How Hackers Use Our Information Against Us

We hear an awful lot about hackers breaking into systems and taking down networks or stealing millions of data records. The general understanding we have for hacking is bad guys want to disrupt things to make a point or to make money. But how do they really use our personal information against us?

Whether you realize it or not, you expose a lot of your personal information online and even through the technologies you use. From information posted to social networking sites to data sent over unsecured wireless networks, you reveal bits of information that hackers can piece together to either scam or impersonate you.

This information is currency to hackers because it allows them to get what they want—your money. Or worse, a criminal can take your information and make you look really bad and completely tarnish your good name.

With your Social security number they can open various lines of credit under your name and never pay the bills, thus damaging your credit rating and creating a lot of work to for you to clear your name.

If they hack in to your devices and get your usernames and passwords then they can wreak some serious havoc. Banks accounts can be emptied, social media and email accounts can be used to scam your friends or disparage you or your loved ones, and if they access your medical accounts or history, you could be denied services when you need them most.

What all this means is you have to protect your devices and protect your personal information to avoid this from happening. To help protect yourself you should:

Use a firewall – Firewalls filter information from the Internet to your network or computer, providing an important first line of defense. If you have a home wireless network, make sure that the firewall on your router is enabled, and use a software firewall to protect your computer.

Use comprehensive computer security – Because there are a variety of ways in which hackers can access your information, you need to make sure that you employ a comprehensive security solution like McAfee® All Access to safeguard all of your devices.

Educate yourself – Keep up to date about the latest scams and tricks cybercriminals use to grab your information so you can avoid potential attacks.

Use common sense – Follow the old caveats about not clicking on links in emails and instant messages from people you don’t know, and always exercise caution when it comes to sharing any sensitive information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

 

Steps to Take When Connecting to WiFi at the Coffee Shop

Consumers are oblivious to the dangers of connecting in a free wireless environment. If they actually knew how vulnerable they are, all that coffee shops would do is sell coffee.Nobody would stick around and connect to the internet.

Everyone—and I mean everyone—always asks me if they should connect to public WiFi. The short answer is yes, but you need to install virtual private network software to encrypt your connection. More on that in a bit.

There’s plenty to know and a few things you can do to protect yourself. Here are some terms you should know:

Router encryption: The router you hop onto at the coffee shop will most likely have no encryption at all. Encryption is the process of encoding messages or information in such a way that eavesdroppers or hackers cannot read them, but that authorized parties can. Routers are built with software options to turn on encryption, but the coffee shop typically doesn’t turn it on because that would mean every person coming in would need a password. And even in that scenario, that doesn’t necessarily mean your data will be secure.

Wired Equivalent Privacy (WEP) encryption: WEP is 15 years old and offers minimal security; WiFi Protected Access (WPA) encryption is better than its predecessor, WEP. WPA is a certification program that was created in response to several serious weaknesses researchers found in WEP. WPA and WPA2 (a subsequent version) are tougher to crack, but not impossible.

Protect yourself when using WiFi:

  • Use the most updated and secure version of your browser.
  • Consider only sharing data with sites with HTTPS in the address bar; the S signifies that the website itself is encrypted.
  • Turn off file sharing. If you share files at home, turn file sharing off in public.
  • Turn on your firewall. It should be on by default, but depending on the age of your computers or by accident, it could be off.
  • Use a VPN. AVirtual Private Network (VPN) is a network set up with encryption to protect your data from unauthorized access.Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen.  See him discussing internet and wireless security on Good Morning America. Disclosures.

How NOT to Dispute a Credit Card Charge

My wife was searching online for a specialist to take care of a minor medical condition. While browsing, a certain ad caught her eye, so she checked out its website and made a phone call to get more information.

The receptionist was warm and friendly and gave her all kinds of advice and direction over the phone. Toward the end of the call, the receptionist recommended my wife come into the office to sit down with the doctor to discuss her options to take care of her issues. Great. The appointment was made and the doctor’s office called a few days before to confirm.

So my wife went to the appointment, had a consult and learned her options…options that basically equated to a sales consultation of all the different procedures this doctor would perform for several thousands of dollars.

At the conclusion of the appointment on the way out the receptionist said, “That will be $125.00 please.” This was a little surprising to my wife because in the two phone calls she had with the doctor’s office, there was no mention of a fee—and when she arrived, there was no mention of a fee or signage stating a fee. My wife had also filled out a tremendous amount of paperwork when she got to the office and at no point in the documentation was there any mention of a fee.

