Post Holiday Online Shopping Security

When it comes to online security, don’t let your guard down just because the holiday shopping frenzy has passed. In fact, this may be the very time to put your guard up even higher.

4HThough it’s smart to have your radar on for the scammers during the holidays, the scammers don’t exactly go slithering back under their slimy rocks once the New Year is here. So here’s how to be safe online during, and after, the holiday season.

  • Never click a link inside an e-mail. Better yet, delete, without even opening, any e-mails with subject lines promising great offers, gifts, prizes, money or other hyped-up things.
  • If you don’t see the “https” before the Web address in the address bar, the site is not secure. A secure site always has “https” preceded by a padlock symbol.
  • Be suspicious of “too good to be true” offers that are tweeted or messaged through social media.
  • Do you shop on eBay? Then shop on eBay, not through e-mails supposedly sent by eBay. These are scams.
  • Speaking of eBay, always review the feedback of the seller.
  • Another thing to look for is the domain name of anything you received via e-mail. Scammers typosquat or cybersquat on legitimate domains.
  • You can upgrade your protection by doing your online shopping only with reputable, well-known retailers. Though some purchases will be an exception (e.g., home-baked chocolate chip cookies), other purchases like electronics, appliances, linens and consumables should be purchased from trusted merchants.
  • Shop online only when your connection is secure; Unless you use a VPN, never shop in cyberspace from a hotel’s, airport’s or café’s Wi-Fi connection. And make sure your computer’s security is always updated.
  • Never use a debit card online, because if a scammer takes your money, it will be gone that instant from your checking account. With a credit card, at least you won’t have to pay the bill if the fraud is reported within 60 days.
  • Never make an online purchase with your checking account—this means money being withdrawn before you receive the product…that you might never receive anyways.
  • Check credit card statements every two weeks if it’s set up online, and check every paper statement.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

5 Ways to prevent Airline WiFi from Hackers

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

5 Ways to Protect Yourself from Hackers on Airline WiFi

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Protect your Home post Holidays

After Santa has gone back to the North Pole to take a long rest, don’t think for a second that burglars too will be resting in January.

1HTrue, the holidays are a prime time for many burglaries, knowing that underneath that gargantuan Christmas tree in the picture window is surely a pile of expensive gifts. But people give burglars easy entry to their houses year-round.

The prowler will ring the bell. If nobody answers, he tests the door knob. If he does this enough times, this numbers game will pay off, because there’s always some lunkhead who will leave a door unlocked when they’re not home or overnight while they sleep.

If the main doors are locked, the thief may still persist and try other portals and may even break a window.

For safety year-round but especially post-holiday security, here are tips:

  • Get a home security system. If you already have one, good, but not good enough.
  • Keep all portals locked, even when you’re home. Yes, intruders enter occupied homes—these are more likely to be violent sociopaths wanting fast cash for their next drug fix, or rapists.
  • When you’re away, even for just a shopping trip, make it look like someone is inside (leave a TV on so the flickering can be seen, or a loud stereo, and/or lights).
  • When you’re out of town, arrange to have your house look like it’s being very lived in by installing automatic timers for exterior and interior lights, and arranging for trusted people to mow your lawn and park their car in your driveway.
  • As for the boxes that expensive items came in, keep them in your garage, out of public view, for three months. Then demolish them before leaving them curbside. Better yet, stuff the remnants in a trash bag.
  • I know you don’t want to live like a vampire, but do your best to keep shades and curtains closed even when you’re home in broad daylight.
  • Whether or not you have an alarm system, post stickers on your windows and signs in your yards that you do have a system.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect your Packages from Theft

Yes, many thieves don’t have anything better to do than to follow delivery trucks around town to see what kind of bountiful packages they’ll be leaving at the doorsteps of homes. This means even more crooks simply drive around residential areas looking for boxes sitting outside of doors. These crooks will walk off with the packages.

