8 Ways to bullet proof your Social Accounts

/in /by

There are ways to keep the hackers at bay—for the most part, anyways, since no protection is 100 percent efficient.

14D#1 Password protect.

A device lost or stolen puts all your accounts at risk. Even simply placing your devices on your desk, they can be accessed by a nosy spouse, contractor or baby sitter, putting your accounts at risk. All of your devices should be protected by a password or some kind of passcode, and set to lock up or hibernate after a certain period of inactivity. The lock can be a fingerprint or even a picture password.

Even if you’re the only person who uses your device, having a password is very important because you never know when someone may be able to abscond with your device, then pose as you in your Facebook account.

#2 Log out.

Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out.

#3 Remove apps you don’t use.

If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock out the ones you don’t use.

Each third-party app has the potential to act as a portal to hackers. In fact, every so often, go through these to weed out ones you don’t need anymore. Even legitimate applications can open doors of opportunity to hackers because their databases can become infiltrated.

#4 Two-step Verification.

With this, the login process has an extra step if you sign in on a different device. This means that crooks can’t get on with only your password and username. They need the extra code of two-step.

For instructions on how to set this up for social media, here are some common sites that provide them: Facebook, Twitter, Google, Gmail, Tumblr, Dropbox

#5 Don’t get reeled in.

Don’t blindly click on links in e-mails or instant messenger programs! Even if the link comes from a sender you know, that “sender” could actually be a fake sender line generated by a hacker.

Contact the person separately in a new e-mail and ask if they sent you a link. If the link is from a business, go to the business’s site rather than clicking its alleged link in your e-mail.

Though Web browsers and e-mail programs can spot these “phishing” attacks, they miss some; just don’t click on links inside an e-mail.

#6 Encrypt internet connections.

Whenever connecting to any critical account make sure the page you are connecting to is HTTPS, which the “S” makes it a “secure” page. Otherwise on open unsecured, unencrypted wireless, connect only using security software such as Hotspot Shield which encrypts all your wired and wireless communications.

#7 Easy Passwords.

The easier a password is for you to handle and remember, the easier it is for a hacker to crack. Stop using “princess” and 123456 as your passwords. Use a gibberish of characters that have no pattern and do not use words that can be found in a dictionary.

A password manager can help you manage a ton of passwords. Use different passwords for all of your accounts and include upper and lower case letters.

#8 Beef up password resets.

Review the social network’s password reset procedure. See if there are other measures they offer for restoring a hacked account, and get those activated. An example would be Facebook’s Trusted Contacts feature.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

I’ve been hacked, now what?

/in /by

You’re not special; a hacker CAN get into your computer or smartphone. Would you know how to clean up this mess?

4DStart by locating the portal through which the hacker got in such as a browser, emal program. Next, disconnect/uninstall this gateway from the Internet so it doesn’t invade other systems.

Check for suspicious activity by looking at your Activity Viewer or Task Manager. Check the CPU usage—if it spikes, you can have a better chance of spotting malicious activity. In fact, get familiar with how your device runs so that you know what’s normal and what’s not.

Once you’ve snipped access from the hackers, assess their damage.

  • Bring up to date your antivirus and anti-malware systems. If any protection system is disabled, enable it. Do a full system scan—using both systems.
  • Remove anything that doesn’t look right. Various malware scanners will locate bad things, but those bad things will continue downloading if there’s a browser plugin or extension. So take a keen look at all the small items that you’ve downloaded.
  • Change all of your passwords. Make them long and unique.
  • After that, log out of every single account. This will force the hackers to figure out your new passwords.
  • Clear out all cookies, the history and cache in your browser.
  • You may still not be out of the woods at this point. Keep an eye out for suspicious e-mails, new addresses in your account and other phantom activities.
  • If things are still going awry, wipe the hard drive and then reinstall your operating system. But first back up all of your data!

Prevention

  • Have a firewall, and one that’s properly configured.
  • Do not click links inside of e-mails, even if the sender’s address is one you know.
  • Do not open attachments from senders you don’t know or from someone you DO know but would never have a reason to send you an attachment.
  • Delete e-mails with urgent-sounding subject lines or claims you won a prize or inherited money.
  • Have both antivirus and anti-malware applications. They are not one and the same but may be packaged together.
  • Know what your security holes are.
  • Can’t be said enough: Make sure all of your passwords are very strong.
  • Keep your operating system and everything else up to date.
  • If you’re on public Wi-Fi, be extremely cautious. Use Hotspot Shield to encrypt your activities. A Wi-Fi with a password doesn’t mean it’s safe.
  • Never let your device out of your sight. Never. If you think you’ll ever need to leave it unattended, first equip the operating system with a lock and strong password.
  • Back your data up routinely.
  • Your device should have a remote wipe option so that you can eradicate data should someone steal the device.
  • Be very cautious about what you share online. Your computer may have all the bells and whistles of security, but all it takes is one lapse in judgment to let a hacker in, such as falling for some Facebook scam claiming you can watch a video of the latest commercial airliner crash caught on tape.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Russian Organized Crime: Krem D’la Krem of Hackers

/in , /by

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

11DAnd these Russians didn’t discriminate: Any website they could bust into, they did, ranging from big U.S. companies to little websites—anything. Most of these sites remain vulnerable.

