What are My Risks with My Mobile Device?

/in /by

Mobile technology is the new frontier for fraudsters. Today, there are more wireless devices than American people. Mobile devices connect to the Internet and have much of the same information and capability as a personal computer.

Your device and the private data it holds are very, very attractive to thieves. Yet, most of us don’t protect our smartphones or tablets—and the private information they contain—anywhere near as well as we do our wallets and PCs.

We make life easy for them. The places and ways that we use smartphones and tablets offer new chances for criminals to catch us off our guards—in the coffee shop, on the train, while shopping. When we are using our mobile devices, we usually have other things happening around us as well as on the device. We are easily distracted. And we want what we want now. Click to download. Click to view. Click to get a free app. Few of us take the time to “think before we click.”

We store passwords, bank account information, photos, and all our contacts on these devices so we can be even more fast and efficient as we live our mobile lives. That’s why 51% of us would rather lose our wallets than our mobile phones.

Some of the things you can expose yourself to if you don’t protect your mobile device include:

Financial fraud: Someone takes over your bank account, extracts money, or sets up a premium text scam where you pay for messages you don’t want.

Identity theft: By having information about you, someone can pretend to be you and sign up for credit cards, identity papers—even buy a car. It can take years to recover your good name.

Privacy loss: Someone gets information about you that you don’t want out there, including social network activities, GPS location, searches, texts, instant messages, downloads and app usage. This information could be just embarrassing—or it could cost you a friendship, a job, your credit rating or a chance for college.

Losing your device: In addition to having to buy a new device (unsubsidized by the operator), you can give a thief the information needed for the fraud, identity theft and privacy loss mentioned above.

To ensure that you protect your smartphone and tablet you should:

Don’t click on links in texts or emails, since these links may actually point toward malicious downloads

Keep your device with you, don’t let it out of your sight and don’t share it with others.

Make sure to have a pass code on your device and set it to auto-lock after a certain period of time

Before downloading any app, check other users’ reviews to see if it is safe, and read the app’s privacy policy to make sure that it is not sharing your personal information

Carefully review your mobile phone bills for any anomalies

Use comprehensive mobile security that include anti-theft, antivirus and web protection like McAfee Mobile Security or McAfee All Access

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

What is malware and why should I be concerned?

/in /by

“Malware” is a shortened version of the words malicious software. It is defined as: a generic term used to describe any type of software or code specifically designed to exploit a computer/mobile device or the data it contains, without consent.

Most malware is designed to have some financial gain for the cybercriminal. Whether they are seeking your financial account information or holding your computer files for ransom or taking over your computer or mobile device to “rent” it out for malicious purposes to other criminals, they all involve some sort of payment to the cybercriminal. And because they are making money with malware, they continue their malicious ways.

There are a number of ways that malware can get “on” your computer or mobile device. You might open an attachment from someone you know whose files have already been infected. You might click a link in the body of an email or on a social networking site that automatically down­loads a virus. You might even click an ad banner on a website and end up downloading a virus or malware (known as “malvertising”). Or just by visiting a site you could get infected from what is called a drive-by download. Malware is also spread by sharing USB drives and other portable media.

And, now that mobile phones and tablets are basically mini computers, cybercriminals are targeting mobile devices. They are taking advantage of the inherent nature of the device to spread the malware, so as a mobile user you not only need to be aware of the same tricks cybercriminals use for computers, but also ones that apply to mobile devices.

Currently most mobile malware is spread by downloading an infected app so you need to be aware of what sites you download apps from and what permissions it accesses on your mobile device. Mobile malware can also spread via text messages (SMS). Scammers send phishing messages via text (called SMiShing) to try and lure you to give up personal or financial information or sign you up to premium text messages unknowingly.

What does this mean for you? You need to be aware of these tricks and scams as it could mean financial loss, reputation harm and device damage to you and your friends.There are things you should do to protect yourself, including making sure you protect all your devices with a cross-device security software like McAfee All Access. You should also make sure to:

Keep your operating system and applications updated, as updates often are to close security holes that have been exposed

Avoid clicking on links in emails, social networking sites, and text messages, especially if they are from someone you don’t know

Be selective about which sites you visit and use a safe search plug-in (like McAfee SiteAdvisor which is included with McAfee All Access) to protect you from going to malicious sites

Be choosy about which apps you download and from which sites you download them and be sure to look at the permissions for what information its accessing on your mobile device

Be smart and stay aware about cyber tricks, cons, and scams designed to fool you

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen.  Disclosures.

