Stop, Think and Connect on Public Wi-Fi

/2 Comments/in /by

OnGuardOnline.gov, co-managed by the Federal Trade Commission, is the federal government’s website to help you be safe, secure and responsible online.OnGuardOnline.gov is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.

Vulnerabilities

I, for one, am a big fan of the Department of Homeland Security, so I wanted to provide some DHS perspectives on wireless, its vulnerabilities and encryption–such as that obtainable through Hotspot Shield VPN—straight from the government’s mouth: “Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities and other public places are convenient, but they’re often not secure. When using a hotspot, it’s best to send information only to websites that are fully encrypted.

“You can be confident a hotspot is secure only if it asks you to provide a WPA password. If you’re not sure, treat the network as if it were unsecured.”

Encryption

You’ve heard it from this blogger before, but this is what Homeland Security has to say about encrypting your web communications:

“Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so that it’s not accessible to others. When using wireless networks, it’s best to send personal information only if it’s encrypted—either by an encrypted website or a secure WiFinetwork. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.” Homeland Security further states: “Don’t assume a Wi-Fi hotspot is secure. Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure.”

Hence, get yourself a wireless VPN! And use it. Advice straight from the DHS’s mouth.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.

Steamy Sexts Get Leaked 60% of the Time

/0 Comments/in /by

McAfee released the study Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup, which examines at the pitfalls of sharing personal data in relationships and discloses how breakups can lead to exposure of private data.

Nearly two-thirds of smartphone owners have personal and intimate information (such as revealing photos, bank account information, passwords, and credit cards) on their mobile devices, yet only 40% have password protection on their devices, leaving a huge gap in personal data protection.

The study shows that 94% of Americans believe their data and revealing photos are safe in the hands of their partners. However, 28% of people regretted sending that personal information and 10% of people have been threatened by their exes that they would expose risqué photos online.

Breakups are rarely, if ever, feel good events left on good terms. But we don’t have to make them worse by potentially having our private data open to being exposed for all to see.

capture 1

 

Capture 2

To make sure you keep your private date private, you should follow these tips:

Don’t share your passwords

Make sure you have lock devices (especially your mobile) with a PIN

Delete any intimate photos/videos on your mobile device

Don’t share photos or videos that you don’t want your grandma seeing

If you’ve shared passwords, change them immediately

Remember the adage that whatever you post online is there forever

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

How Does My IP Address Affect Different Services?

/1 Comment/in /by

You’ve probably heard the term IP address before but you likely aren’t fully aware of all the ways it is used. Or misused by various entities. Or how you can turn an IP address to your own advantage by taking control of who gets to use it.

An internet protocol (IP) address is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the internet protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: ”A name indicates what we seek. An address indicates where it is. A route indicates how to get there.”

When you visit a website, the website knows your IP address. When you send email or sign up for something online or use any internet-based service, the site knows your IP address. Your IP address matters to many sites for many reasons. Search engines want to know your IP address so they can serve up local search options and local ads and present themselves in the language (English or Chinese etc) associated with the IP address. Retailers want to know your IP address for security reasons.

Various online vendors—such as ecommerce sites, ad networks or retargeting services– want to know your IP address because they may sell web-based products specific to your location or country or browsing history. In some cases, the company may sell products or downloads that may be regulated by specific laws in that country. For example, downloads of copyright-protected content may fall under specific regulations with a particular country and any service that sells that content.

I came across a recent forum post asking the following question and thought the answer would be helpful to my readers: “I have Netflix Canada, but it doesn’t have all the shows that Netflix USA has. 1. Someone said Hotspot Shield would make it appear that I have a U.S. computer IP address (IPS? ISP?). Can anyone give a definitive answer on this? 2. How safe is this Hotspot Shield and would it work?”

So to answer the first question, Yes, Hotspot Shield, when installed on a PC, laptop, Mac or mobile device will use a US-based IP address when running. (If you have the paid version of their service, you can also choose IPs from other countries.) And in answer to the second question,Yes, Hotspot Shield is safe in regard to protecting your data as it travels over the Hotspot Shield VPN. And “would it work”…well, I don’t see why it wouldn’t work. Whether you want to use it in the manner the questioner is proposing is up to you. Keep in mind that the company may have a good reason for placing that restriction in the first place.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.