She figured that when she’s going to an appointment to be sold on several thousands of dollars in procedures, there wouldn’t be a charge—after all, you’d be paying to be sold something! Imagine if you test drove a car at a dealership and when you were done the dealer said,“OK, $125.00 please.”

When my wife hesitated to pay and questioned the fee, the receptionist and then the doctor began to belittle and degrade her, saying things like, “What would make you think this is free?” and “Do you not think the doctor’s time is worth anything?” And so on. Feeling overwhelmed, she gave them her credit card. Then she called me from the office.

When I got on the phone and questioned the billing manager, she pulled the same negative tactics on me as she did my wife. This, of course, got my Italian blood boiling as I began to tell her all the ways I was going to expose the doctor’s shady practices on social media and how I was going to write a blog post a day with the doctor’s name in it until all Google’s search bots would see was his name associated with my scathing blogs on the first 10 pages of search.

The billing manager apologized and immediately credited my wife’s card.

Honestly, that’s not how I like to do things. And it shouldn’t be how you do things either. Reduce your aggravation by trying these things first.

#1: Always check the fine print before you make any decisions. Ask the right questions and make sure there are no unwanted charges ahead.

#2: Know what you are buying. Whenever you cough up a credit card number to any retailer, whether in person, online or over the phone, make sure you are getting what you are paying for—nothing more,nothing less.

#3: Be aware of “grey charges.” Sleazy, scheming merchants tack on unwanted subscriptions or recurring charges capitalizing on the fact that we don’t pay attention to the fine print and often do not pay much attention to our statements.

#4: Sign up for BillGuard to watch your statements. It’s free, easy and effective.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

What is a “Drive-By” Download?

Gone are the days when you had to click to “accept” a download or install a software update in order to become infected. Now, just opening a compromised web page could allow dangerous code to install on your device.

You just need to visit or “drive by” a web page, without stopping to click or accept any software, and the malicious code can download in the background to your device. A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device.

A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw. This initial code that is downloaded is often very small (so you probably wouldn’t notice it), since its job is often simply to contact another computer where it can pull down the rest of the code on to your smartphone, tablet, or computer. Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on your computer.

These downloads may be placed on otherwise innocent and normal-looking websites. You might receive a link in an email, text message, or social media post that tells you to look at something interesting on a site. When you open the page, while you are enjoying the article or cartoon, the download is installing on your computer.

Security researchers detect drive-by downloads by keeping track of web addresses that they know have a history of malicious or suspicious behavior, and by using crawlers to wander the Web and visit different pages. If a web page initiates a download on a test computer, the site is given a risky reputation. Links in spam messages and other communications can also be used as source lists for these tests.

The best advice I can share about avoiding drive-by downloads is to avoid visiting websites that could be considered dangerous or malicious. This includes adult content, and file-sharing websites.  Some other tips to stay protected include:

Keep your Internet browser, and operating system up to date

Use a safe search tool that warns you when you navigate to a malicious site

Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

10 Tips to Secure Online Banking

Online banking or mobile banking reduces expenses by allowing customers to review transactions, transfer funds, pay bills and check balances without having to walk into a bank branch or make phone calls to a bank’s customer service call center.

Mobile banking, m-banking or SMS banking refers to online banking that occurs via mobile phone or smartphone rather than with a PC. The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and Apple iOS, mobile banking is being offered primarily through applications as opposed to over text messages or a mobile browser.

As convenient as this is, you still need to consider security.

  1. Set a passlock that times out in one minute to access your mobile.
  2. Set your computer’s and mobile’s operating systems to automatically update critical security patches.
  3. Make sure your PC’s firewall is turned on and protecting two-way traffic.
  4. Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.
  5. Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network. Use a free service such as Hotspot Shield VPN.
  6. Never click on links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.
  7. Beware of SMiShing, which is like phishing but in the form of malicious text messages instead.
  8. Download your bank’s mobile application so you can be sure you are visiting the real bank every time and not a copycat site. Do not check the box offering to remember your login information.
  9. Check your online bank statements frequently.

10. Use strong passwords with numbers and uppercase/lowercase letters and characters.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Why are Cybercriminals Moving from PCs to Mobile Devices?

The number of households in the United States that rely solely on mobile phones continues to increase. As of July 2011, 31% of households had mobile phones and no landlines. Additionally, almost one in six households used mobile phones exclusively or almost exclusively, despite still having a landline.