10 Ways to Prevent an Abduction

/in /by

A recent article I wrote, titled “A Predator is Always a Predator,” discussed the 750,000 registered sex offenders in the U.S., the thousands more unaccounted for, the thousands more who’ve never been caught, and the fact that predators live amongst us. In Cleveland, Ohio, the residents know this all too well. Shock and disbelief is the common vibe in reaction to the news that three evil men abducted three innocent teen girls and held them captive for roughly 10 years.

In a 2009 horror story also out of Cleveland, a convicted rapist lured a 21-year-old woman to his bedroom back in 1989, spent 15 years in jail and then got a free pass in 2005. And, of course, he did it again. Why? Because that’s his brand of normal. It’s not OK, but it’s normal in that it’s his nature. A psychologist said to me years ago, “You would be amazed at how many levels of normal there are.”

A recent report of “Brooklyn Missing Boy: Police Arrest Man the Dismembered Child Had Asked for Directions” reminded us about how there always have been predators, there are predators today and there always will be predators—and we have to take steps to protect ourselves and those we care for.

When a true stranger—not a family member, not someone known to the child—steals a child, that child often won’t survive beyond three hours.

No matter what the statistics are, child abductions are real—and they happen far too often.

The last thing you ever want to think about is your child getting taken away from you by a stranger or even someone you know. And while the statistics aren’t nearly are bad as one would think, parents think about child abduction all the time.

The old-school training a lot of us received early on was, “Don’t talk to strangers”—as if strangers were the dangerous ones. Actually, most abductions occur when a family member takes the child after winding up on the losing end of a custody battle.

Today, most so-called helicopter parents won’t take their eyes off their kids—and I don’t see that as a bad thing. I know many will argue that point, but I don’t care.

Protecting yourself and your children begins with understanding basic security.

  1. As simple as it sounds, do not engage in behavior that creates an opportunity for the bad guy. Example: being too nice and accommodating. Recognize a potential lure.
  2. In the event that a child were to be approached, the best defense is a good offense. Resistance has often been a proven tactic for removing oneself from a dangerous situation. Running, screaming, biting, hitting and kicking may feel unnatural to teach your kids, but they are certainly natural traits they possess. I say if they are good at it now, train them to do it better!
  3. As soon as your child is at an age where he or she can comprehend this issue, it’s time to discuss it. By age four kids have a pretty good grasp, but age five they seem to be on solid footing.
  4. Role play with your kids. This is a delicate balance of awareness and play. Intellectually introduce scenarios for them to respond to. See how they articulate a response. Let them figure it out on their own. Then, if they don’t give you the answer you were looking for, work with them to understand the nature of their choice and its negative impact.
  5. Be specific, but be careful how you associate your analogies. Example: “If a white van pulled up next to you” will freak your kid out every time he or she sees a white van and will only make the child wary of people in vans, as opposed to those in cars or on foot.
  6. Make sure to discuss the internet and online predators. I’ll discuss this in depth in a future post, but in the meantime, do your research and know what risks your kids face. Take control of their access to PCs and monitor everything they do.
  7. Most importantly, this kind of education is about empowerment. It’s about taking control. It’s a gentle awareness that can very well save their lives. Don’t guilt them into making the right decisions and make them feel bad about not understanding the issue. If they aren’t ready to comprehend the issue, then back off for now.
  8. Always keep an eye on people who look out of place. Don’t take your eyes off the ones who belong, either. Predators often know their victims.
  9. And because your kids spend the majority of their time at home, do all the necessary things to strengthen your fort. Invest in home alarm systems. Install home security cameras inside and outside the home. Install proper fencing that keeps them in and others out.

10. Finally, live in peace and harmony. The chances that something like this can happen are very, very slim. But there is a chance, so these are your options.

Here’s more from Psychology Today on keeping your family safe.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures

The 4 Types of Credit Card Disputes

/in /by

Love’m my credit cards. I get points, mileage and one place to view all my spending. Who doesn’t love that!

But I hate having to go through the misery of disputing charges. In my own research, I’ve determined four types of credit card disputes to look out for.

Unauthorized use: Basically, this is fraud—unauthorized use of your card when someone steals the card, skims the card, copies the number, hacks the number or double charges on purpose. Under federal law, you are responsible for up to $50 as long as you refute charges within 60 days with your credit card company. If it happens to you: Contact your credit card company ASAP and begin the resolution process. BillGuard can also help you open a dispute, at no cost to you. Just click the red button on your BillGuard Scan Report.