Apparently, the thieves are not working for Russia’s government (which rarely goes after hackers anyways), nor have they sold the stolen information…yet. They’ve been paid by third-party entities who want to send out spam.

This gang of thieves operates like a business, with some doing the programming and others doing the stealing. The crooks use botnets to scope a site’s weaknesses, then plow in there.

This massive breach has called attention to the reliance that businesses have on usernames and passwords; this will need to be changed.

Tips for Preventing Getting Hacked

  • Say NO to clicking on links inside e-mails, even if the apparent (note “apparent”) recipient is your bank or a friend.
  • URL security. Trust only sites whose URL starts with a padlock icon and “https.” An “http” won’t cut it.
  • Two-step verification. If your financial institution offers this, then activate it. Call the bank if its website doesn’t have this information.
  • Online banking. If possible, conduct this on a separate computer just for this purpose.
  • Change the router’s default password; otherwise it will be easy for hackers to do their job.
  • Wired ethernet link. This is better than a powerline or Wi-Fi for protection. To carry out an ethernet attack, the thief would probably have to break into a home and set up a device, whereas Wi-Fi data can be snatched out of the air, and powerline data can leak into next-door.
  • Encryption. If you must use Wi-Fi or powerline networks, encryption will scramble data, but a hacker can crack into Wi’Fi’s WEP.
  • Say no to third-party Wi-Fi hotspots.
  • Security updates. Keeping up to date will guard against hackers who use a keylogger to figure out your keystroke pattern—which can tell him your passwords.
  • Hotshot Shield; This service protects you from fraudulent activity when you’re working online in an unprotected network (wired or wireless), such as at airports, hotels or coffee houses.
  • Get identity theft protection. Generally your identity is protected from new account fraud. Many of the services monitor your data on the dark web.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

15 ways to prevent Travel related Identity Theft

/in /by

See if you’ve been employing the safeguards below to protect your identity while traveling.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813#1 Put snail mail on hold.

Crooks love to scavenge through overflowing mail boxes to seek out personal information to steal an identity. Prevent this by arranging the postal service to put a stop on your mail.

#2 Clean up, thin out.

It’s been said that the laws of physics are defied when a woman empties her purse. Before traveling, dump out anything and everything: drug prescriptions, old memos, business cards, even expired documents. A thief could use this information to steal your identity.

#3 Be cautious with public computers.

A public computer is a very fertile area for identity theft, and this includes the computer in your hotel’s lobby. Never save passwords or use the auto-save function for forms. When you’re done, delete the search history. Never visit your financial institutions’ sites either.

#4 Wireless means watch out.

Free public Wi-Fi means anyone can snatch your personal information out of the air because this kind of Wi-Fi does not include encryption (which scrambles data). Use Hotspot Shield on your PC, Mac, tablet and mobile to encrypt your wireless communications.

The ability to snag your private information requires only a basic knowledge of computers plus a simple plugin, and voila—this person can spy on your browser activities. Try to use only WEP, WPA and WPA2 networks. Otherwise, visit only secure websites (they have the “https” in their address).

#5 Keep your phone number private.

Other than giving it to reps for your airline and hotel reservations, keep it to yourself. If it gets out, a fraudster could use it to pull phone scams on you.

#6 Protect your smartphone.

If your mobile device is loaded with personal information, it should have a home-screen-locking password. This can even be a fingerprint scan, depending on the model. Androids need antivirus the same as PCs do.

#7 Beware of ATMs.

ATMs can be fake or skimmers can be installed. A phony ATM kiosk can be set up on a street corner, beckoning for you. You swipe your card, and your card information is stored for later pickup by the thief who put the kiosk there.

If you must use an ATM, use a bank’s during regular business hours. Protect yourself from skimmers by blocking the keypad with your other hand as you enter your PIN. But still check your statements because keypad overlays can be installed too. Shred receipts immediately.

#8 Pay with cash.

Though stolen cash can’t be replaced, it also won’t lead to identity theft. Limit credit card use to secure payment systems found at major retail outlets and airports. Be suspicious of clerks who want to leave your visual range to swipe your credit card. And just plain don’t use a debit card when traveling.

#9 Don’t use your passport for ID.

Instead use your driver’s license or international ID. If you rely only on a passport and it gets stolen, you’ll end up in a bind you’ll never forget. Have backups of both scanned and available online.

