Weak Passwords Can Cost You Everything

/in /by

If your computer or mobile was hacked or your passwords were cracked and your data was lost or if all the websites you have an account with were hacked and all that information was the hands of a criminal, how devastated will you be?

In McAfee’s study on the value of digital assets, consumers estimated the total value of all their digital assets on multiple devices at an average of $35,000. Digital assets include: music downloads, videos, photos, apps, emails, text messages, health/financial/insurance records, resumes/CVs, portfolios, contacts, recipes, etc.

Nowadays, if you’re shopping, banking or using social media sites online, you need a user name and password. If you’re like most people, you probably take the easy way out and use the same user name and password for every new site you access.

The challenge is that some sites let you use numbers and symbols in your password and some don’t, or the user name you want may be taken. And an even bigger problem is with all those valuable assets we store on our devices, you are leaving yourself open to exposure by using the same password everywhere—if one account ends up getting hacked, all your accounts could be hacked.

Did you know that?

Over 60% of us have 3+ digital devices

55% of us store digital assets on these devices that would be impossible to recreate, re-download or re-purchase

Over 75% of us visit 5 or more sites regularly that require passwords

63% of us use easy to remember passwords or use the same password for most sites

17% of us do little to nothing to protect our passwords

You need a better plan

Make sure you use different passwords for each of your accounts

Always log off if you leave your device and anyone is around and don’t use the “remember me” function on your browser or mobile apps

Avoid entering passwords on computers you don’t control (like computers at an Internet café or library) or when using unsecured Wi-Fi connections (like at the airport or a coffee shop)

Don’t tell anyone your password—your trusted friend now might not be your friend in the future

Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.

Use comprehensive security software on ALL your devices (not just your PC!), like McAfee®LiveSafe, that comes with a password manager that securely stores your usernames and passwords to your favorite sites, and logs in for you—with just one click

Here’s some tips on how to create a strong password. Remember, your password is often your first line of defense—protect yourself!

And don’t forget to play The $35,000 Question game on Facebook for a chance to win some prizes, while learning about protecting your digital assets!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Digital Security Improves Our Lives

/in /by

Our lives depend on the convenience of digital and require the security behind the scenes. Take contactless payment for example. Contactless payments are a faster, more convenient alternative to cash when making small purchases at fast food restaurants, convenience stores, and transport terminals. They are also ideal for remote or unattended payment situations, such as vending machines, road tolls, or parking meters.

These transactions are protected by multiple layers of security, which protect both retailers and consumers.

Some of these security features are incorporated within a card’s microprocessor chip, while others are part of the same networks that protect traditional credit and debit card transactions.

Think about how much more “digital” our lives have become. Digital assets include: entertainment files (e.g., music downloads), personal memories (e.g., photographs), personal communications (e.g., emails), personal records (e.g., health, financial, insurance) and career information (e.g., resumes, portfolios, cover letters, contacts), as well as any creative projects or hobbies involving digital files.

Every bit of this adds up to “more and better.” By this, I offer an example. I have a seven-year-old daughter who has evolved into a smarter, more well-rounded and aware child than I ever was. And, with the comfort of digital security, the technology that we expose her to makes much of that possible.

And this exposure is ubiquitous. While many people protect their PCs and digital assets from malware by installing antivirus software, they leave the doors open to criminals when it comes to smartphones, tablets and Macs, however. Bad guys are now targeting these devices, as their users’ complacency has made breaking into these devices the path of least resistance. Now more than ever, a multi-device security strategy is necessary.

But don’t fret. Enjoy your technology, be smart about it and make sure to exercise your security muscles.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

How do I shop with my mobile securely?

/in /by

To stay safe while mobile shopping:

Go big. Do your online business with major retailers, or those you already know, like, and trust. The chances of a major online retailer stiffing you, or of their database being compromised, are slimmer than those of an unknown.

Do your homework. If you search for a particular product and wind up at an unfamiliar website, do some research on the retailer before putting down your credit card number. Search for the company’s name and web address to see if there have been complaints.

Don’t give out more personal data than necessary. Many retailers require your name, address, phone number, and credit card information. This is normal. But if you are asked for anything beyond that, like bank account numbers or your Social Security number, run hard and fast.