Avoid Unwanted Credit Card Charges

/1 Comment/in /by

I think it’s safe to say that all credit card charges are unwanted, but today I’m talking about so-called “grey charges”—those out-of-the-blue credit card charges that sneak up on us and require our time, attention, persistence and aggravation to get rid of. A study by BillGuard shows the average dollar amount lost by grey charges is around $356.00per consumer annually.

Studies show 1 in 4 people to be victims of grey charges, and because 9 out of 10 people don’t even check their billing statements or only skim them lookingfor large purchases, those grey charges end up eclipsing fraud—as much as 95 percent grey charges to only 5 percent actual fraud!

While fraud certainly is and will always be a hot-button topic that has consumers scrambling to protect their credit cards (which, in reality, can’t completely be protected; all you can do is pay attention to your statements), grey charges have been absent on consumers’ radars in part because the companies that profit from these charges don’t want you to know about them. Fraud consists of 1 percent goods and services not delivered, 1 percent unauthorized charges and 3 percent “other” fraud, which often consists of hacking or unauthorized charges that occur after you hand your card over to a clerk.

Grey charges occur because 1 percent are billing errors, 2 percent are overcharges, 2 percent are duplicate charges, 4 percent are forgotten charges, 5 percent are hidden fees, 34 percent are just totally unrecognizable charges out of nowhere and a whopping 47 percent are unwanted subscriptions such as recurring memberships, “zombie” subscriptions, unwanted auto-renewals, negative option marketing, and “free to paid” offers.

Here’s how to reduce your risk of grey charges and fraud:

  • Always reconcile your bills diligently and on a timely basis
  • Refute unauthorized charges immediately—within one to two billing cycles
  • Use a credit card instead of a debit card, as credit cards offer more consumer protection
  • Use BillGuard to watch your back and protect you from grey charges

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Simplify and Secure Your Passwords

/0 Comments/in /by

It seems that almost every site on the Web requires a password. At least twice a week, I get an email from someone who wants me to join yet another site, which requires yet another username and password.

You can cop out and use the same username and password combination, but that’s always possible since some sites let you use numbers and symbols in your password and some don’t, or the user name you want may be taken. Besides that’s just asking for trouble. If you use the same password for your banking account, Gmail account, and your medical account you are leaving yourself open to exposure—if one account ends up getting hacked, all those accounts could be hacked.

But how do you manage all those user names and passwords without having a cheat sheet in a file on your computer or stuck on post-it notes next to your computer? Neither option provides the security you should reserve for passwords.

The key to surviving this is to make a small investment in a password management service that stores your passwords on a security-restricted site that you can access from any device as long as you have an Internet connection. The best thing about a password manager is that you ultimately have just the one master password to remember, which gets you access to all the different passwords for each site.

Password managers also allow you to instantly create secure and complex passwords for each of your accounts, so that you don’t end up using the same one for every account. Usually trying to create complex passwords can be tiresome and it isn’t easily remembering them all, but with a password manager it remembers all your passwords for you.

You might ask how having one password manager that holds the “key” to all my user names and passwords safe? Well it’s much safer than what you’re most likely using today and most of these password managers utilize a high-level of encryption that can’t easily be cracked.

The real security vulnerability is with your own computer and devices and any existing or future malware that it may have that could record your keystrokes or take screenshots. To prevent this, you need to make sure you have a clean device and run scans on a regular basis.

Never forget your passwords again with McAfee SafeKey password manager tool. McAfee SafeKey is available with McAfee All Access and it securely stores your usernames and passwords for your favorite sites, and logs in for you—with just one click. And it works and syncs across all your PC, Mac, iPhone or Android devices.

Robert Siciliano is an Online Security Expert to McAfeeDisclosures.

Maximizing the Use and Efficiency of Your Mobile Device

/0 Comments/in /by

Time isn’t just money. Time is what you spend with your family, on a vacation or watching a kid’s dance recital. Time can be gained or lost based on how efficiently or inefficiently you use and implement mobile technology.