5HHow can you help prevent this from happening?

  • When making the purchase, set up the delivery so that your signature is required for receipt.
  • Make sure you have the transaction’s tracking number.
  • If you can’t arrange to be home to receive, then arrange for the package to be dropped off at a local shipping center.
  • Sometimes these shipping centers are located far from home, so another option is to install an easily-seen surveillance camera over the door. A fake one will look just as real. The only drawback to a fake one is if the thief is either exceptionally brazen, or doesn’t see the camera.
  • Next, arrange to have the package placed in as much of a concealed area as possible. For example, set up a planter by your door that has artificial (or real) foliage cascading over it. Small boxes can be placed under the foliage, hidden from thieves.
  • Arrange for UPS, if that’s the delivery company, to alert you with a text or e-mail when the delivery is imminent.
  • Another option, if you live in an apartment or condo is to have the delivery made to the front office.

Additional Safeguards

  • If you want a package picked up from your place, don’t leave it outside. Surely there’s a way around this, such as bringing it to a shipping center, mailing it or arranging to be home to give it in person to the recipient.
  • If you opt for snail mail, insure it and notify the recipient when to expect it.
  • If mailing checks, deposit them at the post office or postal collection box, rather than leave them in your mail box for the postal carrier to pick up (or hand them directly to him).
  • If traveling, put your mail delivery on a vacation hold.
  • Retrieve your mail daily.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Goodguy Hacker Selling Bad Guy hacks

Makes you wonder what these guys would have accomplished had they been born during the Renaissance…case in point: Kevin Mitnick, whose genius was so impressive as a cyber criminal (he hacked into IBM, Motorola, Sun Microsystems and other big-name outfits), that after serving prison time, he was hired as a good guy to help security teams develop penetration-proof systems.

4DBut Mitnick is now onto another venture: Absolute Zero Day Exploit Exchange. Mitnick wants to sell zero-day exploits (targeted surveillance), for at least a hundred grand each. In a wired.com article, for which Mitnick was interviewed, he states: “Researchers find them, they sell them to us for X, we sell them to clients for Y and make the margin in between.” He has not revealed how much he’s sold or to whom.

But Mitnick says they aren’t necessarily government related. For example, a buyer might be a penetration tester. He says he doesn’t want to help government agencies go around spying. Why would he want to assist the very people who locked him up in prison?

It’s anyone’s guess who’d be willing to shell out $100,000 for one of these tools (which would be used to garner information about bugs in the system that have not been addressed by security patches). After all, giants like Facebook pay only tens of thousands of dollars for this kind of tool.

Mitnick isn’t the only entrepreneur in the selling of secret hacking techniques; it’s already been going on. One of the skepticisms of this venture is just whom the buyer might be. Mitnick says he’ll carefully screen his buyers.

Though what Mitnick is doing is legal, it still snags attention because of his past. This guy was once the most wanted cyber criminal in the world, having made a career of hacking from his teens to early 30s, finally getting captured in 1995.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Credit Card Fraud isn’t the same as Identity Theft

Just as important as taking down the decorations, throwing out all the debris from opened gifts and getting the house back in order after the holiday activities, is that of scrutinizing your credit card statements.

2CWhy? To make sure that all the purchases on there were made by you and only you. The holiday season means more credit card use = more identity theft. In this case, it’s “account takeover.”

The crook gets your credit (or debit) card information in one of several ways: digging through trash to get credit card information; tampering with ATMs; hacking; and perhaps the thief is the person you gave the card to to pay for your restaurant meal.

Yet another way the thief could get you is to obtain a new credit card line—using your name, address and Social Security number. He maxes out his new card and doesn’t pay the bill. One day you get a call from a collection agency, along with knowledge that your credit has been ruined. This is called “new account fraud”

Account takeover can be discovered via unauthorized charges on your statements, or the thief’s spending habits may alert the company (via its anomaly detection software) to something suspicious, such as a lot of spending halfway across the globe one hour after you purchased something in your home town.

