6 Ways to halt Online Tracking

/in , /by

“On the Internet, you can be ANYBODY!”

1PNot quite. Remaining anonymous in cyber space isn’t as easy as it used to be. Your browsing habits can be tracked, leading to your true identity. But there are things you can do to remain as anonymous as possible.

  • Don’t feel you must use your full, real name when filling out forms or whatever, just because it’s asked or even a “required field.” Of course, you’ll want to use your real name when registering online with a bank, for instance, or making a purchase. But sometimes, the real name just isn’t necessary, such as when registering with a site so that you can post comments on its news articles, or registering with an online community so that you can participate in forums.
  • Stop “liking” things. Does your vote really matter in a sea of thousands anyways? But you can still be tracked even if you don’t hit “like” buttons, so always log off of social media sites when done. This means hit the “log out” button, not just close out the page.
  • Twitter has options to control how much it tracks you, so check those out.
  • Clear your browser cookies automatically every day.
  • Use a disposable e-mail address; these expire after a set time.
  • Firefox users get a browser add-on called NoScript to block JavaScript. JavaScript gets information on you, especially when you fill out a form. However, JavaScript has many other functions, so if you block it, this may impair ease of use of the websites you like to navigate.

Virtual Private Network

You may not think it’s a big deal that your browsing habits get tracked, but this can be used against you in a way that you cannot possibly imagine.

For example, you suffer whiplash injury in a car accident and want to sue the erroneous driver who caused it. However, your nephew asks your advice on weight lifting equipment, so you decide to visit some websites on weight lifting equipment since you know a lot about this.

The defendant’s attorney gets wind of this online search and can use it against you, claiming you don’t really have any whiplash injuries. How can you prove you were searching this information for your nephew?

A VPN will scramble your browsing activities so that you can freely roam the virtual world wherever you are without worrying you’re being tracked. Your IP address will be hidden. One such VPN service is Hotspot Shield, which can be used on iOS, Android, Mac and PC.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Lost your Master Password, do This

/in /by

You have a master password, from your password manager, for 28 accounts. Life has been so easy since!

5DBut then you lose this master password. First off, you can’t fix this like you would if you forgot your password for PayPal or your credit card’s site. Plus, each password manager service has a different solution.

Yet how do you lose a master password in the first place? If it’s impossible to remember,then it may not be a good master password, regardless it should be written down somewhere in a secret location.

Lifehacker.com explains the requirements for various password manager services if you actually lose your master password.

Dashlane

  • A lost master password with Dashlane is like, well…imagine your backpack falling into a dark crevasse—gone forever—even if you have applications for your smartphone for Dashlane.
  • You’ll need to create a new account or reset the existing account, but either way, you must start from scratch.

1Password

  • You’re out of luck if you lose your master password—gone with the wind; you must begin all over again, just like with Dashlane.

LastPass

  • Offers a one-time password, after which you must reset your password
  • Requires the computer you’ve already been using LastPass for
  • You’ll need the associated e-mail account. Otherwise, you must begin everything from ground zero.

KeePass

  • Lose your master password with this and you’re done. You must start from scratch.
  • Don’t even bother trying to crack it because KeePass does have built-in protection.

Roboform

  • It’s too bad here, too. Resetting your password means losing all of your data.

Of course, you don’t ever have to be in this hairy situation in the first place.

  • Write down your master password and store it in a secret location; do this several times, even, and make sure the locations are ones you won’t forget.
  • Write down the one-time password or backup code for your service (if it has these features). Write it down in more than one location, e.g., tape a stickie with it on the underside of your desk may not be the most secure, but an option.
  • See if the service allows you to export your password, then do so. Then save it on your computer and also print it out for a hardcopy duplicate. For better security don’t store it in your computer but instead in a USB drive (in addition to hardcopy).
  • See if the service provides a feature for emergency contacts, then set this feature up.
  • Back up all of your data as a general rule.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

What is a Virus?