First and foremost, your mobile phone is a communication tool. It should be set up to access and communicate with everyone in your life that you depend on and who depends on you.

Contacts: There are apps built into all devices that store your contacts’ names, addresses, phone numbers and email addresses, and you really should make sure all these points of data are entered and backed up. Google’s Gmail Contacts is one way to have all your contacts backed up and in sync with your device. It baffles me whenever I text someone and the person responds, “Who is this? I lost my phone and my address book.” Gmail backs up automatically from your desktop or your mobile device.

Calendar: Every device has a built-in calendar. Again, I prefer Google Calendar. I can set appointments from my desktop or device, and every appointment has a set of alerts to remind me one to two days and then two to eight hours ahead of time. I get lots of pings and beeps as reminders, but with a busy life, I need that extra bit of reminding.

Docs: Yes, I use Google Docs too. There are dozens of documents I need access to wherever I am. I have yet to find a more efficient program than Google Docs to safely store and access my documents right on my mobile.

Google Chrome browser: The beauty of this browser on your desktop and on your mobile device is in that you can access whatever tabs you have open on your desktop from your mobile and vice versa.

All this works just as well on a tablet as on iOS and Android. Thank you for saving me time and making life more efficient, Google. Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Just One of Many Internet Scams

/1 Comment/in /by

A good friend of mine called me recently to ask what I knew about scams from online sales. He had placed an ad on CraigsList for something he was trying to sell and had asked for $150 for the item. He had received a call from a woman and she offered to send him a check for the item.

Shortly thereafter, he received a $2,400 check from a major chemical company and was confused about why the check was so much more than the amount he listed and why it was coming from a chemical company.

If you ever run into this, rip up the check. This is advanced fee fraud, or a shipping scam. I explained to him that he would undoubtedly be receiving an email requesting that the difference be paid to shipper via a wire transfer.

But why send a check for $2,400, and why from a chemical company? It was probably the only seemingly legitimate check the scammer on hand from a “business.” If you fall for this scam, you end up sending $2,250 back to the scammer and you never get paid on the $2,400 check.

The day after we spoke, he received this email:

“Hello XXXX,

The check has been delivered, thanks for your honesty towards this transaction so far. Well, the overpayment is meant to cover the cost of shipment for the item alongside my other properties including tax and insurance plus the movers and agents fees.

Please deposit the cheque today so that it clears tomorrow after the check has cleared, All you have to do is go the bank and have the rest of the money withdrawn in cash and have it sent to the movers via wire transfer.

Do let me know your schedule for the week regarding pickup as i have some other properties to be moved alongside the item. Please do act accordingly as agreed after deducting your money for the item, make the rest fund available to the movers via money gram Money Transfer at any of their outlet around you or check on moneygram.com and check for their outlets around and get back to me with the transfer details below (as it appears on the receipt) so i can contact the movers for the pick-up at your location ….Deduct the money gram money transfer charges from my fund also $50 for yourself (meant for any hassle or run around).

1) Sender’s name and address

2) Reference number {which is the 8 digits number on the Money Gram receipt}

3) Actual amount sent after the fee had been deducted

Hope i can trust you with the overpayments? Your Honesty and transparency will be appreciated”

 

The vast differences in the sale amount of the item versus the amount of the check are a huge red flag. Another thing to pay attention to is the email itself. It’s full of bad grammar and has some inconsistencies in wording that should be a warning sign to you.

This scam works on a small percentage of people who are naïve and by their nature are overly trusting of others. Help put a stop to this kind of fraud by learning about these scams and making an effort to educate others on the risks and pitfalls of phone, email, snail mail and web based scams.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was StolenDisclosures.

FTC: Identity Theft Top Complaint Once More

/0 Comments/in /by

Last year, 2012, marks the first year in which the FTC received more than two million complaints overall, and 369,132, or 18 percent, were related to identity theft—an increase of 30% over 2011. Of those, more than 43 percent related to tax- or wage-related fraud.

