How to prevent your Pics from being lifted: Part 1 of 2

/in , /by

You need not be a celebrity or some big wig to suffer the devastating fallout of your online images (and videos) being stolen or used without your permission.

10DSo how does someone steal your image or use it without your permission?

Hacking

  • Hacking is one way, especially if passwords are weak and the answers to security questions can easily be figured out (e.g., “Name of your first pet,” and on your Facebook page there’s a picture of you: “My very first dog, Snickers”).
  • Malware can be installed on your device if the operating system, browser or security software is out of date.
  • But hackers may also get into a cloud service depending on their and your level of security.

Cloud Services

  • In 2014, the images of celebrities and others were stolen from their iCloud accounts. At the time, two factor authentication was not available to consumers.
  • Apple did not take responsibility, claiming that the hackers guessed the passwords of the victims. This is entirely possible as many use the same passwords for multiple accounts. It is reported that Jennifer Lawrence’s and Kate Upton’s passwords really were123qwe and Password1, respectively.

Social Media

  • Got a pretty avatar for your Facebook page? Do you realize how easy it is for someone to “Save image as…”?
  • Yup, someone could right-click on your provocative image, save it and use it for some sex site.
  • And it’s not just images of adults being stolen. Images of children have been stolen and posted on porn sites.
  • Stolen photos are not always racy. A stolen image could be of an innocent child smiling with her hands on her cheeks.
  • The thief doesn’t necessarily post his loot on porn or sex sites. It could be for any service or product. But the point is: Your image is being used without your authorization.

Sexting

  • Kids and teens and of course adults are sending sexually explicit images of each other via smartphone. These photos can end up anywhere.
  • Applications exist that destroy the image moments after it appears to the sender.
  • These applications can be circumvented! Thus, the rule should be never, ever, ever send photos via smartphone that you would not want your fragile great-grandmother or your employer to view.

How can you protect your digital life?

  • Long, strong passwords—unique for every single account
  • Change your passwords regularly.
  • Firewall and up-to-date antivirus software
  • Make sure the answers to your security questions can’t be found online.
  • If any of your accounts have an option for two-factor authentication, then use it.
  • Never open attachments unless you’re expecting them.
  • Never click links inside e-mails unless you’re expecting them.

Stay tuned to Part 2 of How to prevent your Pics from being lifted to learn more.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to use two-factor authentication for critical accounts

/in /by

Have a small business? Great. Have two-factor authentication for your accounts? If you’re not sure of the answer to that question, you could be in trouble. October is National Cyber Security Awareness Month, the perfect time to learn more about cyber security. As a small business owner, you certainly have thought about data breaches. They don’t just happen to giants like Target and Sony. The common thread in many data breaches is that the hackers got the password.

5DOnce a hacker has a password, they often can get into the account, even if a username or other information is required. But suppose the hacker, mouth drooling as he’s about to break into your business accounts with your password and username, types in this login information and then sees he’s blocked unless he enters a one-time passcode? That’s a form of two-factor authentication. Game over for Joe Hacker.

Two-factor authentication may mean a different login, every time you login, even on the same day, and only YOU have it. It’s sent to your e-mail or phone. Setting up two-factor authentication differs from one platform to the next. See the following:

PayPal

  • Click “Security and Protection” in the upper right.
  • At bottom of next page, click “PayPal Security Key.”
  • Next page, click “Go to register your mobile phone” at the bottom. Your phone should have unlimited texting.
  • Enter your phone number; the code will be texted.

Google

  • At google.com/2step click the blue button “Get Started.” Take it from there. You can choose phone call or text.

Microsoft

  • Go to login.live.com. Click “Security Info.”
  • Click “Set Up Two-Step Verification” and then “Next.” Take it from there.

LinkedIn

  • At LinkedIn.com, trigger the drop-down menu by hovering over your picture.
  • Click “Privacy and Settings.”
  • Click “Account” and then “Security Settings.”
  • Click “Turn On” at “Two-Step Verification for Sign-In.”
  • To get the passcode enter your phone number.

Facebook

  • In the blue menu bar click the down-arrow.
  • Click “Settings.”
  • Click the gold badge “Security.”
  • Look for “Login Approvals” and check “Require a security code.”

Apple

  • Go to appleid.apple.com and click “Manage Your Apple ID.”
  • Log in and click “Passwords and Security.”
  • Answer the security questions to get to “Manage Your Security Settings.”
  • Click “Get Started.” Then enter phone number to get the texted code.