/in /by

Have you ever had the chicken pox? This common childhood illness has another name—the varicella zoster virus. Like all viruses, varicella replicates itself, spreading though the body, and eventually appearing as itchy red blisters all over the body. But the virus doesn’t stop there; it can spread to other people through physical contact and through the air when an infected person coughs or sneezes. It’s not a very fun illness to have.

6DViruses don’t just affect humans; there are viruses that can affect your tech devices. A tech virus is a malicious program file that can also replicate itself and infect other devices through techniques like malicious links and sketchy downloads. But unlike the chicken pox where the virus eventually appears on your skin, a virus could be wreaking havoc on your device and you might not even know it!

Computer and mobile viruses can take many different form factors, but all are usually intended to do harm to your device, steal your personal info or money or both. Some examples of viruses include a Trojan Horse, which masquerades as something neutral or benevolent, but is programmed to infect the hard drive or even crash it. Spyware is a virus that observes your activities like logging into your bank account, collects this data (e.g., password, answer to secret question, username) and sends it to the hacker. And a worm, like other viruses, can corrupt files, steal sensitive information, or modify system settings to make your machine more vulnerable, but it’s different in that it can replicate and send copies of itself to other computers in a network without any human interaction.

There are several clues that could mean that your device has a virus. For example, if you notice your device is suddenly running at a snail’s pace. Another example is programs or apps opening and closing on their own. Or a major sign would be if you receive an email from a friend responding to a mass email you supposedly sent promoting some great deal on a pharmaceutical (that you never actually sent).

Just like there are things you can do to prevent the chicken pox, like wash your hands and stay away from infected people, there are ways to prevent a virus from getting on your device.

  • Be wary. Don’t open attachments from people you don’t know.
  • Think before you click. Don’t click blindly. Check the link URL to make sure you are being directed to a legitimate site.
  • Keep your OS and browser updated. Make sure that you install the latest updates for your operating system and browser as well as any hardware updates that are available for your device as these often close up security holes.
  • Install security software. Use comprehensive security software that protects all your devices, like McAfee LiveSafe™.

Here’s to keeping all your devices nice and healthy!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Keyloggers log wirelessly

/in /by

Gee, it sounds like something out of one of those 1970s TV shows about government spies, but it’s reality: Plug this little thing into a wall socket and it records the keystrokes of a person nearby typing into a Microsoft wireless keyboard. The little gadget sends the information back to the gadget’s owner over the Internet.

1DThe device looks like a USB wall charger, and this “KeySweeper” can be created with instructions from Samy Kamkar, a hardware hacker and security researcher who developed the gadget.

An article on threatpost.com explains that KeySweeper can alert its operator when keystrokes spell out something that the thief-operator would be interested in, such as a bank’s website address. The device continues working even when removed from the wall socket.

As for making a KeySweeper, Kamkar says that it’s not wise for a person without strong knowledge of electrical things to attempt to construct one.

To remain as inconspicuous as possible, the KeySweeper relies upon low profile hardware and very low power. It can also be powered by a battery because it’s installed inside a USB wall charger. So if you unplug the device (and thus disconnect it from A/C power), KeySweeper is still going, relying on its battery inside.

And if you think that KeySweeper is difficult to detect, you’re correct. It could be sitting in someone’s lap one table over from you at the Internet cafe and recording your keystrokes.

Your only protection then would be to use a keyboard that requires an electrical cord, or, a wireless one that’s not from Microsoft. Kamkar’s device works only with Microsoft because of the technological compatibility that Microsoft’s wireless keyboards have with the gadget. It is likely however that devices such as this will become more common and will also work with other keyboards.

So how do you protect yourself? Seems difficult if not impossible. One way would be to reduce the amount of data that could be exposed. The most sensitive data is generally passwords and credit card data. A password manager will enter all this data for you and not require keystrokes. This is the most effective and secure “autofill” available that bypasses keystrokes.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

4 Tips for Spring Cleaning Your Digital Life

/in /by

Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.

  1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
  2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
  3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
  4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.

