Beware of Apple ID Phishing Scams

You may have been scammed after you responded to an e-mail that appears it came from Apple. When hackers send e-mails that appear to come from a legitimate company like Apple (or Google, Microsoft, PayPal, etc.), with the objective of tricking the recipient into typing in passwords, usernames, credit card information and other sensitive data, this is called phishing.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Many phishing scams are in circulation, including the Apple one. Hackers know that tons of people have Apple accounts. So if they robotically send 10,000 phishing e-mails to random e-mail addresses, they know that they’ll reach a lot of Apple account holders. And in any given group of people, there will always be those who fall for the scam. Not me, though. Recently I received the following scam e-mail:

Your Apple ID was used to buy a iOS App “TomTom Canada” from the App Store on a computer or device that had not previously been associated with your Apple ID.

Order total: $ CAD 44.99

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

 If you have not authorize this charge, Click here to login as soon as possible to cancel the payment!

When the payment will be canceled you will get a full refund.

Sincerely,
Apple Support
apple.com/support

A tip-off that this is fraudulent is the typos: “used to buy a iOS App…” (Hopefully you can spot the typo right away.) Another typo: “If you have not authorize this charge…”

 

A legitimate e-mail from a reputable company will not have typos or mistakes in English usage. And it’s unlikely it will have exclamation points, especially after words like “payment.” This e-mail really reeks of rotten phish.

Another red flag is that when you hover over the link, you get an unintelligible URL, or one that’s simple not Apple.com

Forward Apple phishing links including their headers to reportphishing@apple.com.

Unfortunately, many people are ruled by shot-gun emotional reactions and promptly click links inside e-mails. Once they’re taken to a phony website, most are already sucked in too deep to recognize they’re about to be scammed.

Additional Information for Apple Account Holders

You can quickly change your password at Apple ID.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is a Password Manager?

Many people, including myself, make mistakes with their passwords and use them on site after site. To remain safe, it’s important to use a unique, strong password on every site you visit. How do you do this the easy way? Use a password manager.

2PAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, the results indicate that people have some idea of the scale of the password challenge: More than half said they felt stressed out by the number of things they have to remember on a daily basis at work, and 63% reported that they’d either forgotten a password or had a password compromised at some point during their professional career

A password manager can solve this issue. A password manager is a type of software that stores login information for all the sites you commonly use, and the program helps you to log in automatically each time you browse to a particular website.  This information is stored in a database, controlled with a master password, and is available for use at any time.

Word of Warning: Don’t Reuse Your Passwords!

What is the big deal about reusing your passwords? It could be really damaging:

  • If your password is leaked, scammers will have access to information such as your name, email address and a password that they can try on other websites.
  • A leaked password could give scammers access to online banks or PayPal accounts.

What is It Like Using a Password Manager?

The first thing you will notice when using a password manager is that it will take a lot of weight off of your shoulders. There are other things you will notice, too:

  • You first visit the website as you normally would, but instead of putting your password in, you will open the password manager and enter the master password.
  • The password manager will automatically fill in the log in information on the website, allowing you to log in.

Think About it Before You Use a Web-Based Password Manager

Yes, there are web-based password managers out there, but there are problems associated with them:

  • All major browsers have password managers, but these cannot compete with a full password manager. For instance, they store the information on your computer, and this is not encrypted information meaning scammers can still easily access it.
  • These managers cannot generate passwords randomly, and they don’t allow for syncing from platform to platform.

Get Started With a Password Manager

If you are ready to get started with a password manager, the first thing to do is choose your master password:

  • The master password must be very strong, as it controls access to everything else
  • You should also change your passwords on every other site to a stronger password
  • Make sure your passwords have capital letters, symbols and numbers for the strongest password combination

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

12 Ways to secure your Home

The FBI says that in the U.S., one out of every 36 homes will be raided by thieves in any given year. Often, the burglars were able to get in due to the residents’ carelessness.

3BUnlike the movies, in which burglars are hiding in the shrubs at night waiting for the homeowner to return home, then jump out and press guns to their ribcages, ordering them inside, real life burglars often literally stroll right through an unlocked door and help themselves to all the goodies. There are many ways the home occupant can make it easy for burglars to get in unnoticed.