Yahoo

  • Hover over your photo for the drop-down menu.
  • Click “Account Settings.”
  • Click “Account Info.”
  • Go to “Sign-In and Security” and hit “Set up your second sign-in verification.”

Type in your phone number to get the texted code. If you have no phone you can get receive security questions via e-mail.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use.

Being cyber aware also includes backing up your data to a secure offsite location. Back it up with Carbonite, and receive 2 free bonus months with purchase of any subscription through the end of October by entering code “CYBERAWARE” at checkout.

Robert Siciliano is a personal privacy, security  and identity theft expert to Carbonite discussing identity theft prevention. Disclosures.

Retirees Prime Targets for Identity Theft

/in /by

Is it easier for crooks to prey on senior citizens, or is it that most targets are the seniors?

Well, one thing’s for sure: A disproportionate percentage of identity theft complaints come from people 50-plus (though I’m sure some readers would hardly consider 50-somethings to be seniors—but you get the point).

Some scammers go after seniors because they know that many older people have a lot of money saved up. And it’s also no secret that many seniors aren’t as sharp as they used to be, and also are not caught up on technology.

Some common scams that target the elderly:

  • A caller pretending to be “your favorite grandson.” This lures the victim into announcing the name of that grandson, and then the crook identifies himself by that name. If the victim has hearing loss, he can’t tell that the caller’s voice doesn’t sound like his grandson.
  • The caller then gives a sob story and asks Gramps to wire him some money.
  • Retirement home employees access resident records for their Social Security numbers and other data, then sell these to crooks.
  • An e-mail supposedly from the victim’s bank (or IRS or FBI) warns them that something is wrong and that they must act immediately to resolve the issue—and the action involves typing in their Social Security number, bank login information, etc.
  • Scam mortgage companies. These fraudsters will get ahold of applicants’ Social Security numbers, other data and even their deeds to commit identity theft.

How to Help Prevent Identity Theft

  • Some seniors are active on social media. Be very careful what you post on Facebook, Instagram, etc. Don’t post anything that could reveal your location or when you’re away from home.
  • If you’re looking for employment, refuse to take any job in which the “employer” wants you to cash checks through your account or get involved with wire transfers.
  • Don’t keep sensitive information in your wallet/purse.
  • Don’t leave your cell phone, wallet, etc., out in public where some punk could skate by and snatch it.
  • Use a shredder for all personal and financial documents.
  • Automatically delete, without ever opening, e-mails that seem to have come from your bank, the IRS or FBI. Same for e-mails announcing you won a prize or say something very suspicious in the subject line such as “Dear Blessed One” or, “I Need Your Help.”
  • Never conduct financial transactions on a site that has only an “http” in the URL, but instead, an “https” and a yellow lock icon before it.
  • Use Hotspot Shield VPN when on Free WiFi. Free WiFi is often unencrypted and vulnerable to hackers.
  • Make copies of your credit cards and other crucial documents and keep them in an easy-to-remember place in case any of these cards, etc., get stolen or lost, so you can quickly cancel the cards, etc.
  • If you want to mail a letter that contains sensitive data, deposit it at a post office collection box.
  • Believe it or not, crooks will get information out of obituaries to commit identity theft. Leave out details like date of birth, birth town, name of schools, etc., and just note age of passing and give details that an ID thief can’t use, such as, “She loved doing volunteer work with children.”
  • Check your bank and credit card statements every month for suspicious charges.

Retirees don’t have to be victims of fraud as long as they are paying attention to various scams and recognize their responsibilities regarding preventing identity theft. By putting systems in place fraud doesn’t need to happen.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why You Should Use a Password Manager

/in /by

Most experts in cybersecurity suggest that computer users utilize a password manager, and I think they have a great point. These managers ensure that you can use a unique, strong password for all online account. On the flip side, there are naysayers that state a password manager isn’t as safe as you might think, as if the master password is discovered, it could give someone access to all of your information. So, who is right?

3DAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, only 37% of survey participants use passwords that contain both letters and numbers. And only 8% report using a password management system, which can automatically create strong passwords for every site and change them frequently.

Here are some things to keep in mind:

Singing Praises for Password Managers

Why do some experts sing the praises for password managers?