Disputes on dollar amounts: Mistakes happen. But I often find they don’t happen in my favor. They seem to always happen in the merchant’s favor. Funny how it works out like that, huh?

You might be billed incorrectly for products or services you didn’t purchase, charged for products you ordered but didn’t get, or be overcharged. (For the record, I don’t think I’ve ever been “undercharged.”).  If it happens to you: Contact the merchant ASAP and go through the merchant’s process for resolution. Don’t want to deal with the hassle? BillGuard will handle the dispute for you, for free.

Problems with products or services: Sometimes it’s a quality issue: products break within 30 days, are delivered broken, or the merchant fails to provide services requested. If it happens to you: Contact the merchant ASAP. If the merchant is uncooperative, contact BillGuard.

Grey charges:Grey charges are often charges that, in a roundabout way (that is, in the fine print), we agreed to by purchasing products or services. A grey charge may include mysterious subscriptions, automatic renewals, free products that result in paid products or cost creep. The initial purchase may be pennies, but over time ends up costing big dollars. If it happens to you: Flag the charge on your BillGuard Scan Report. We’ll help you open a dispute.

Here’s how to reduce your aggravation when it comes to credit card disputes:

  • Always reconcile your bills diligently and on a timely basis.
  • Refute unauthorized charges immediately—within one to two billing cycles.
  • Use a credit card instead of a debit card, as credit cards offer more consumer protection.
  • Be patient—and be nice—when talking to customer support. Don’t yell like you’re some crazy Italian. (Disclosure: I am that crazy Italian.) Trust me. It usually doesn’t work.
  • Use BillGuard to watch your back and help you resolve unwanted charges.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

5 Must-Have Security Apps for the Business Traveler

/in /by

Prior to a trip it’s not uncommon for many of us to load up our smartphone with the latest time-killer games, social or travel apps. But an essential family of apps often overlooked revolves around security. Business travelers are in a unique category due to sensitive information they may carry but all of us are more at risk when we leave home and hit the road. Here are a few essential to take with you:

Hotspot Shield: Free, Protect yourself from hackers and identity theft while using Wi-Fi hotspots (VPN encrypts all traffic); protect your identity, your IP address and stop unwanted tracking. Share and communicate privately. Keep all your web activities anonymous and private, share and communicate with your colleagues without leaving a trace. An added bonus: get access to your favorite US apps and services—Pandora, Netflix, Hulu, PBS Kids, etc. when traveling overseas. Also save on overseas data roaming charges!

Lorex Live: Free, View live, full-screen security video from your home/office security cameras, wireless security cameras, or any other security camera at any time, from where ever you are. Keeping an eye on your home/office, your kids, or even your pets will make for a much more relaxed trip.

Kryptos: Free, Kryptos is a secure, fully encrypted voice communications application. Kryptos utilizes military grade 256 bit AES encryption to encrypt voice communications before transmission using 2048 bit RSA for key exchange.Kryptos provides VoIP connectivity for secure calls over 3G, 4G and WiFi. Users will download and install the client software and must then activate their account with Kryptos.

McAfee Mobile Security: $30.00 McAfee Mobile Security is the industry-leading mobile security solution that gives you confidence to explore everything the new mobile world has to offer, and do it safely. When you select new apps, shop online, browse social networks, or use your phone for banking and payments, McAfee Mobile Security is there to protect you. Its comprehensive security that’s as simple as it is powerful.

My TSA: Free, Check approximate wait times at TSA security checkpoints at the airport of your choice and add your own wait time for others to see.Quickly search whether you can bring items with you through the checkpoint onto the airplane.Consult the TSA Guide on how to prepare for and get through the security checkpoint quickly. Watch TSA Videos on tips for a smooth travel experience.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Setting off a False Alarm Can Cost You

/in /by

If you have a home alarm system, you may be guilty of setting it off accidentally. Sometimes we open a door or window that sets it off, while other times we mess up the secret code. The result of this mishap is usually a very loud siren and the attention of your neighbors. If you don’t call to cancel in time, then it results in law enforcement showing up.

We’re all familiar with the boy who cried wolf. The protagonist of the fable is a bored shepherd boy who entertained himself by calling out “Wolf!” Nearby villagers who came to his rescue found that the alarms were false and that they had wasted their time. When the boy was actually confronted by a wolf, the villagers didn’t believe his cries for help, and the wolf ate the flock (and, in some versions, the boy).

Accidentally setting off an alarm can cost you in much the same manner.