You have 60 days to report suspicious activity to save yourself from paying the unpaid bills. The zero liability policy protects you. The most you’ll pay out is $50. But if you delay reporting the fraudulent activity, you’re screwed.

Thus, you must make time to just sit down and look over every charge on your statements, even if this means that the only time you have to do it is when you’re on the toilet. But you DO have time. You have time to read someone’s drivel on Facebook or something about Duchess Kate’s hair…you certainly have time to read your card statements every month.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

The Guide to Securing Your New Tech Toys

Ho ho ho! It seems that this year, Santa’s sleigh was filled with technology—laptops, smartphones, gaming consoles, etc. Playing with and learning about your new tech toy is fun, but remember to secure your device. It would be a total bummer if your new toy was suddenly compromised by a virus or hacked into. Luckily, there are a few things you can do to protect your new device.

7WComputer/laptop

Install security software. Free software is not recommended, as it provides only basic protection and you’ll likely end up purchasing more anyways. Your security software should include:

  • A two-way firewall: monitors the activity on your devices making sure nothing bad is coming in (like unauthorized access) and nothing good is leaving (like your data).
  • Anti-virus software: protects your devices from malicious keyloggers and other malware.
  • Anti-phishing software: watches your browser and email for suspicious inbox activity.
  • Anti-spyware software: keep your PC spyware free.
  • Safe search capacities: McAfee® SiteAdvisor® tells you what websites are good and which are suspicious.

Smartphone or tablet

  • Be leery of third-party apps.
  • Turn off automatic connections to Bluetooth and Wi-fi.
  • Apply app and OS updates.
  • Never store sensitive information on your device.
  • Use mobile security software for iOS or Android that includes anti-virus, anti-theft, app, and web protection.

Gaming or electronic device

  • Create backups.
  • Don’t store personal info on the device.
  • Connect only to a secure Wi-Fi network.
  • Make sure you apply any OS updates.

Now have a great time with your new tech device. Play with ease of mind, knowing your device is secure.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

13 Cheap Simple and Smart ways to secure your Home

You don’t have to be wealthy to have a superbly protected home. You just need to have some common sense.

  1. BeOnKeep your doors locked overnight! Smoke blows through my ears and nostrils every time I read about someone “entering through an unlocked door” in the middle of the night and committing a sicko crime. This goes for windows, too. Rapists love to enter through unlocked windows. If you’re a big male bruiser with no children, and these things don’t scare you, then consider that you could still be up against a burglar with a gun to your head as you’re counting sheep.
  2. Keep doors and windows locked during the daytime when you’re home, too. Not all intruders operate in the dead of night.
  3. Keep the garage locked: always.
  4. Though some locks cost a lot more than others, we’re talking about door locks, not cars. If you want a $60 lock badly enough, this money will come out of the woodwork.
  5. Make your home looked lived in at all times. The BeOn smart lighting home security system is affordable and doesn’t have the month to month monitoring costs.
  6. Always keep the alarm on. A deranged sociopath doesn’t care if you’re home and it’s 2:00 in the afternoon when he needs money for his next drug fix.
  7. Make sure that your valuables are not visible through any windows.
  8. Never hide keys near doors because burglars will find them. Go keyless entry or leave keys with a neighbor.
  9. When you’re out, leave a TV on so that its flickering light makes your house look occupied. Use automatic timed lighting devices.
  10. Never announce on social media your travel plans.
  11. Always break down the boxes that expensive items came in before leaving them curbside for trash pickup.
  12. Put a vacation stop on your mail and newspaper delivery when you travel if you don’t have a trusted neighbor who can collect them for you.
  13. You won’t appear to be on vacation if a neighbor uses your driveway to park their car.

Robert Siciliano personal and home security specialist to BeOn Home Security discussing burglar proofing your home on NECN. Disclosures.