As the internet grows ever more pervasive and essential, we find ourselves conducting most of our business online. We use the internet to shop, pay bills and manage bank accounts. We will increasingly rely on the electronic exchange of personal information as the internet continues to evolve and become even more consumer friendly. Subsequently, criminals will also evolve, working day and night to find and exploit vulnerabilities within our networks. These hackers will not sleep until they gain access to all of our information, which they can utilize to steal our identities or gain access to our financial accounts.

Statistics show that one in four American adults has been notified by a business or organization that his or herinformation has been compromised due to a data breach. This means that you could be taking all the necessary precautions to keep your information safe, but by simply doing what every other person in the world does—sharing your Social Security number or credit card information with a trusted organization—you put yourself and your security at risk. So, how do you protect yourself?

  • Lock down your PC with antivirus, antispyware, antiphishing and a firewall.
  • Always keep your devices’ OS and critical security patches updated.
  • Consider getting a credit freeze and/or identity theft protection.
  • Shred—don’t just throw away—personal information.
  • Lock down your wireless network with WPA2 encryption.
  • Protect data on wireless devices, particularly when using a public WiFi network, with a free VPN such as Hotspot Shield.

By following these guidelines, you will keep your identity safer. You know who you are; don’t let anyone else think he can be you.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How BYOD is Driving Innovation

/1 Comment/in /by

One fourth of all global information workers use their own devices at home and at work for work purposes. A recent survey report, commissioned by Unisys and conducted by Forrester Consulting, involved 2,600 IT workers and 590 business and their IT executives.

CIO Insight points out that these are the “mobile elite,” a class of professionals who overwhelmingly opt to use their own tools because they claim these devices and applications make them far more productive than products supported and distributed by their companies’ IT departments.

Mobile-elite professionals appear to maintain a decided edge when it comes to client service and innovation. And they are also likely to take the initiative when it comes to sparking organizational change and introducing new technologies.

A recent Deloitte study highlights many common business and technology innovations being explored:

  • Improving time to market, customer satisfaction levels and sales
  • Improving infrastructure and data security, and reducing risk of incident or loss
  • Potentially reducing costs associated with hardware, monthly service fees, provisioning and ongoing support

A recent IDG report disseminated by DronaMobile enumerates the benefits of permitting employees to use their own tools.

Employees allowed to choose their own devices are happier and more satisfied in their work. With the added flexibility of choosing the applications and cloud services to use, employees get the leeway to be innovative. As smartphones and tablets blur the line between personal and work hours, employees pursue ideas at their own pace, time and location. Without the pressure of conforming to office hours and working on office equipment alone, workers are observed to be more productive, efficient, creative and appreciative of this privilege.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

BillGuard: Grey Charges Equal Legal Fraud

/1 Comment/in /by

Grey charge: When you buy something with your credit card and you get charged for something you didn’t want. Often a merchant will tack on additional products and services to a legitimate purchase you make, and you “sorta” know about the charge…but not really.

For example, you might be in the process of purchasing something and a pop-up windowreading “Get 25 percent off your order NOW! CLICK HERE!” comes up. And in the fine print below “CLICK HERE!” it says, “By getting 25 percent off, you are agreeing to get a free month of a one-year membership to our discount clubfor which you will be charged$19.95 per month after the first month. You may cancel at any time, but you are required to give us 30 days’ notice in writing.”

Or something stupid like that.

Then, a couple of months go by and you get your credit card statement and see this charge for $19.95 and wonder what it’s for. You call the number on the statement and someone answers and puts you on hold for an hour. By the time you are done yelling and pulling all your hair out of your head, you will probably end up gettingcharged for two or three months for something you never wanted.

And that’s IF you even pay attention you your credit card statements, because nine out of 10 people don’t check their bills, or merely skim them quickly for large purchases. This is what the scammy merchant bets on when initiating a grey charge.

Is it legal? Well, it’s not illegal…but it IS sneaky and deceptive.

According to BillGuard’s internal research, one in four users has incurred some type of erroneous or deceptive charge in the last 12 months. And among those users who have been affected, the average of these charges is about $350 a year.

So pay attention to your statements and refute unauthorized or grey charges ASAP. And don’t forget: Read the fine print—and remember that any offer that sounds too good to be true is.

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.