  • Password managers allow you to use the most secure passwords, and allow you to use a different password for every account.
  • Since most websites have their own requirements for a password, you won’t become frustrated every time you log in, and you won’t have to remember if the ampersand is before or after the capital “S.” Besides, no one can remember every single password and username combination.
  • These password managers can work across all devices and on all browsers.

The Possible Downside of Password Managers?

Though there are certainly benefits of using a password managers, some people share their concerns with this software and state some of the following reasons:

  • There is a chance of a hack, albeit a small one, and if someone discovers a master password, they have access to everything including banking and personal information.
  • You also don’t know how secure these password managers really are, especially if it is an online password manager, such as one associated with a web browser, as the data may not be encrypted properly.

Looking At Both Sides of the Fence

When looking at expert opinion, you will typically find that most of them fall somewhere in the middle when it comes to using a password manager. These people see password managers as useful, but people should use them with caution.

  • Only use applications that have good reputations and those that do not rely on third parties
  • Use password managers that alert you immediately of a breach
  • Remember, a password manager is only as strong as the master password. This password should be strong, unique and changed often.

Good or bad, it’s probably better to be safe, rather than sorry. As with anything, be smart with your password manager, and you should have no issue with its effectiveness.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Self-Monitored Security System Market heating up

/in /by

The Angee home security system is the only one with a video camera that rotates 360 degrees as it detects motion. And this high definition camera has smart zones; you can set up specific zones for monitoring. But Angee is more than just a video surveillance setup. It’s a self-monitored home security system, points out an article on securitygem.com.

ANG1Angee isn’t the first self-monitored home security system that allows the user to view a crime at their home in real-time. However, one feature in particular distinguishes Angee from other similar systems. And that is the versatility of the security tags.

So let’s say the small cylindrical Angee unit is on a cocktail table in your living room, and you have numerous windows throughout the house’s many rooms, and other door entries. Just slap a tag on these other windows and doors. When a tag detects activity it will send an alert to your smartphone (Angee comes with an app for this).

  • The tags will detect motion via two motion sensors including the one that fitness researchers use to measure a person’s daily physical activity: the accelerometer.
  • The motion sensors will also detect open and close movement, such as that from a window.
  • The tags, along with the base unit, will detect movement.
  • You can also activate or deactivate Angee with your voice alone, and if someone else who’s unauthorized speaks the same password, Angee will reject it.

Though one of Angee’s competitors also uses tags, its tags don’t provide the extent of operation that Angee’s does, such as the detection of motion or voice arm/disarm. Angee is also the only such system that can answer your phone.

Unlike one of its competitors, Angee lacks a flood sensor and a few other features like an outdoor smart switch. Angee also does not integrate with other online services yet.

But if you’re primarily interested in home security, the absence of some of these other features won’t be a big deal. Angee makes up for this absence with some cool features like night vision and sound detection (though it’s not the only system that has these features), plus limited free cloud storage.

Robert Siciliano, personal and home security specialist to Angee. Learn more about Angee in this Video. Support Angee on Kickstarter. See Disclosures.

Butthead Burglar buttdials Cops

/in , /by

You know what a “buttdial” is. This is when a person has a seat somewhere, and the ensuring pressure of their butt against the seat accidentally presses upon the keypad of the phone that’s in their pocket. Or they don’t lock their phone and their fingers indiscriminately just call someone. Happens a lot.

What are the odds that the numbers that are pressed actually dial someone’s number? It’s pretty small, but it’s happened so much that the term “pocket dial” is now official English vernacular.

Here’s a better question: What are the odds that a buttdial dials 9-1-1? Next question: What are the odds that the buttdialer, at the time he butt dials, is talking about committing a burglary, and the 9-1-1 dispatcher overhears this?

Well, it happened.

Usatoday.com reports that a butt dial call came in to Somerset County dispatchers in New Jersey recently, and the inadvertent call allowed them to overhear burglary plans.

Scott Esser, 42, is now in jail on $100,000 bail after butt dialing on July 27. Nobody knows exactly what he did to accidentally place this call. All we know is that it rung 9-1-1, and dispatchers heard men discussing a burglary but were not able to track the location.

However, that evening, a burglary occurred in Branchburg. And by then, the cell phone company had learned that the butt call had been made by a phone assigned to Esser.

So detectives put out surveillance on Esser, following him as he drove to a home. Once he got out, the police lost sight of him. But he returned, and the detectives went to the home—and saw that it had been burglarized. They caught up with the butthead and arrested him.