  • Unlocked doors and windows.
  • A sloppy yard. This makes a thief think nobody’s hardly ever home, and he’ll likely target the house for a break-in.
  • Shrubs and bushes that obscure entryways. Burglars love it when they can conceal themselves in the dark with the help of plant growth around windows and doors.
  • Posting travel plans on social media. Yes, burglars scout social media to see who’ll be away from the house.
  • Indiscriminately answering the doorbell. Burglars may pose as utility workers and talk their way inside. Or, they may push past the occupant and ransack the place while an accomplice restrains the occupant.
  • A chronically dark house. Don’t be a utility bill penny pincher. Enough lights should be on at night, including when you’re home, to make a burglar think there’s fully-awake people inside. Automatic timers that turn lights on and off will make the house look occupied, and will make it appear people are up in the middle of the night, when many break-ins occur.
  • Newspapers accumulating in the drive or a package sitting on the front stoop, suggesting nobody’s been home for a while.

Beef up Your Home’s Security

  • Get a security system for the house that has it all: motion detectors, surveillance cameras, smartphone connections. Even if money is tight, you can still fool many a burglar with a fake camera installed above the front door, and security company signs around the house—even though you don’t have a system. But really, these days, there are systems for all budgets.
  • Dog owners should hire a dog sitter rather than kennel their pet; a dog’s barking usually scares off a would-be intruder.
  • Put your paper and mail deliveries on a vacation hold.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Dust off your digital devices inside and out

Hackers know small companies are more vulnerable to data breaches due to limited resources. Cybersecurity should always be a high priority. But when a company’s IT staff consists of maybe 1-2 people who are provided limited budgets and are constantly solving other tech problems, the focus on security suffers. And hackers aren’t the only problem. One significantly overlooked part of the security process “cleaning” the IT infrastructure.

4HIT staff being and small business owners must keep on top of:

  • Networked systems
  • PC and mobile hardware
  • Multiple device software
  • Local and cloud data

The best way to manage the “cleaning” process is to keep a checklist and break the workload down into small bites. Complete the following tasks to clean up your business’s digital life and add layers of protection:

  • Rule #1: Automatically back up your data before, after and always. No matter what you are doing to your devices, make sure they are backed up.
  • Use automatically updated security tools including anti-virus, anti-spyware, and firewall software.
  • Use a virtual private network for public Wi-Fi activity. Check to see if the VPN auto-updates.
  • Take an inventory of your e-mail files. Depending on the nature of a business, it may be prudent to keep everything backed up for years. In other cases, consider deleting useless messages. Create folders for messages pertaining to certain topics. Delete old folders, etc.
  • Go through all of your devices’ programs and uninstall the ones you’ll never use.
  • Carefully sift through all of your files and get rid of useless ones.
  • Separate out media so that there are files specifically for images, video, docs, etc.
  • Integrate desktop icons that have a commonality. For instance you may have several related to a certain product or service you provide. Create a main folder and put all of these in it. Icon clutter may slow boot-up time and makes things look and feel, well, cluttered.
  • Take a look at all your passwords. Replace the crackable ones with long and strong ones. An easily crackable password: contains real words or proper names; has keyboard sequences; has a limited variety of characters. If you have a ton of passwords, use a password manager.
  • Have multiple backups for your data including on premise and cloud storage.
  • Defragment your hard drive.
  • Reinstall your operating system. Of course, first make sure all your data is backed up beforehand.
  • Operating systems pick up temporary files over time, slowing the computer and making it vulnerable. The free CCleaner tool will clean up your system’s registry.
  • Install program updates. Your OS should automatically do this, but check just to be safe.
  • Review the privacy settings of social media accounts to make sure you’re not sharing information with more people than you’d like.
  • Make sure your business is protected by a security alarm system that includes video surveillance. Hackers get the spotlight, but we can’t forget about the common burglar.

The prevention tactics above apply to businesses and really, everyone. Be sure to train your employees on proactive security and inform them about tricks that cyber thieves use. For more information visit: http://www.dhs.gov/national-cyber-security-awareness-month. If you’re looking for a secure backup solution, check out Carbonite. Sign up before the end of October and receive two free bonus months when you enter code “CYBERAWARE” at checkout.

