4 Tips for Spring Cleaning Your Digital Life

Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.

  1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
  2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
  3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
  4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.

So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

It’s a Security System and More

WARNING: Removing this video surveillance camera to kill evidence of your robbery will do you chickenfeed because the video of you is being stored in the cloud!

2WToday’s security systems are so much more evolved than they were 20 years ago, even 10 years ago.

We’ve all heard of the bright light that goes on over the garage when someone steps onto the driveway. That’s so old that some burglars aren’t miffed by this in the least. However…such a motion detection system can also trigger video surveillance and notify the police. And there’s so much more that today’s security technology can do:

  • Send an alert to your smartphone that something anomalous has been detected inside your house; you can then view the interior in real time where this detection occurred, even if you’re across the country. Don’t be surprised if in the future, the homeowner could—with a single tap of a smartphone key—activate a net from the ceiling to deploy and engulf an intruder, holding him till the cops come. I WANT THAT.
  • Even if you live in a virtually crime-free neighborhood and have no valuables…you can still be endangered by non-human threats like gas leaks, fires and trip-and-fall hazards in dark areas with triggered lighting. A home security system can protect you from these variables.
  • Burglars aren’t fooled by the constant light that’s on to make it seem like you’re home when you’re not. However, security systems can create a pattern of on-and-off light use when you’re away, simulating that someone’s actually home.
  • If you still have an old-fashioned wireful security system, it’s time to switch to wireless. Wireless eliminates the possibility of a burglar cutting the wires. Furthermore, a wireless system can include a small remote that can activate and deactivate the system, like when you want to go outside at night with the dog to do its business.

If you were to ask 1,000 home burglary and invasion victims, “Did you think the crime could ever happen to YOU?” What do you think they’d all say? Stop making excuses and get a home security system if you already don’t have one.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Identity Theft Protection 101

What’s it called if, for example, someone runs up your credit card line without your permission? Identity theft. ID theft isn’t necessarily someone going around impersonating you. But it is considered someone taking over your accounts.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Account takeover is also someone hacking into your computer and getting the password for your PayPal account, then sucking it dry. ID theft is an extremely common occurrence. The damage incurred by ID theft runs along a continuum, from light to heavy. At its worst it can:

  • Cost thousands of dollars to repair the fallout
  • Take months to fix this
  • Destroy reputation
  • Cause difficulty finding employment
  • Cause rejection of loan applications
  • Cause the victim to be arrested because the identity thief committed a crime in their name

There are tons of ways one can become a victim. It used to be that ID thieves would steal a wallet and gain information that way, or dig through your rubbish for bank statements. But these days, ID theft is prolifically committed in cyber space by thieves thousands of miles away.

For example, a thief halfway around the globe could trick you into giving your bank account information by sending an e-mail that looks like it’s from your bank, telling you that your online account has been compromised and that you need to supply your account information to repair the problem.

Or, clicking on a link that promises to show you a nude celebrity instead downloads a virus to your computer.

ID theft can also occur through no lapse in judgment of your own: when the retailer you buy things from with a credit card is hacked.

Protect Yourself

  • All of your computer devices should have software: antivirus, antimalware and a firewall, and always updated.
  • Educate yourself on recognizing scams. Some are ingenious and look legitimate. One way to drastically reduce the odds of being tricked by a ruse is to never, never, never click on any links in an e-mail. Never.
  • Make all of your passwords unique, over 10 characters and a mix of numbers, letters and symbols: gibberish rather than the name of your favorite rock band or sport.
  • View your credit report (it’s free) once a year from each of the three credit reporting agencies. Look for odd things like new accounts opened that you never opened and other false information.
  • If you’re sure you won’t be applying for a loan for a long time, freeze your credit.
  • Use only reputable merchants for online shopping when possible (we all know this rule doesn’t apply when you want to buy those big clumpy home-baked chocolate cookies from “Denise’s Gourmet Cookies”).
  • Missing snail mail bills? Report this to the associated companies because a thief may have changed your billing address.
  • Use a VPN. A virtual private network such as Hotspot Shield is one significant layer to protect your data and your identity by encrypting your information.

Consider it a red flag if you receive credit cards you didn’t apply for, especially if they have high interest rates.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to identify Tax Scams

The IRS isn’t your biggest enemy during tax season. It’s the criminals who pretend to be IRS reps and then con people out of their money. They contact potential victims chiefly through phone calls and text messages.

9DTypically, the message is threatening in tone and/or content, informing the target they’ll be arrested if they don’t immediately send the IRS owed money. The threat may also be deportation or a driver’s license suspension (that last one is really silly, but people actually do fall for these cons).

The money must be wire transferred or sent via a pre-paid card—and this is one of the tip-offs it’s a scam: Why wouldn’t the IRS accept a personal check like they normally do? The wire transfer or pre-paid card guarantees the crook will never be tracked.