#10 Hotel scams

Never give out private information over your hotel room’s phone, even if the caller says they’re from the front desk and need to straighten something out. Instead, deal with them at the front desk so you know it’s not a scam.

#11 Lock up valuables.

This doesn’t just mean jewelry, but use your hotel room’s safe to lock up passports, airline information, credit cards, cash and electronic gadgets unless you’re using them. Better yet, take them with you, or better still only travel with valuables you absolutely need.

#12 Review credit card statements.

Check your statements every month for unauthorized charges so that they don’t pile up.

#13 Encrypt laptop/mobile data.

When traveling with digital devices make sure to use encryption software that makes your data useless to a thief.

#14 Install tracking software.

Mobile devices should have a lock/locate/wipe software that does just that in the even your device goes mobile without you.

#15 Get identity theft protection

Both identity theft protection and a credit freeze should be used by everyone traveling or not.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Data Breaches May Result in Board Breakups

/in /by

The ripple effect continues to haunt Target: It’s expected that seven of its board of directors members may be replaced because they failed to provide effective oversight into the corporation’s data-protection risks. Boards simply need to be more proactive in safeguarding their companies against data breaches.

2DInstitutional Shareholder Services (ISS) prepared a report on the Target data breach and aftermath. The report states that Target’s board members should have been kept in the loop pertaining to protection of sensitive information and what a breach could mean to brand reputation and customer loyalty.

“The company acknowledged the need for more stringent internal capabilities to identify potential risks with less reliance on external reports which suggested the systems were robust enough,” the report says.

The report concludes that Target failed to prepare for keeping up with today’s cyber threat technology, and that this failure comes from the audit and the corporate responsibility committees.

ISS says that these committees are responsible for being in charge of risk assessment and management. This includes the risk of fraud. The inadequate oversight in these areas paved the way to the disastrous data breach.

The ISS report should be a wakeup call to board members of all businesses. Board members need to realize the importance of directing more time, energy and money toward improving security programs.

Though the dismissal of seven of Target’s total of 10 board members may seem radical, it also has a fair degree of rationale because it sends the message that boards and senior executives need to be held accountable for their company’s cyber security.

Boards need to be practically fused with their organization’s IT experts and executive team so that they have an intimate knowledge of the steps a company is taking to protect customer information—even if none of the board members are security experts. The ramifications from poor handling of a data security incident are now things that even board members must be aware of and work to prevent.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Data Breach Response Planning 101

/in /by

Don’t think in terms of “if” you’ll suffer a data breach, but rather, “when.” Once you establish this mindset, it’s time for you to develop a response plan. After all, a security system that’s impenetrable has yet to be invented.

4HWhat’s even more, an amazing number of businesses don’t even have the best security system available. So again, the data breach is a “when,” not an “if.”

For starters, a response plan should include as much information about the incident as possible, remaining transparent (consult your legal team about the types of information that should and should not be disclosed) and being aggressive at managing the circumstances.

Another area to consider when developing a response plan is how the data breach will impact customers and clients—namely, their trust in the company. The Ponemon Institute states that much of the damage from a data breach stems from the loss of customer trust in the company.

Though the average number of customers who vanish following a data breach came in at 4 percent, says the study, there are enterprises that see an average “customer churn” rate of 7 percent. While it may seem small, it will undoubtedly be noticeable when it comes to the bottom line, , and the healthcare and pharmaceutical industries are just the type to suffer this degree of loss.

So how can a company prepare to retain as many customers as possible following a data breach? Be prepared, and this preparation should include a way to stay level-headed.

One way to stay cool and collected is to avoid jumping the gun when the breach occurs, because if the business is too hasty at revealing the breach, the organization will have that much less time to respond in an efficient, optimal matter. Thus, take the time to consult with experts and gather all of the facts before reacting.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Home Invasion Task Force on high Alert

/in /by

Florida’s Collier County residents have a new fear on the block: masked home invaders. But really, they’re more like home walker-inners, because in the five reported cases, they got in via an unlocked door.

1BA task force was assembled on April 7 to figure out anything about these home invasions that began mid-February in which residents are held at gunpoint and bound. It’s not clear if these crimes are related.

But apparently, the intruders prefer occupied homes, figuring they can get a lot more this way (e.g., being directed to the safe and given the combination). And they’re quite adept at evading authorities; no details on the masked intruders are out, even though investigators are really hammering away at figuring this out, meeting every morning.

Residents are being urged to contact the sheriff’s office about suspicious activity, such as an idling car in a street, and just to trust their gut instincts about something seeming out of place.

As long as people continue leaving their doors unlocked, these invaders will continue having a field day with their crimes. Police are adamant that residents keep their doors locked, and keeping their alarms on (if they have one) even when they’re home.