His car contained jewelry and some pricey electronics, a gun, $11,300 worth of U.S. bonds, and burglary tools. Esser was then charged with burglaries not only in Branchburg, but in Stafford and Berkeley Heights. The butthead was busted.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Beware of Apple ID Phishing Scams

/in , /by

You may have been scammed after you responded to an e-mail that appears it came from Apple. When hackers send e-mails that appear to come from a legitimate company like Apple (or Google, Microsoft, PayPal, etc.), with the objective of tricking the recipient into typing in passwords, usernames, credit card information and other sensitive data, this is called phishing.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Many phishing scams are in circulation, including the Apple one. Hackers know that tons of people have Apple accounts. So if they robotically send 10,000 phishing e-mails to random e-mail addresses, they know that they’ll reach a lot of Apple account holders. And in any given group of people, there will always be those who fall for the scam. Not me, though. Recently I received the following scam e-mail:

Your Apple ID was used to buy a iOS App “TomTom Canada” from the App Store on a computer or device that had not previously been associated with your Apple ID.

Order total: $ CAD 44.99
If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

 If you have not authorize this charge, Click here to login as soon as possible to cancel the payment!

When the payment will be canceled you will get a full refund.
Sincerely,
Apple Support
apple.com/support

A tip-off that this is fraudulent is the typos: “used to buy a iOS App…” (Hopefully you can spot the typo right away.) Another typo: “If you have not authorize this charge…”

 

A legitimate e-mail from a reputable company will not have typos or mistakes in English usage. And it’s unlikely it will have exclamation points, especially after words like “payment.” This e-mail really reeks of rotten phish.

Another red flag is that when you hover over the link, you get an unintelligible URL, or one that’s simple not Apple.com

Forward Apple phishing links including their headers to reportphishing@apple.com.

Unfortunately, many people are ruled by shot-gun emotional reactions and promptly click links inside e-mails. Once they’re taken to a phony website, most are already sucked in too deep to recognize they’re about to be scammed.

Additional Information for Apple Account Holders

You can quickly change your password at Apple ID.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is a Password Manager?

/in /by

Many people, including myself, make mistakes with their passwords and use them on site after site. To remain safe, it’s important to use a unique, strong password on every site you visit. How do you do this the easy way? Use a password manager.

2PAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, the results indicate that people have some idea of the scale of the password challenge: More than half said they felt stressed out by the number of things they have to remember on a daily basis at work, and 63% reported that they’d either forgotten a password or had a password compromised at some point during their professional career

A password manager can solve this issue. A password manager is a type of software that stores login information for all the sites you commonly use, and the program helps you to log in automatically each time you browse to a particular website.  This information is stored in a database, controlled with a master password, and is available for use at any time.

Word of Warning: Don’t Reuse Your Passwords!

What is the big deal about reusing your passwords? It could be really damaging:

  • If your password is leaked, scammers will have access to information such as your name, email address and a password that they can try on other websites.
  • A leaked password could give scammers access to online banks or PayPal accounts.

What is It Like Using a Password Manager?

The first thing you will notice when using a password manager is that it will take a lot of weight off of your shoulders. There are other things you will notice, too:

  • You first visit the website as you normally would, but instead of putting your password in, you will open the password manager and enter the master password.
  • The password manager will automatically fill in the log in information on the website, allowing you to log in.

Think About it Before You Use a Web-Based Password Manager

Yes, there are web-based password managers out there, but there are problems associated with them:

  • All major browsers have password managers, but these cannot compete with a full password manager. For instance, they store the information on your computer, and this is not encrypted information meaning scammers can still easily access it.
  • These managers cannot generate passwords randomly, and they don’t allow for syncing from platform to platform.

Get Started With a Password Manager

If you are ready to get started with a password manager, the first thing to do is choose your master password:

  • The master password must be very strong, as it controls access to everything else
  • You should also change your passwords on every other site to a stronger password
  • Make sure your passwords have capital letters, symbols and numbers for the strongest password combination

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

12 Ways to secure your Home

/in , , /by

The FBI says that in the U.S., one out of every 36 homes will be raided by thieves in any given year. Often, the burglars were able to get in due to the residents’ carelessness.

3BUnlike the movies, in which burglars are hiding in the shrubs at night waiting for the homeowner to return home, then jump out and press guns to their ribcages, ordering them inside, real life burglars often literally stroll right through an unlocked door and help themselves to all the goodies. There are many ways the home occupant can make it easy for burglars to get in unnoticed.