So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

It’s a Security System and More

/in /by

WARNING: Removing this video surveillance camera to kill evidence of your robbery will do you chickenfeed because the video of you is being stored in the cloud!

2WToday’s security systems are so much more evolved than they were 20 years ago, even 10 years ago.

We’ve all heard of the bright light that goes on over the garage when someone steps onto the driveway. That’s so old that some burglars aren’t miffed by this in the least. However…such a motion detection system can also trigger video surveillance and notify the police. And there’s so much more that today’s security technology can do:

  • Send an alert to your smartphone that something anomalous has been detected inside your house; you can then view the interior in real time where this detection occurred, even if you’re across the country. Don’t be surprised if in the future, the homeowner could—with a single tap of a smartphone key—activate a net from the ceiling to deploy and engulf an intruder, holding him till the cops come. I WANT THAT.
  • Even if you live in a virtually crime-free neighborhood and have no valuables…you can still be endangered by non-human threats like gas leaks, fires and trip-and-fall hazards in dark areas with triggered lighting. A home security system can protect you from these variables.
  • Burglars aren’t fooled by the constant light that’s on to make it seem like you’re home when you’re not. However, security systems can create a pattern of on-and-off light use when you’re away, simulating that someone’s actually home.
  • If you still have an old-fashioned wireful security system, it’s time to switch to wireless. Wireless eliminates the possibility of a burglar cutting the wires. Furthermore, a wireless system can include a small remote that can activate and deactivate the system, like when you want to go outside at night with the dog to do its business.

If you were to ask 1,000 home burglary and invasion victims, “Did you think the crime could ever happen to YOU?” What do you think they’d all say? Stop making excuses and get a home security system if you already don’t have one.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Identity Theft Protection 101

/in /by

What’s it called if, for example, someone runs up your credit card line without your permission? Identity theft. ID theft isn’t necessarily someone going around impersonating you. But it is considered someone taking over your accounts.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Account takeover is also someone hacking into your computer and getting the password for your PayPal account, then sucking it dry. ID theft is an extremely common occurrence. The damage incurred by ID theft runs along a continuum, from light to heavy. At its worst it can:

  • Cost thousands of dollars to repair the fallout
  • Take months to fix this
  • Destroy reputation
  • Cause difficulty finding employment
  • Cause rejection of loan applications
  • Cause the victim to be arrested because the identity thief committed a crime in their name

There are tons of ways one can become a victim. It used to be that ID thieves would steal a wallet and gain information that way, or dig through your rubbish for bank statements. But these days, ID theft is prolifically committed in cyber space by thieves thousands of miles away.

For example, a thief halfway around the globe could trick you into giving your bank account information by sending an e-mail that looks like it’s from your bank, telling you that your online account has been compromised and that you need to supply your account information to repair the problem.

Or, clicking on a link that promises to show you a nude celebrity instead downloads a virus to your computer.

ID theft can also occur through no lapse in judgment of your own: when the retailer you buy things from with a credit card is hacked.

Protect Yourself

  • All of your computer devices should have software: antivirus, antimalware and a firewall, and always updated.
  • Educate yourself on recognizing scams. Some are ingenious and look legitimate. One way to drastically reduce the odds of being tricked by a ruse is to never, never, never click on any links in an e-mail. Never.
  • Make all of your passwords unique, over 10 characters and a mix of numbers, letters and symbols: gibberish rather than the name of your favorite rock band or sport.
  • View your credit report (it’s free) once a year from each of the three credit reporting agencies. Look for odd things like new accounts opened that you never opened and other false information.
  • If you’re sure you won’t be applying for a loan for a long time, freeze your credit.
  • Use only reputable merchants for online shopping when possible (we all know this rule doesn’t apply when you want to buy those big clumpy home-baked chocolate cookies from “Denise’s Gourmet Cookies”).
  • Missing snail mail bills? Report this to the associated companies because a thief may have changed your billing address.
  • Use a VPN. A virtual private network such as Hotspot Shield is one significant layer to protect your data and your identity by encrypting your information.