The Santa Fe New Mexican reports that “The Santa Fe Police Department has netted nearly $500,000 from false-alarm fines and registration fees since the program began in 2010, a report says. At the same time, a business called CryWolf earned more than $271,000 from city residents and businesses for administering the program, a 32 percent fee it takes off the top of collections.”

I’m just as guilty as anyone of setting off a false alarm. But I’ve never had law enforcement show up to my home as a result.

To protect yourself against false alarms, follow these four simple tips:

  1. Have your service provider set up your alarm system to call your mobile phone first, then your home phone second. If you don’t answer the phone, then they will call the police.
  2. Program your mobile phone with your alarm service provider’s number and call them the second you falsely set off your alarm. Memorize your PIN so you aren’t fumbling for it.
  3. Don’t carry your PIN in your wallet. If your wallet is lost or stolen, your address and alarm PIN are in the hands of a stranger.
  4. Whenever setting up access for anyone to enter your home while you’re away, your risk for false alarms goes up dramatically. Provide specific hands-on instruction on how to disable and reset the alarm. Telling someone over the phone how to do it is often insufficient.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Is That Mobile Application Invading My Privacy?

/in /by

Facebook now offers “Home.” Facebook says “With Home, everything on your phone gets friendlier. From the moment you turn it on, you see a steady stream of friends’ posts and photos. Upfront notifications and quick access to your essentials mean you’ll never miss a moment. And you can keep chatting with friends, even when you’re using other apps. Cover feed puts the spotlight on whatever friends are sharing now—photos, status updates, links and more.”

CNN reports “Built-in GPS technology means smartphones know where a person is at any given time. Phones with Facebook Home could access this information at any time to determine what businesses or neighborhoods you visit the most or even where you live. That data could then be used to serve up a more personalized ad, such as a coupon for a store you’re near or coffee shop you visit every Sunday. A Facebook representative told CNN that Home will not actively track users’ GPS location.”

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions:

An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.28

One developer of online ads and mobile apps acknowledged, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.”

And since then, our level of engagement with mobile apps has only increased, while no meaningful steps have been taken to prevent applications’ access to your data. The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy. The information also can be abused for identity theft and other malicious purposes.

Facebook Home may have the best intentions and could very well be a great addition for any heavy Facebook user. And keep in mind, every application you install wants more access to who/what/where/when about you so they can send you targeted ads.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Yes, There are “Mother’s Day” Scams

/in /by

With Mother’s Day just around the corner, cybercriminals are working up ways to take advantage of this time when you’re online looking to buy flowers, candies, perfumes, jewelry or whatever gifts for mom might be hot this year. Phishersfollow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays and the change in seasons. They also capitalize on significant events and natural disasters.

They are trying to get you to click links that will either infect your PC with malware, or visit a website that offers you too good to be true deals on gifts for mom. If you download malware from a bad link, everything you type into your computer could be recorded by the cybercriminal, you could be unknowingly sending them your personal information, or the malware could render your machine useless. Entering your personal and credit card information on a fake site could results in charges on your card, never receiving the item you “purchased, “ and even the possibility of new cards opened in your name.

To help make this Mother’s Day enjoyable for you and your mom, make sure to follow these steps when shopping online:

Be wary of offers that are too good to be true—the usually are.

Always be suspicious when you receive an email or text message from a company asking for personal information—legitimate companies do not ask for personal information in emails or texts

Don’t click on a link in emails, texts, or chats from someone you don’t know

To ensure you’re visiting the correct site, type the store site URL into your browser’s  address bar or use a safe search plug-in, like McAfee® SiteAdvisor® , that comes with McAfee® All Access, and shows you in your browser search results if a site is safe or not.

Use comprehensive security software on all your devices that includes anti-spam and malware protection.

Make sure you protect yourself so you don’t get your credit card maxed out and then go crying to your mom on Mother’s Day.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Are you Hackable or Uncrackable? “Password Day” is Today!

/in /by

Yes, such a day exists and it’s today, May 7th 2013. Intel and McAfee are working to make sure consumers increase their security awareness and front line of digital protection by asking everyone to change their passwords today.

Reuse of passwords across multiple sites is a big problem. In the digital world, many of us are much more vulnerable than we need to be. For example, it’s very likely that your Amazon password is the same as your Gmail password and also the same one you use for online banking and your Facebook account.

In fact, 74% of Internet users use the same password across multiple websites1, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss.