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

8 Tips to protect your Money – and your Identity – from Theft

When you hear the dictum, “You should protect yourself from identity theft,” do you equate this with pushing a wheelbarrow loaded with rocks up a hill? It would actually be more accurate to picture slicing into a fresh apple pie, because identity theft protection is as easy as pie. Check out the following things you should do—without breaking any sweat: http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294

  1. Examine your credit card statements once a month to catch any unauthorized charges. Even a tiny charge should not be blown off, since often, thieves will start out small to “test the waters.” Once they get away with this, they’ll be surfing the big waves if you don’t pounce on them quickly.
  2. Buy a shredder. Don’t rely on tearing up documents with your hands, especially unopened envelopes. A shredder will blitz them to fragments that a “dumpster diver” won’t be able to piece together. Until you get a shredder, use scissors and snip up anything that has sensitive information on it.
  3. Put the names and phone numbers of your credit/debit cards on hardcopy so you’ll have a quick way to contact them should any become stolen.
  4. There are three major credit report bureaus: TransUnion, Experian and Equifax. At least once a year review your credit reports with them, as they can reveal if, for instance, someone opened a credit card account in your name.
  5. If you ever lose your cell phone, anyone can obtain sensitive data you have stored in it—unless it’s password protected. And please, use a strong, long password, since the thief might be someone who knows you and is capable of sitting there trying all sorts of permutations with your beloved dog’s name, a la Duke1.
  6. Are a lot of your sensitive paperwork and documents in unlocked file cabinets that anyone can get into? The thief could be a visiting family member (yes, family members can be crooked), the cleaning lady, repairman, window guy, dishwasher installer, a visiting neighbor, you name it. A fireproof safe will protect these documents.
  7. All of your computers should have antivirus, antimalware and antispyware software, that’s regularly updated.
  8. Install a virtual private network to encrypt all free WiFi communications. Hostspot Shield is a good example.
  9. Put a freeze on your credit, at least if you don’t plan on applying for any credit lines or loans in the near future; you’ll be blocked until you unfreeze it, but so will thieves.

More on Credit Freezes

  • Freezing is free for ID theft victims; there’s a small charge for non-victims ($15 per credit bureau, which may be for all time, depending on your state’s policies).
  • “Thawing” the freeze (which takes five minutes) is free to victims and up to $5 for non-victims.
  • It will not affect your credit score.
  • It works because they block lenders from seeing your credit scores. So if someone gets your identity, they can’t open credit in your name because lenders need to see those scores.
  • You won’t be able to see your credit reports unless you have a PIN to access them.

Identity theft doesn’t have to be a scary nightmare. As long as consumers follow these basic tips and guidelines they can prevent many forms if identity theft.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why use a VPN?

If you want to be a pro at privacy, here’s a tip: When it’s time to go online, whether it’s at an airport lounge, coffee house, hotel, or any other public Wi-Fi spot, don’t log into any of your accounts unless you use a virtual private network (VPN).

8DA VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a hacker can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account.

Here are a few other important things to remember about unsecured networks:

  • It’s possible for cyber snoops to see your transactions, including email.
  • Snoopers and bad hackers can spy on the sites you visit and will know the passwords and usernames you use to access any account.
  • A Wi-Fi spot itself can be malicious, in that it was set up by a cybercriminal.
  • Even a reputable Wi-Fi spot, like that at a name-brand hotel, could be tainted. Hackers can use software to hijack Internet connections and trick users into using fake web addresses.

The good news is that you can subscribe to a VPN service for a low monthly fee. Now, if you have a VPN, you can feel at ease logging into any site on public Wi-Fi, because a VPN scrambles, or encrypts, all cyber transmissions. So to a snoop or hacker, your passwords, email messages and everything else will appear as unintelligible garble.

In addition to encrypting your transactions, most VPNs will conceal your device’s IP address. What you’re doing and which sites you are visiting will be under lock and key. This will stop companies from snatching users’ browsing habits and other data and sharing it with other online entities.

So, if your schedule doesn’t permit you the luxury of doing all your important Web surfing on your secure home Wi-Fi, and you often find yourself logging on to your bank’s site or other accounts while you’re away from home, remember that you really need a VPN. Because, when you are on an unsecured network, everything you do on your computer gets laid out on a silver platter for the cyberthugs.

Your information could be compromised, or your device could get infected and crash, wiping out all of your files.