Vary your passwords. Often, online retailers will ask you to register with their website when you make your first purchase. Never register using the same password you’ve already used for another website. Otherwise, if one website is hacked, your password could be used to infiltrate your other accounts.

Use HTTPS sites. Websites that have a secure checkout process—with “https://” in the web address (as opposed to “http://”)—are safer because they encrypt the transaction against interception by thieves.

Keep mobile security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.

Use a free VPN for Wi-Fi security like Hotspot Shield. Itcreates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures

Identity Theft Rings Focus On Loans and Credit Cards

/in /by

Identity theft rings are in every state, victimizing approximately 10 million people a year.

In Wycoff NJ, 11 men and women were arrested on charges of stealing identities to open credit cards in an alleged scheme that is believed to have defrauded more than 70 victims.

Patch reports: “Credit cards were opened in the victims’ names, and charges were made on their behalf by “authorized buyers.” The task force investigation found that most of the victims had recently refinanced or applied through.”

In Tyler TX 45 people were victimized in a loan in an identity theft scam using loan fraud. KLTV reports “They had obtained information on citizens, names, date of  birth, social security numbers and so on. Enough so that when they went online to these loan companies then they took out a loan in someone else’s name. Then, they went to a bank and opened an account in their true name and had that money wired to their account.”

Consumers must:

  • Protect themselves from account takeover by monitoring their accounts closely, protect their passwords, and refute unauthorized charges.
  • Protect themselves from new account fraud by locking down their credit with a credit freeze or identity theft prevention services.
  • Protect their devices with antivirus, antispyware, antiphishing and a firewall.

Identity theft will continue to plague citizens until smart systems are put in place to mitigate new account fraud and account takeover. Businesses are engaging an emerging device identification technology by Oregon-based iovation Inc. that spots cybercriminals by analyzing the reputation of computers and mobile devices used to connect to online businesses. They proactively investigate for suspicious activity and check for characteristics consistent with fraudulent users.

In one major case, iovation helped bust a fraud ring that victimized over 15 people where tens of thousands of fraudulent charges were racked up. The case started when a report of $5,000 in fraudulent credit card charges at a large electronics store and two department stores was reported. It just so happens that the credit issuer was using iovation to flag fraudulent credit card applications and tracking that back to the specific computers and mobile devices used. This information, combined with surveillance photos and other offline detective work, provided the perfect blend of digital and physical data that law enforcement needed to bust the crime ring.

What Does it Mean to Have a Connected Home?

/in /by

The internet-connected TV, PC, mobile and tablet are all connected to the home in ways like never before. All of these appliances are talking to one another in various ways. For example, many of us share media, display photos on various devices, or use different devices remotely for home security, HVAC control, access control, and on/off administration of various devices.

My own home is connected in various ways. Using my iPhone or any computer, I can access a cloud-based server that allows me to watch live footage from each of the 16 cameras I have installed in and around my property. The cameras also begin recording automatically whenever motion is detected, and that footage is stored in the cloud and available to me anywhere, anytime. It’s amazing how often I access these cameras when I’m on the road.

With home automation, I can use the cloud to remotely switch lights on and off and adjust the temperature control system. I also get alerts in the event of an intrusion or even a broken water pipe!

Another great example is the “Nest” thermostat and corresponding app. Control your home’s temperature from your iPhone, iPad, or iPod touch with the Nest Mobile app. Last-minute trip? Change the temperature from the ski slopes. Coming home early to a cold house? Turn up the heat on your way. The Nest Mobile app allows you to adjust your Nest Learning Thermostat from anywhere. Having a cloud-based, internet-connected home certainly provides an excellent layer of comfort, not to mention peace of mind.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