And what’s worse is that many people use simple, easy to guess passwords. A recent study found that the most common passwords people use are “password,” “123456,” and “12345678.”2 No wonder cybercriminals are finding it so easy to get into our accounts.

The solution is as simple as changing your habits. Take a moment to protect yourself in a basic area of security, and you can save hours of trouble. In fact you can test how hackable your password is with this tool from Intel.

If you need help moving from just one password, here’s a trick: Use one for your bank accounts, another for email and social networking accounts, so if your email account gets hacked, your bank account isn’t compromised. For more tips on how to create a simple, secure password, read this article.

ChangedMyPasswordInfographicTall

Here are some other tips to protect your password:

Avoid logging onto sites that require passwords on public computers, such as those at an Internet café or library—these computers may contain malware that could “record” what you are typing.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop—your passwords and other data can be intercepted by hackers over this unsecured connection.

Don’t use the “remember me” function on your browser or within apps—if you walk away or lose your device, someone could easily login to your accounts.

Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date to avoid malware that could “see” what you are typing on your device or unknowingly send data to hackers.

Password Day is more than a day, it’s a way of life. Don’t leave the backdoor to your life open. Pledge to change yours today.

For more information, join @Intel@McAfeeConsumer@StopThnkConnect and @Cyber (the Department of Homeland Security) for a tweet chat today at 3pm ET on protecting your passwords. To participate simply use the hashtag #ChatSTC.

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Graduates: 10 Stupid Things You Don’t on Facebook

/in /by

You’ve done it. You’ve graduated at last. Your whole life is in front of you. Now is the time to make plans, embrace the world, take responsibility, make a statement, do some good and make this place better than how you found it.

And this should go without saying, but please don’t be stupid.

I’m not preaching here; the fact is I am fully qualified to discuss this topic because every day when I wake up, I tell myself, “Today I’m not going to say something stupid.” But, being human, I often do or say stupid stuff. However, rarely do I make it public online.

Listen. I know it’s hard. I know you can’t help yourself. I know you think you know everything and I know you are telling me to shut up. But in the words of the lovely and talented Fire Marshal Bill: “LET ME TELL YA SOMETHING!”

What you say, do, post, like and even whom you friend on social networks will affect every moment of your life going forward. Social is the new norm, and even adults are guilty of the stupidity of putting something online that gets them busted.

With graduation coming and millions of you getting ready to enter the workforce, you need to be aware of what is and isn’t appropriate in the professional world. While many employers expect that their employees will maintain social media profiles and even support work initiatives via those channels, as a new grad, you need to be aware that your missteps in social media could taint your employer’s image and damage your professional reputation. When people do not use good judgment when posting and share the wrong content with the wrong people, they can jeopardize their careers.

According to McAfee’s Love, Relationships and Technology study, 13.7% of millenials (18-24 year olds) know someone who was fired because of personal images or messages that had been publicly posted and 13% of adults have had their personal content leaked to others without their permission

 GradGraphic_LRT1

It’s time to face the facts.

  1. Don’t deny this fact: YOU ARE BEING JUDGED EVERY SECOND OF THE DAY BY PEOPLE WHO ARE IN A POSITION TO HIRE AND FIRE YOU.
  2. Don’t do that! Learn from other people’s mistakes. When you see someone get in trouble, fired or arrested, DON’T DO THAT.
  3. Don’t friend people you don’t know. You have 3ooo friends? Seriously?
  4. Don’t take or allow others to photograph/video you with alcohol in your hands, drinking, smoking, doing anything illegal, scantily clad (or less) or making those stupid selfie fishy faces. You are an adult now.
  5. Don’t like, share or retweet racist, homophobic or off-color media or comments that make you look like a jerk.
  6. Don’t swear. EVER. It’s OK to say flippin’, freakin’, heck, maybe even effing, and shite. But once you start dropping F bombs, you look like an angry, uncouth juvenile delinquent. And seriously, I swear like cage match fighter—but not online. And I don’t care what your privacy settings are.
  7. Don’t log on while amorous or inebriated. Nothing good can come of that. Revenge porn anyone?
  8. Don’t ever talk about anyone in authority—your boss, coworkers, teachers, students, the president or anyone, for that matter—in a negative tone. Seriously. Unless the person is a serial killer or oppressive dictator, play nice.
  9. Don’t be so public. Lock down your settings. Most social networks have privacy settings that need to be administered at the highest level. Default settings generally leave your networks wide open to attack.
  10. As Howard Stern’s dad used to say to him: “I told you not to be stupid, you moron.”

You have been warned.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.