Consider it a red flag if you receive credit cards you didn’t apply for, especially if they have high interest rates.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to identify Tax Scams

/in /by

The IRS isn’t your biggest enemy during tax season. It’s the criminals who pretend to be IRS reps and then con people out of their money. They contact potential victims chiefly through phone calls and text messages.

9DTypically, the message is threatening in tone and/or content, informing the target they’ll be arrested if they don’t immediately send the IRS owed money. The threat may also be deportation or a driver’s license suspension (that last one is really silly, but people actually do fall for these cons).

The money must be wire transferred or sent via a pre-paid card—and this is one of the tip-offs it’s a scam: Why wouldn’t the IRS accept a personal check like they normally do? The wire transfer or pre-paid card guarantees the crook will never be tracked.

Identifying tax scams is easy! It’s a scam if the scammy “IRS”:

  • Requests a credit card number over the phone or email
  • Requests a wire transfer or pre-paid card over the phone or email
  • The initial communication about owed money is NOT through snail mail.

The aforementioned three points should be enough for you to identify a scam, but to make identification even easier, here’s more:

  • There’s background noise to make you think it’s a busy call center.
  • The caller gives you his “badge number” to sound more official.
  • The caller identifies himself with a common name (i.e., Michael Harris).
  • The phone call coincides with an e-mail (to make things appear more official).
  • The caller hangs up when you say, “I actually work for the IRS myself.”

Scammers’ tricks that can fool you:

  • The caller ID appears it’s the IRS calling. Caller ID can be easily “spoofed”.
  • You get another call from supposedly the DMV or police department, and the caller ID shows this. (Now think about this for a moment: With all the really bad guys out there making trouble, don’t you think the police have better things to do than call people up about back taxes?)
  • The caller may know the last four digits of your Social Security number.

Don’t argue with the caller. Simply hang up (or if you want to have fun, tell them you yourself are with the IRS and listen to how fast they hang up). If you really do owe taxes, call the real IRS and work with an authentic employee to pay what you owe.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Go Two-Factor or go Home

/in , /by

Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as you use your laptop. Or, you can be tricked—via a phishing e-mail—into giving out your super strong password. The simple username/password combination is extremely vulnerable to a litany of attacks.

What a crook can’t possibly do, however, is log into one of your accounts using YOUR phone (unless he steals it, of course). And why would he need your phone? Because your account requires two-factor authentication: your password and then verification of a one-time passcode that the site sends to your phone.

Two-factor authentication also prevents someone from getting into your account from a device other than the one that you’ve set up the two-factor with.

You may already have accounts that enable two-factor authentication; just activate it and you’ve just beefed up your account security.

Facebook

  • Its two-factor is called login approvals; enable it in the security section.
  • You can use a smartphone application to create authentication codes offline.

Apple

  • Its two-factor works only with SMS and Find my iPhone; activate it in the password and security section.
  • Apple’s two-factor is available only in the U.S., Australia, New Zealand and the U.K.

Twitter

  • Twitter’s two-factor is called login verification.
  • Enabling it is easy.
  • Requires a dependable phone

Google

  • Google’s two-factor is called 2-step verification.
  • It can be configured for multiple Google accounts.

Dropbox

  • Activating two-factor here is easy; go to the security section.
  • SMS authentication plus other authentication apps are supported.

Microsoft

  • Enable it in the security info section
  • Works with other authentication apps.

Additionally, check to see if any other accounts you have offer two-factor, such as your bank (though most banks still do not offer this as described above, but do provide a variation of two factor).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Bank Account depleted, Company sues

/in /by

Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on krebsonsecurity.com. In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.

4HBank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.

In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.

This scenario has been replicated many times over the past five years, says the krebsonsecurity.com article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.

Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.

Businesses and consumers should:

  • Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
  • Stage phishing attacks to see how well everyone learned their security training
  • Retrain those who fell for the staged attacks
  • Make it a rule that more than one person is required to sign off on large transfers
  • Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.