This is the first time that adults (of any age range) have been more likely to go without landlines. Most likely, in one to two decades, the landline will be as obsolete as the rotary phone is today.

With almost half a billion smartphones shipped, sales of smartphones in 2011 outnumbered sales of all PCs. Tablets are counted as PCs, but they run Google Android and Apple iOS software just like smartphones do. If you add together smartphone and tablet sales, it’s clear the mobile device market is much larger than the traditional PC market.

The growth in sales volume of both smartphones and tablets creates a huge audience for mobile device software developers, both commercial and criminal. And since cybercriminals go where the numbers are, they are moving their attacks to mobile devices.

Whenever there’s a major transition in technology, the uncertainty and newness create a perfect opportunity for scammers to launch attacks. Hackers and other criminals are seizing the opportunity, creating swindles, malicious apps and viruses that suit their criminal purposes. And there’s no reason to expect them to stop before some other technology nudges aside mobile in popularity.

There are approximately 40,000 viruses targeting the Android operating system today. In Android’s young life, that’s astounding compared to a similar lifespan dating back to when Microsoft Windows was first launched.

So you need to make sure you protect yourself, because for most of us, our mobile devices are our most personal computers. Here are some things you should do to protect yourself:

Use a PIN to lock your device and set it to auto-lock after a certain period of time

Only download apps from reputable app stores, and review the app permissions to make sure you’re comfortable with what information on your device the app can access

Don’t store sensitive information on your phone like user names and passwords

If you use online banking and shopping sites, always log out and don’t select the “remember me” function and don’t access these site when using free Wi-Fi connections

Regularly review your mobile statements to check for any suspicious charges. If you do see charges you have not made, contact your service provider immediately.

Never respond to text or voicemail with personal information like credit card numbers or passwords

Never click on a link in an email, social networking site or message from someone you do not know

Use mobile devices security like McAfee Mobile Security, or McAfee All Access which protects all your devices

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Self-checking Your Online Identity

Googling yourself (or “egosurfing”) is formally known as vanity searching—the practice of searching for one’s own name, pseudonym or screen name on a popular search engine in order to review the results.

The term egosurfing bugs me a bit because it insinuates people do it because they are narcissistic by nature. However, egosurfing really should be called “reputation surfing” because it’s extremely important to check your online reputation for any errors, inaccuracies, slander or unwanted exposure.

Think about background checks. Background checks are a necessary tool in today’s sometimes violent and certainly litigious society. It’s common sense to require employment background checks for school volunteers, coaches, teachers, janitorial staff—really, employees of all kinds. As a small business, one the worst things you can do is hire an employee who becomes a legal liability or has a history of crime that comes back to bite you.

As a self-check, you’ll want to perform your own background checks to make sure there isn’t any erroneous information out there, or to prepare yourself if a potential employer, landlord or school administrator points out something that makes you look bad.

Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.

Manage your online reputation and do a self-check often. Here’s how:

Start doing things online to boost your online reputation. Register your full name and those of your spouse and kids (owning your kids domains is better than someone else owning them) on the most trafficked social media sites, blogs, domains and web-based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio.

Set up a free Google Alert for your name and get an email every time your name pops up online. If you encounter a site that disparages you, Google has advice. Get a Google Profile. It’s free and it shows up on page one.

Go to Knowem.com. This is an online portal that goes out and registers your name at what it considers to be the top 150 social media sites.

Get a WordPress blog with your name in the address bar and blog often. You want Google to show your given name at the top of search results in its best light, so when anyone is searching for you the person will see good things. Frequent blogging buries bad stuff deep the in search results.

Buy a domain name that is, or is close to, your real name and plaster your name in the HTML header so it comes up in search results.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

2013 SXSWi Security Trends in Technology

South by Southwest Interactive (SXSWi) is an incubator of cutting-edge technologies. The event, which takes place every March, features five days of compelling presentations from the brightest minds in emerging technology, scores of exciting networking events hosted by industry leaders, and an unbeatable lineup of special programs showcasing the best new websites, video games and startup ideas the community has to offer.

At the SXSWi conference this year, mobile was a big deal—which meant mobile applications and their security are high on developers’ radars.

Mobile Security

Access Point states, “Developers need to make sure they cover one other major concern when creating a mobile app: security. Consumers need to feel and know that their information is secure at all times, and developers need to lead the charge before they ask for additional measures. Creating simple but effective security checkpoints is a must—just make sure they are not so obtrusive that your users get annoyed and are resistant to adopting your application.”