10 Cheap Ways to Secure Your Home

/in /by
  1. Consulting: Call a locksmith or a police officer for some basic tips on home security. Community programs in which law enforcement inspects a property is a cost-effective way to secure your home.
  2. Signage: Use “Beware of Dog” signs—one for the front door and one for the back door. And “This House is Alarmed” signs are excellent deterrents.
  3. Dogs: Dogs are a great form of home security…but they also can be expensive. Just buy the biggest dog food bowl possible—one bowl for the front porch and one for the back. Writing Killer on the bowl will give a burglar the impression that you have a big and vicious dog. You can even buy a barking dog alarm.
  4. Neighborhood watch: Have your neighbors keep a keen eye on your property when you are away, and do the same for them. Start a neighborhood watch program and set it up so everyone has a responsibility to watch one another’s properties.
  5. Lived-in look: Make your home seem occupied all day, every day. When you are away, put the stereo or TV on loud enough to hear from the immediate exterior. Buy inexpensive timers and plug all your lamps in.
  6. Outdoor motion sensors: Only 10-20 bucks. When someone is creeping and an exterior light goes on, they make a burglar think he’s being watched.
  7. Decent locks: Locks can be as cheap as 30 bucks. Beef up the strike plate by installing three-inch screws deep into the frame.
  8. Security bar: For short money, you can make a “security bar” with wood or pipe that wedges up under your doorknob.
  9. Screw your windows: Install small-angle brackets that prevent the windows from opening any more than five inches.

10. Install a bare-minimum home security system that includes daily alarm monitoring for short money. I use a home alarm too, and it is the best protection when you are sleeping or at work.

Robert Siciliano, personal and home security specialist to BestHomeSecurityCompanys.com, discussing burglar-proofing your home on Fox Boston. Disclosures.

Resolve to Dissolve Credit Card Billing Errors

/in /by

Like death and taxes, credit card disputes are inevitable. The good news is, whenever there is a credit card dispute that results from a billing error, the credit card company often takes the side of the cardholder until getting a counter argument from the merchant.

The better news is that all this is laid out in the Fair Credit Billing Act that went into effect in 1975. The law applies to “open end” credit accounts, like credit cards, and revolving charge accounts, like department store accounts.

The FCBA settlement procedures apply only to disputes about “billing errors.” For example:

  • Unauthorized charges. Federal law limits your responsibility for unauthorized charges to $50;
  • charges that list the wrong date or amount;
  • charges for goods and services you didn’t accept or that weren’t delivered as agreed;
  • math errors;
  • failure to post payments and other credits, like returns;
  • failure to send bills to your current address—assuming the creditor has your change of address, in writing, at least 20 days before the billing period ends; and
  • charges for which you ask for an explanation or written proof of purchase, along with a claimed error or request for clarification.

Your Rights

Nine out of 10 times, you should be able to pick up the phone or send an email to resolve any of the billing errors above and get everything squared away. However, some merchants recognize that the longer they dodge you and the more they avoid you, the more likely you are to give up. But hey, that’s your money! To take advantage of the law’s consumer protections, you must:

  • Write to the creditor at the address given for “billing inquiries,” not the address for sending your payments, and include your name, address, account number and a description of the billing error.
  • Send your letter so that it reaches the creditor within 60 days after the first bill with the error was mailed to you. It’s a good idea to send your letter by certified mail; ask for a return receipt so you have proof of what the creditor received. Include copies (not originals) of sales slips or other documents that support your position. Keep a copy of your dispute letter until you are satisfied with the resolution.

The creditor must acknowledge your complaint, in writing, within 30 days after receiving it, unless the problem has been resolved. The creditor must resolve the dispute within two billing cycles (but not more than 90 days) after getting your letter. Now, if things don’t work out the way you planned, there are lots more option to consider here. But if things begin to become very difficult, BillGuard can help you manage your dispute – for free!

The Federal Trade Commission (FTC) enforces the FCBA for most creditors except banks. If you think a creditor has violated the FCBA, file a complaint with the FTC.

Reduce billing error disputes:

  • Always reconcile your bills diligently and on a timely basis.
  • Refute billing errors immediately—within one to two billing cycles.
  • Use a credit card instead of a debit card, as credit cards offer more consumer protection.
  • Be patient. And be nice when talking to customer support.
  • Use BillGuard to watch your back and help you resolve billing errors and unwanted charges.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

What is mCommerce and how do you keep transactions safe?

/in , /by

mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present. In other words, “present” might mean your mobile is equipped with an application that you use to make a purchase in person, such as to buy a cup of coffee or a train ticket. “Not present” could be when you use another application or your mobile browser to make a remote purchase over the Internet or another type of mobile network.