Residents should consider putting valuables in a safe-deposit box located at their bank, and put up security cameras, a proven deterrent to home invasions and burglaries.

Thus far, compliant occupants of the invaded homes have not been harmed, but one who tried to escape was injured enough to require hospitalization. The task force won’t give up until the perpetrators are stopped.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 Tips to Stay Safe Online

/in /by

Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks.

4HJust like there are dangers in the ocean, there are many dangers lurking on the Internet. And a savvy web surfer and searcher knows that there’s ways to protect themselves. Here are some tips to keep you safe while you surf the internet.

  1. Know the scams. Read articles and blogs, follow the news, and share this so you can  learn about different kinds of scams and what you can do to avoid them and also help your friends.
  2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
  3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.  McAfee SiteAdvisor is a free download and protects you from going to risky sites
  4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
  5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to www.passwordday.org
  6. Protect your info. Keep your guard up. Back up all of your  data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
  7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected. For more information on how to protect your Wi-Fi connection, click here.
  8. Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing McAfee LiveSafe™ service which has a much better firewall than the one that comes built into your operating system.
  9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans
  10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from some hungry cyber-shark.

These are the basics to help you stay safe online. To stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Cyber Security Insurance Difficult for Business to Navigate

/in /by

Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage.

4DLosses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online report. When it comes to a data breach, there are often related losses such as reputational damage and loss of customer loyalty that are harder to quantify.

Add to this the fact that underwriters don’t yet have sufficient data to estimate the likeliness or cost of an attack; most breaches get missed or aren’t reported publicly.

While an insurance company can tell you the precise odds of a major city office building burning down, nobody knows when the next giant retailer will be hacked. Statistics on hacking risks aren’t constant due to the continuous evolution of cyber crimes.

According to New York Times estimates, companies seeking coverage can only hope for, at best, a $300 million policy, peanuts compared to the billions devoted to property protection. Though this still sounds generous, the cost of a major breach can easily exceed it. Target’s situation is on course for just that, says the New York Times online article. The 2011 Sony breach has already exceeded $2 billion in fallout.

The best policies cover costs associated with alerting customers, plus forensics, call center setups, consumer identity monitoring, legal fees and a crisis management firm. But that may only dent the disaster. Policies don’t address loss in profits due to customers jumping ship. A policy can’t prevent a marred brand reputation. “Although a solid cyber policy will cover notification, crisis management expenses, defense costs, damages and the costs associated with regulatory action, it would not cover other, potentially much larger losses, such as reputational injury and loss of brand and market share,” says Roberta Anderson, an insurance coverage and cybersecurity attorney with the law firm of K&L Gates, LLP.  “Those losses are difficult to value and remain uninsurable in the market today.”

Expect the cyber insurance industry to continue swelling while cyber crime continues to remain several steps ahead of businesses and security systems.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Business Identity Theft; Big Brands, Big Problems

/in /by

Cyber criminals go after brand names like vultures, infiltrating company websites, hijacking mobile applications and tainting online ads, among other tricks.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Some corporate websites aren’t as secure as business leaders think they are—and cyber thieves know this. They use the “watering hole” technique to infiltrate the system. Ever see an animal TV show in which the lions wait in the brush, camouflaged, for their unsuspecting prey to approach the lone body of water? You know the rest.

Think of the company’s website as the watering hole. The company typically uses “landing pages” to entice people to their main site, but leave the landing pages up after they’ve served their purpose. Here’s where trouble starts, fewer resources are devoted to monitoring or updating these pages, allowing hackers to pounce on the vulnerabilities and insert malicious code, luring visitors to malicious sites using the trusted reputation of the brand..

Ultimately, the brand name becomes associated with this. Some examples as reported by Forbes.com:

  • The nbc.com home page was infected with the Citadel/Zeus installation malware.
  • The U.S. Veterans of Foreign Wars’ website was infected with malware.
  • Third-party app stores are a source of downloaded malware, since these are usually un-policed. Apps can be repackaged with mal-code, creating an association of bad with the brand name of that app. The mal-code could gather personal data on the purchaser, which is then sold to data brokers, violating user privacy, making the user think pretty negatively about the brand name.
  • Malvertisements are malicious ads that crooks place on legit websites. These normal-appearing ads spread bad things around, and do NOT have to be clicked to trigger a viral attack.
  • Banner ads can also be the target of injected mal-code.
  • These clever crooks will even pose as an actual name-brand company and put up legitimate ads on a website, but then replace those with mal-ads over the weekend—which go undetected because IT departments are lax on the weekends. After oh, say, a few million computers and mobiles are infected, the thieves stick the original, legit ad back in, which makes their crime difficult to track.

Third-party networks place a lot of ads, making it very hard to hunt down malvertising fraud. This complexity can make it virtually impossible for companies to protect themselves against 100% of malicious attacks.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.