A hacker might even threaten to wipe out your files if you don’t pay a ransom. The bottom line is that anything is possible when using public Wi-Fi, but VPNs can end all these concerns.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

How to Stop Sharing Your Location Information

The Internet helps us connect and share with people around the world, but there are some people with whom you definitely shouldn’t be sharing your information. Although it’s not pleasant to think about, it’s not just friends and family that can see your online posts, bad guys can too, including criminals and even sex offenders.

7WSo, when you take a photo of your kids in your backyard, know that if you post that picture on social media, a predator can potentially obtain the GPS coordinates of where that picture was shot.

This is because every time you take a picture, technical data is created and stored along with the image. This is called “EXIF data”, or exchangeable image file format. When this data includes location information, such as the exact GPS coordinates of where the photo was taken, the image is then “geotagged.”

The good news is you can view the EXIF data, and remove it to prevent predators from getting your location information. EXIF data will always be added to the storage of every picture you take; there’s no way to prevent this. But you can delete it.

Here’s how to prevent strangers from seeing your location information:

  • Select the image on your computer and right-hand click on it.
  • Select “properties.” You’ll find all the data here.
  • Go to the location, or EXIF data.
  • At the end of all the information you’ll see “Remove Properties and Personal Information.” This will wipe out the coordinates.
  • You should go through this process before posting photos online, because once they’re online, you can’t control who sees this information.
  • However, it will still be worth your while to strip this data from photos already posted online. For all you know, tomorrow is the day that a bad guy reads your location information, so today is the day to delete it.

Some people’s social media pages have an endless scroll of personal photos, including pictures of their children and teens. Be very selective of what you post online, and always delete the EXIF data before posting.

Save the pictures you don’t post for a hardcopy photo album. That way you’ll dramatically cut down on the time spent eradicating your location information, while increasing your online security.

Here’s some more tips to use location services safely:

  • Turn off the GPS function on your smartphone camera or digital camera. This is important if you are going to be sharing your images online. Instructions on how to turn off geotagging will vary, but we suggest referring to your phone or camera’s manual for further instructions on how to adjust this feature. You also might want to consider only letting certain apps (like maps) use your location data on your mobile device.
  • Check your privacy settings on social networks and photo sharing sites. Make sure that you are only sharing information with friends and family. Also, make sure that you only accept people into your network that you know in real life.
  • Be aware of the fact that the information you share on one social network may be linked to another.For instance, a photo you post to Twitter may automatically post to your Facebook profile. Because of this, it’s important that you check the privacy settings on all your accounts.
  • Finally, be careful about what images you’re sharing and when you are sharing them.Rather than uploading a picture that reveals your location the moment you take it, wait until you get home to upload it.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is a Hacker?

You probably think you know what a “hacker” is, but the images portrayed in the media can be misleading. You may be thinking of a geeky-looking guy who causes peoples’ computers to get infected with viruses or cracks passwords to raid the accounts of big business. This is one kind of hacker, but in a broader sense a hacker is a person (male or female) who uses their programming skills and technical knowledge to create and modify computer software and hardware by finding their weaknesses and exploiting them.

11DHackers can be motivated by a number of reasons, both positive and negative. For instance, criminal hackers can create malware to commit crimes, such as stealing information and money, while other hackers are benevolent. They may work for big companies or the government in the name of protecting them from bad hackers.

It helps to be familiar with these general categories of hackers:

Black hat hackers

This is a hacker who gains unauthorized access into a computer system or network with malicious intent. They may use computers to attack systems for profit, for fun, for political motivations, or as part of a social cause. Such penetration often involves modification and/or destruction of data, as well as distribution of computer viruses, Internet worms, and spam.

White hat hackers

Also known as “ethical hackers,” white hat hackers are computer security experts who specialize in penetration testing and other testing methodologies to ensure that a company’s information systems are secure. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas.

Gray hat hackers

These are skilled hackers who sometimes act legally, sometimes in good will and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

In addition to these definitions, the term “hacker” is currently used to refer to any individual who deliberately tries to compromise a computer system—regardless of objective.

It may also simply refer to someone who likes to tinker around with the innards of computer systems, and it may also mean a really smart person who can solve any computer problem.

So, while you may have generally thought of hackers as criminals, the term actually describes a range of people with different technical skills and motives. That’s why it would be more helpful if we used the term with descriptors, such as “white hat hacker” or “criminal hacker,” so we have a better idea to whom we are referring.

After all, hackers shouldn’t have a bad reputation overall. They are usually very talented people and we need more of the good variety: white hats.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.