor unusual activity to spot anything out of the ordinary.

Summertime doesn’t have to be burglar time if you follow these dos and don’ts!

Robert Siciliano Home Security Expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Avoid Risky Web Searching on a Mobile Device

/in /by

The mobile web can be a minefield of malicious links luring you to click so bad guys can infect your device. Search engines do their best to filter out these sites, but nefarious criminals have found ways to get their scammy pages to the top of search results through a process called black hat search engine optimization.

Criminals create fake websites and then use the same techniques as legitimate online businesses do regarding search engine optimization, marketing and online advertising. They use keywords to boost rankings on internet search engines, causing their fake websites to appear alongside legitimate ones.

It is also much harder to tell if a URL is legitimate since due to the limited screen space, mobile browsers especially often truncate web addresses. Also, if you’re clicking on a link to a site from an email you received, it’s hard to see the full sender’s email address; this makes it hard for you to know whether it’s coming from a fake person or company. Finally, the “hover over” option that many of us use to preview URLs on computers doesn’t work yet on most touch screen mobile devices.

Wireless internet also contributes to risky web searching. Unsecured, unprotected, unencrypted and sometimes shared wireless internet communications over WiFi in your home, office or any publicly connected WiFi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers.

On wireless connections that aren’t properly secured—such as public ones—your best line of defense is to use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is Typosquatting?

/in /by

Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”). When users make such a typographical error, they may be led to an alternative website owned by a hacker that is usually designed for malicious purposes.

Hackers often create fake websites that imitate the look and feel of your intended destination so you may not realize you’re at a different site. Sometimes these sites exist to sell products and services that are in direct competition with those sold at the website you had intended to visit, but most often they are intended to steal your personal identifiable information, including credit cards or passwords.

These sites are also dangerous because they could download malicious software to your device simply by visiting the site. So you don’t even need to click on a link or accept a download for dangerous code to install on your computer, smartphone or tablet. This is called a drive-by download and many typosquatters employ this as a way to spread malicious software whose purpose is to steal your personal information.

In some cases, typosquatters employ phishing in order to get you to visit their fake websites. For example, when AnnualCreditReport.com was launched, dozens of similar domain names with intentional typos were purchased, which soon played host to fake websites designed to trick visitors. In cases like this, phishing emails sent by scammers spoofing a legitimate website with a typosquatted domain name make for tasty bait.

In order to protect yourself against typosquatters, I recommend you:

Pay close attention to the spelling of web addresses or websites that look trustworthy but may actually be close imitations of the online retailer you are looking for.

Instead of typing the web address into your computer, make sure you have a safe search tool, like McAfee® SiteAdvisor® which comes with McAfee® LiveSafe™ that provides warning of malicious sites in your browser search results.

Don’t click on links in emails, texts, chat messages or social networking sites.

Invest in a comprehensive security solution like McAfee LiveSafe™ service that protects all your devices, your identity and data.

There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets so make sure you stay educated and use common sense!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)