Another point of interest at this year’s SXSWi was authentication. With all the data breaches over the last decade, the conversation to eliminate the username/password as a simple access point has begun. One painfully overlooked authenticator is the driver’s license. Gemalto presented a compelling program on why the simple plastic license needs a makeover.

Driver’s Licenses

Technology impacts our lives daily, but one item is not advancing—your driver’s license. A simple card made of plastic with a few bar codes, a magnetic stripe and a photo is all it is. By finding or even simply viewing one, someone can immediately access your personal information to use for fraudulent purposes. Stealing someone’s identity is way too easy. Most industries have already gone digital; now it’s time to tackle the DMV.

A new method of identification is needed: an electronic driver’s license (eDL). One simple chip (or smart card) could revolutionize decades of using the same technology—paper and plastic. EDLs stand to increase security and offer more privacy. The adoption of eDLs also lays the groundwork for a truly mobile wallet solution.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Unknown Credit Card Charges: Fraud or Legit?

Recently, my mother-in-law discovered that a pretty significant piece of jewelry had gone missing. There had been a number of construction workers in the house for a few weeks and when she went to get her jewelry, it was gone. After searching like a crazy person under/in/on top of everything, she called the police.

When the police arrived they asked a bunch of questions, did an onsite investigation and calmly and collectively stated to her: “You misplaced it. It probably hasn’t been stolen. You will find it in a few days.”

Visibly upset and a little teary eyed, she thanked the officer for his time and collapsed in her chair. Two days later, as she was folding laundry, there it was, nestled with her undergarments. She swears to this day she didn’t put it there, but it must have fallen into the drawer from the top of the dresser on a day she was putting laundry away.

Frankly, minus the calling the police, I’ve done the exact same thing.

When charges are made to our credit cards, it’s very easy to look at a charge, not be familiar with it and immediately suspect fraud. Each month, I reconcile my statements at least twice—first weekly when current charges are made and then when my final statement comes in. And without fail, there is at least one charge that gets me all in a tizzy and requires me to do my own investigation.

When you come across one of those questionable charges (and you will), don’t panic until you take these steps.

#1: Look up the name of the company online. Generally you will find something that will immediately trigger your memory as to what you bought and from whom.

#2: Check your receipts against the dollar amount charged and also look for the company name.

#3: Some merchants include a phone number as part of their merchant information on the receipt. Call the number and be cordial to the person on the phone.

#4: If all else fails, call your credit card company and dispute the charge. You will have to give up some basic information,but the credit card company will get to the bottom of it within two billing cycles.

#5: Sign up for BillGuard for free. BillGuard monitors your credit card charges and alerts you to any potential fraud. If there are any grey charges, BillGuard will flag them and let you know.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

College Students Need to Protect Wireless on iPads

A recent study estimated that nine out of ten undergraduate students will own a smartphone by the time this year’s crop of freshmen is slated to graduate. As this demographic grows, college students are increasingly at risk of having their privacy compromised. Mobile-using students also tend to use unprotected public WiFi networks more, which adds additional risk factors to their profile. These factors combine to transform the generation that grew up using the internet most frequently into the generation that’s the most vulnerable online.

Hotspot Shield a wireless VPN has been downloaded more than 100 million times on PCs, Macs, iOS and Android platforms. The company experienced explosive growth in 2012 and, according to Quantcast, is among the top 35 online destinations based on total internet traffic.

The new version of the popular application includes:

  • Privacy protection for anonymous web communication, browsing and sharing online at dorms, cafes and offices.
  • Twenty percent greater mobile data savings capabilities, saving users up to $30 per month in mobile data fees.
  • The ability to access US and UK TV shows and other services online by switching IP addresses—a must-have when traveling abroad.
  • A new user interface that makes it easier than ever to view bandwidth savings and manage features.

To celebrate the launch, AnchorFree will kick off a contest to help US and UK college students keep their digital lives private and secure: the Hotspot Shield College Privacy Challenge, with $50,000 in scholarship awards distributed among the top three finishing universities. During the Challenge, any college student registering with a school-provided “.edu” or, in the United Kingdom, “.ac.uk,” email address will receive a free subscription to Hotspot Shield VPN for iPhone,Android, PC and Mac for one full year—up to a $42 value. The contest begins April 1 and will run through June 9.

More information about the Hotspot Shield College Privacy Challenge can be found at http://college.hotspotshield.com.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.