  • Unlocked doors and windows.
  • A sloppy yard. This makes a thief think nobody’s hardly ever home, and he’ll likely target the house for a break-in.
  • Shrubs and bushes that obscure entryways. Burglars love it when they can conceal themselves in the dark with the help of plant growth around windows and doors.
  • Posting travel plans on social media. Yes, burglars scout social media to see who’ll be away from the house.
  • Indiscriminately answering the doorbell. Burglars may pose as utility workers and talk their way inside. Or, they may push past the occupant and ransack the place while an accomplice restrains the occupant.
  • A chronically dark house. Don’t be a utility bill penny pincher. Enough lights should be on at night, including when you’re home, to make a burglar think there’s fully-awake people inside. Automatic timers that turn lights on and off will make the house look occupied, and will make it appear people are up in the middle of the night, when many break-ins occur.
  • Newspapers accumulating in the drive or a package sitting on the front stoop, suggesting nobody’s been home for a while.

Beef up Your Home’s Security

  • Get a security system for the house that has it all: motion detectors, surveillance cameras, smartphone connections. Even if money is tight, you can still fool many a burglar with a fake camera installed above the front door, and security company signs around the house—even though you don’t have a system. But really, these days, there are systems for all budgets.
  • Dog owners should hire a dog sitter rather than kennel their pet; a dog’s barking usually scares off a would-be intruder.
  • Put your paper and mail deliveries on a vacation hold.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Dust off your digital devices inside and out

/in /by

Hackers know small companies are more vulnerable to data breaches due to limited resources. Cybersecurity should always be a high priority. But when a company’s IT staff consists of maybe 1-2 people who are provided limited budgets and are constantly solving other tech problems, the focus on security suffers. And hackers aren’t the only problem. One significantly overlooked part of the security process “cleaning” the IT infrastructure.

4HIT staff being and small business owners must keep on top of:

  • Networked systems
  • PC and mobile hardware
  • Multiple device software
  • Local and cloud data

The best way to manage the “cleaning” process is to keep a checklist and break the workload down into small bites. Complete the following tasks to clean up your business’s digital life and add layers of protection:

  • Rule #1: Automatically back up your data before, after and always. No matter what you are doing to your devices, make sure they are backed up.
  • Use automatically updated security tools including anti-virus, anti-spyware, and firewall software.
  • Use a virtual private network for public Wi-Fi activity. Check to see if the VPN auto-updates.
  • Take an inventory of your e-mail files. Depending on the nature of a business, it may be prudent to keep everything backed up for years. In other cases, consider deleting useless messages. Create folders for messages pertaining to certain topics. Delete old folders, etc.
  • Go through all of your devices’ programs and uninstall the ones you’ll never use.
  • Carefully sift through all of your files and get rid of useless ones.
  • Separate out media so that there are files specifically for images, video, docs, etc.
  • Integrate desktop icons that have a commonality. For instance you may have several related to a certain product or service you provide. Create a main folder and put all of these in it. Icon clutter may slow boot-up time and makes things look and feel, well, cluttered.
  • Take a look at all your passwords. Replace the crackable ones with long and strong ones. An easily crackable password: contains real words or proper names; has keyboard sequences; has a limited variety of characters. If you have a ton of passwords, use a password manager.
  • Have multiple backups for your data including on premise and cloud storage.
  • Defragment your hard drive.
  • Reinstall your operating system. Of course, first make sure all your data is backed up beforehand.
  • Operating systems pick up temporary files over time, slowing the computer and making it vulnerable. The free CCleaner tool will clean up your system’s registry.
  • Install program updates. Your OS should automatically do this, but check just to be safe.
  • Review the privacy settings of social media accounts to make sure you’re not sharing information with more people than you’d like.
  • Make sure your business is protected by a security alarm system that includes video surveillance. Hackers get the spotlight, but we can’t forget about the common burglar.

The prevention tactics above apply to businesses and really, everyone. Be sure to train your employees on proactive security and inform them about tricks that cyber thieves use. For more information visit: http://www.dhs.gov/national-cyber-security-awareness-month. If you’re looking for a secure backup solution, check out Carbonite. Sign up before the end of October and receive two free bonus months when you enter code “CYBERAWARE” at checkout.

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.