Identifying tax scams is easy! It’s a scam if the scammy “IRS”:

  • Requests a credit card number over the phone or email
  • Requests a wire transfer or pre-paid card over the phone or email
  • The initial communication about owed money is NOT through snail mail.

The aforementioned three points should be enough for you to identify a scam, but to make identification even easier, here’s more:

  • There’s background noise to make you think it’s a busy call center.
  • The caller gives you his “badge number” to sound more official.
  • The caller identifies himself with a common name (i.e., Michael Harris).
  • The phone call coincides with an e-mail (to make things appear more official).
  • The caller hangs up when you say, “I actually work for the IRS myself.”

Scammers’ tricks that can fool you:

  • The caller ID appears it’s the IRS calling. Caller ID can be easily “spoofed”.
  • You get another call from supposedly the DMV or police department, and the caller ID shows this. (Now think about this for a moment: With all the really bad guys out there making trouble, don’t you think the police have better things to do than call people up about back taxes?)
  • The caller may know the last four digits of your Social Security number.

Don’t argue with the caller. Simply hang up (or if you want to have fun, tell them you yourself are with the IRS and listen to how fast they hang up). If you really do owe taxes, call the real IRS and work with an authentic employee to pay what you owe.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Go Two-Factor or go Home

Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as you use your laptop. Or, you can be tricked—via a phishing e-mail—into giving out your super strong password. The simple username/password combination is extremely vulnerable to a litany of attacks.

What a crook can’t possibly do, however, is log into one of your accounts using YOUR phone (unless he steals it, of course). And why would he need your phone? Because your account requires two-factor authentication: your password and then verification of a one-time passcode that the site sends to your phone.

Two-factor authentication also prevents someone from getting into your account from a device other than the one that you’ve set up the two-factor with.

You may already have accounts that enable two-factor authentication; just activate it and you’ve just beefed up your account security.

Facebook

  • Its two-factor is called login approvals; enable it in the security section.
  • You can use a smartphone application to create authentication codes offline.

Apple

  • Its two-factor works only with SMS and Find my iPhone; activate it in the password and security section.
  • Apple’s two-factor is available only in the U.S., Australia, New Zealand and the U.K.

Twitter

  • Twitter’s two-factor is called login verification.
  • Enabling it is easy.
  • Requires a dependable phone

Google

  • Google’s two-factor is called 2-step verification.
  • It can be configured for multiple Google accounts.

Dropbox

  • Activating two-factor here is easy; go to the security section.
  • SMS authentication plus other authentication apps are supported.

Microsoft

  • Enable it in the security info section
  • Works with other authentication apps.

Additionally, check to see if any other accounts you have offer two-factor, such as your bank (though most banks still do not offer this as described above, but do provide a variation of two factor).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Bank Account depleted, Company sues

Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on krebsonsecurity.com. In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.

4HBank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.

In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.

This scenario has been replicated many times over the past five years, says the krebsonsecurity.com article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.

Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.

Businesses and consumers should:

  • Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
  • Stage phishing attacks to see how well everyone learned their security training
  • Retrain those who fell for the staged attacks
  • Make it a rule that more than one person is required to sign off on large transfers
  • Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Latest Russian Cyber Attack on White House a Boon for CISA

The Russians have come…again—in the form of hackers. Not long ago Russian cyber criminals busted into the U.S.’s State Department system and mangled it for months.

1DThis time, they got into a computer system at the White House. Luckily, this system did not hold any classified information, but nevertheless, the hackers got ahold of President Obama’s private itinerary. So it just goes to show you just what hackers a world away can do.

This isn’t the first time that the White House has been hacked into. Remember the attacks that were allegedly committed by the Chinese? These, too, did not involve sensitive information, but the scary thing is that these cyber invasions show how easy it is for other countries to bang into the computer systems of the No. 1. Superpower.

So President Obama’s personal schedule got hacked, and in the past, some White House employee e-mails got hacked. What next—top secret plans involving weaponry?

What the Russians may do next is of grave concern to the FBI. Perhaps the Russians are just teasing us with this latest break-in, and the next hacking incident will really rattle things.

Ironically, Obama had recently signed an executive order in the name of stomping down on cyber crime. Well, someone didn’t stomp hard enough, and the Russians, Chinese and everyone else knows it.

Obama’s efforts involve CISA: Cybersecurity Information Sharing Act. The Act would mandate that there’d be greater communication between the government, businesses and the private sector relating to possible cyber threats.

CISA is not well-received by everyone because it involves what some believe to be a compromise in privacy. This latest attack on the White House, say CISA critics, might encourage lawmakers to hastily pass the Act without first building into it some features that would protect the privacy of the private sector.