There are several different forms of mobile commerce:

Mobile shopping: You comparison shop or purchase something online using your mobile device (and its browser or a mobile app)

Mobile banking: You interact with your bank account (actions such as check the balance, transfer between accounts, make payments) using your mobile device

Mobile wallet (mobile payments): The mobile device itself is used to authorize payment (via a stored credit card)

Mobile point-of-sale (POS): Specialized card swiping attachments let your mobile device be used to collect payment from a credit card

All of these forms of mobile commerce require a wireless connection to the internet over Wi-Fi or your carrier’s 3/4G connection. Always use a like Hotspot Shield when engaging in mCommerce. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop or iPhone and your Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Be Strong, Oklahoma. Be Strong.

/in /by

At this point, everyone knows the Oklahoma City area was slammed by a massive tornado—maybe one of, if not the worst, in history. News reports say dozens of people were killed and hundreds of others injured. The catastrophic event demolished buildings to their foundations.

CNN reports, “Insurance claims will likely top $1 billion, Kelly Collins of the Oklahoma Insurance Commission told CNN. The cost would be higher than that from the May 3, 1999, tornado that hit the same area.”

Weather.com calls the twister an EF5, which means its winds topped over 200 MPH in spots. The Weather Channel’s survey shows the tornado’s path length to have been 17 miles long and up to 1.3 miles wide. Winds were estimated in some spots to be 200–210 MPH in the area with EF5 damage.

Acts of Mother Nature sometimes eclipse the devastation brought on by man. Some may say that man caused this disaster by initiating global warming. Nobody knows for sure, but one thing is certain: Those affected will bounce back.

Tragedy and adversity have a way of bringing out the best in people. I saw firsthand how people came together after 9/11 and then, more recently, in the wake of the Boston Marathon bombings. What has been most significant to me is the outpouring of love and support through direct communications via Facebook, Twitter and in the donations to Boston’s OneFund and the American Red Cross for Oklahoma.

Be strong, Oklahoma. Or thoughts and donations are coming your way.

Robert Siciliano, personal and home security specialist to BestHomeSecurityCompanys.com, discussing burglar-proofing your home on Fox Boston. Disclosures.

Craigslist Robbery By Appointment

/in , /by

It’s springtime. You put an ad on Craigslist to get rid of some things, clean out your garage and make a few bucks while you are at it. Maybe you have an old diamond ring to sell. Or that truck you are driving isn’t what it used to be, so you decide it’s time to sell. 
The ad goes out, people call and you make the appointments. But, unfortunately, things don’t always go as planned, do they?

The Spec reports, The odds of being physically harmed from using an online classified service are not high, but a blend of cybercrime and physical crime is common enough in the U.S. that one police force there has offered consumers the opportunity to conduct online transactions in person at their police station.

“People believe that because it’s there online, and that someone is reaching out, that it must be legitimate … There’s a reason your mom always told you not to talk to strangers.”

Use Craigslist with caution. Don’t think for one second you can’t be robbed, burglarized, scammed or killed. Some people’s homes have been invaded, and it can happen to you too. Be very careful who you contact; you never know who the person is or what his motivation may be.

Get identification details pre-meeting. Make sure to get the full contact details of the other person and call back to verify. A little white lie like, “My brother is a cop and will be here” will make the person you’re dealing think twice about harming you.

Meet at a public location. Coffee shops, malls, police stations—anywhere but your home that involves lots of other people. The more eyeballs, the better.

Trust your instincts. Don’t discount any weird feelings you might have about meeting with this person. If something seems wrong, then it IS wrong. Cancel if you don’t feel right about it.

Enlist a buddy. Strength in numbers makes predators think twice. Predators thrive on isolation. By pairing up, you reduce the chances of being attacked.

Be street smart. Expensive jewelry and provocative clothing can invite an attack. Scarves around your neck give attackers something to grab and choke you with. Wear sneakers that you can run and fight in.

Be on guard. Just like Mom said, there is risk in meeting strangers. Being on guard can keep you from getting into a compromised position.

Stay in communication. Let your spouse, friends, family or coworkers know where you are going, who you will be meeting and when you will be back. Stay in contact on your mobile while you are meeting.

Use your panic alarm. If you are crazy enough to meet the other party at your home, have someone stand guard at your home security alarm’s panic button to summon the police if things go wrong.

Robert Siciliano, personal and home security specialist to BestHomeSecurityCompanys.com, discussing burglar-proofing your home on Fox Boston. Disclosures.