The chief concern, or at least one of the leading ones, of CISA opponents or skeptics is that of the government gaining access to Joe’s or Jane’s personal information. And why would the government want to get our private information? For surveillance purposes—that harken back to the efforts to increase cyber protection and prevent more hacking episodes.

The bottom line is that this latest attack by the Russians will surely add a few more logs to the fire in that lawmakers will feel more pressure than ever to strongly consider passing CISA.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

How Hackers are Hacking Smarthomes

“My house was hacked!” Had you said this 25 years ago, people would have thought a burglar vandalized it with an axe. Say it today and nearly everybody will know what you mean: A thief or prankster “broke” in to your house via its connected-to-the-Internet gadgets.

4DIf something’s connected, like your refrigerator, the possibility of hacking exists. All of these smarthome gadgets make it to market without a lot of attention on security, leaving them with “back doors” through which hackers could enter. This creates a larger “surface area” for potential cyber invasions.

In January 2014, connected refrigerators were actually sending out spam e-mails. So don’t think that all of this is just hyped up anxiety. And unless you’ve been living in a cave, you’ve already heard about the man who hacked into a baby monitor and yelled obscenities through it. A hacker could infiltrate through any vulnerable device in your house and use it as a launching pad to get into your e-mail account and redirect your web traffic to them.

Though nothing is ever 100 percent secure, the issue boils down to how important it is for you to control your home’s thermostat or coffee pot while you’re away, which means adding one more “smart” thing to your house, increasing its surface area of potential attack.

Smart gadgets are especially vulnerable to attack because they may not be replaced for many years, such as a smart washing machine. This means the appliance or device needs to have a long-term ability to receive security updates.

To combat security threats, makers of smart gadgets and appliances need to have security in mind from the beginning of manufacturing. They need to set up a monitoring system for these products for as long as they are in use, so that the smart washer is just as protected in its 15th year of use by the homeowner as it is in its first year.

Though the smart coffee pot may come across as a status symbol of a tech-savvy person with money to burn, some smart devices can save money such as a system that monitors water usage and can even identify which pipe has a leak.

The homeowner has to do a risk/benefit analysis and just perhaps forego the coffee pot and the smart egg container that tells you when you’re down to your last few eggs. To check if your kids are sleeping you may just have to do it the old-fashioned way: walking to their bedroom and peeking in.

When making an investment in smarthome devices make sure to check out the reviews, do your research to see if anyone has experienced security issues. And make sure to update any software of firmware over the lifespan of the device.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Home Automation in your Security System

Having a house run like the Jetsons’ is becoming increasingly possible: It’s called home automation. If you’re not familiar with the futuristic cartoon family, the Jetsons, just about everything in their house was automated. Today, we can have the following:
3H

  • Sensors that make noise when a door or window opens are nothing new, but real-time video surveillance of a home’s interior and exterior, viewed remotely through a smartphone thousands of miles away, is relatively new technology.
  • Controlling the temperature inside the house from anywhere outside using a phone. The smartphone connects with the thermostat’s sensors that detect radio frequency signals.
  • Odorless but deadly, carbon monoxide gas will be detected by a detector—and this has been around for a long time, but what’s relatively new is that the detection will trigger ventilation: a head start for the home’s occupants to scramble outside. Sensors can also alert to possible gas leaks.
  • Recently in the news was the seven children who died in a Brooklyn, NY house fire started by a hot plate. Apparently the house had one smoke detector—in the basement—that nobody on the second floor heard when it went off while they were sleeping. The kids would have likely survived had there been multiple fire detectors to alert the residents.
  • Furthermore, smoke alarms detect smoke before the fire begins and can simultaneously notify a central control center that then contacts the fire department. Seconds count.

Home automation may seem like something that only the rich can afford, but the makers of these systems want to score a big profit, so they develop systems to fit different budgets. Reputable home security companies can offer different packages and give price estimates.

Realize that there exist security scams, including the one in which an employee comes to your house unannounced, wearing a jumpsuit with the name of your security company on it, claiming that your system needs servicing. What he really wants to do is scope your house for vulnerabilities and also find out when you might not be home in the near future—so he could rob the place.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to recognize Online Risks

Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294One of the most common ways this is done is through phishing.

  • The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
  • The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
  • These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
  • Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
  • These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
  • Sometime the e-mail will contain an attachment. Opening it can download a virus.
  • What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
  • You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
  • Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?

Passwords

  • Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
  • Never use keyboard sequences; again, a hacker’s tool can find these.
  • Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
  • Use a different password for every account.

Anti-malware Software

  • You should have a complete system that’s regularly updated.
  • Have a firewall too.

Virtual Private Network

  • Download Hotspot Shield to encrypt your data on public WiFi hotspots.
  • Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.

Secure Sites

  • Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.

A padlock icon before the https means the site is secure.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.