8 Tips to protect your Money – and your Identity – from Theft

/in , /by

When you hear the dictum, “You should protect yourself from identity theft,” do you equate this with pushing a wheelbarrow loaded with rocks up a hill? It would actually be more accurate to picture slicing into a fresh apple pie, because identity theft protection is as easy as pie. Check out the following things you should do—without breaking any sweat: http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294

  1. Examine your credit card statements once a month to catch any unauthorized charges. Even a tiny charge should not be blown off, since often, thieves will start out small to “test the waters.” Once they get away with this, they’ll be surfing the big waves if you don’t pounce on them quickly.
  2. Buy a shredder. Don’t rely on tearing up documents with your hands, especially unopened envelopes. A shredder will blitz them to fragments that a “dumpster diver” won’t be able to piece together. Until you get a shredder, use scissors and snip up anything that has sensitive information on it.
  3. Put the names and phone numbers of your credit/debit cards on hardcopy so you’ll have a quick way to contact them should any become stolen.
  4. There are three major credit report bureaus: TransUnion, Experian and Equifax. At least once a year review your credit reports with them, as they can reveal if, for instance, someone opened a credit card account in your name.
  5. If you ever lose your cell phone, anyone can obtain sensitive data you have stored in it—unless it’s password protected. And please, use a strong, long password, since the thief might be someone who knows you and is capable of sitting there trying all sorts of permutations with your beloved dog’s name, a la Duke1.
  6. Are a lot of your sensitive paperwork and documents in unlocked file cabinets that anyone can get into? The thief could be a visiting family member (yes, family members can be crooked), the cleaning lady, repairman, window guy, dishwasher installer, a visiting neighbor, you name it. A fireproof safe will protect these documents.
  7. All of your computers should have antivirus, antimalware and antispyware software, that’s regularly updated.
  8. Install a virtual private network to encrypt all free WiFi communications. Hostspot Shield is a good example.
  9. Put a freeze on your credit, at least if you don’t plan on applying for any credit lines or loans in the near future; you’ll be blocked until you unfreeze it, but so will thieves.

More on Credit Freezes

  • Freezing is free for ID theft victims; there’s a small charge for non-victims ($15 per credit bureau, which may be for all time, depending on your state’s policies).
  • “Thawing” the freeze (which takes five minutes) is free to victims and up to $5 for non-victims.
  • It will not affect your credit score.
  • It works because they block lenders from seeing your credit scores. So if someone gets your identity, they can’t open credit in your name because lenders need to see those scores.
  • You won’t be able to see your credit reports unless you have a PIN to access them.

Identity theft doesn’t have to be a scary nightmare. As long as consumers follow these basic tips and guidelines they can prevent many forms if identity theft.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why use a VPN?

/in /by

If you want to be a pro at privacy, here’s a tip: When it’s time to go online, whether it’s at an airport lounge, coffee house, hotel, or any other public Wi-Fi spot, don’t log into any of your accounts unless you use a virtual private network (VPN).

8DA VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a hacker can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account.

Here are a few other important things to remember about unsecured networks:

  • It’s possible for cyber snoops to see your transactions, including email.
  • Snoopers and bad hackers can spy on the sites you visit and will know the passwords and usernames you use to access any account.
  • A Wi-Fi spot itself can be malicious, in that it was set up by a cybercriminal.
  • Even a reputable Wi-Fi spot, like that at a name-brand hotel, could be tainted. Hackers can use software to hijack Internet connections and trick users into using fake web addresses.

The good news is that you can subscribe to a VPN service for a low monthly fee. Now, if you have a VPN, you can feel at ease logging into any site on public Wi-Fi, because a VPN scrambles, or encrypts, all cyber transmissions. So to a snoop or hacker, your passwords, email messages and everything else will appear as unintelligible garble.

In addition to encrypting your transactions, most VPNs will conceal your device’s IP address. What you’re doing and which sites you are visiting will be under lock and key. This will stop companies from snatching users’ browsing habits and other data and sharing it with other online entities.

So, if your schedule doesn’t permit you the luxury of doing all your important Web surfing on your secure home Wi-Fi, and you often find yourself logging on to your bank’s site or other accounts while you’re away from home, remember that you really need a VPN. Because, when you are on an unsecured network, everything you do on your computer gets laid out on a silver platter for the cyberthugs.

Your information could be compromised, or your device could get infected and crash, wiping out all of your files.

A hacker might even threaten to wipe out your files if you don’t pay a ransom. The bottom line is that anything is possible when using public Wi-Fi, but VPNs can end all these concerns.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

How to Stop Sharing Your Location Information

/in , , /by

The Internet helps us connect and share with people around the world, but there are some people with whom you definitely shouldn’t be sharing your information. Although it’s not pleasant to think about, it’s not just friends and family that can see your online posts, bad guys can too, including criminals and even sex offenders.

7WSo, when you take a photo of your kids in your backyard, know that if you post that picture on social media, a predator can potentially obtain the GPS coordinates of where that picture was shot.

This is because every time you take a picture, technical data is created and stored along with the image. This is called “EXIF data”, or exchangeable image file format. When this data includes location information, such as the exact GPS coordinates of where the photo was taken, the image is then “geotagged.”

The good news is you can view the EXIF data, and remove it to prevent predators from getting your location information. EXIF data will always be added to the storage of every picture you take; there’s no way to prevent this. But you can delete it.

Here’s how to prevent strangers from seeing your location information:

  • Select the image on your computer and right-hand click on it.
  • Select “properties.” You’ll find all the data here.
  • Go to the location, or EXIF data.
  • At the end of all the information you’ll see “Remove Properties and Personal Information.” This will wipe out the coordinates.
  • You should go through this process before posting photos online, because once they’re online, you can’t control who sees this information.
  • However, it will still be worth your while to strip this data from photos already posted online. For all you know, tomorrow is the day that a bad guy reads your location information, so today is the day to delete it.

Some people’s social media pages have an endless scroll of personal photos, including pictures of their children and teens. Be very selective of what you post online, and always delete the EXIF data before posting.

Save the pictures you don’t post for a hardcopy photo album. That way you’ll dramatically cut down on the time spent eradicating your location information, while increasing your online security.

Here’s some more tips to use location services safely:

  • Turn off the GPS function on your smartphone camera or digital camera. This is important if you are going to be sharing your images online. Instructions on how to turn off geotagging will vary, but we suggest referring to your phone or camera’s manual for further instructions on how to adjust this feature. You also might want to consider only letting certain apps (like maps) use your location data on your mobile device.
  • Check your privacy settings on social networks and photo sharing sites. Make sure that you are only sharing information with friends and family. Also, make sure that you only accept people into your network that you know in real life.
  • Be aware of the fact that the information you share on one social network may be linked to another.For instance, a photo you post to Twitter may automatically post to your Facebook profile. Because of this, it’s important that you check the privacy settings on all your accounts.
  • Finally, be careful about what images you’re sharing and when you are sharing them.Rather than uploading a picture that reveals your location the moment you take it, wait until you get home to upload it.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is a Hacker?

/in /by

You probably think you know what a “hacker” is, but the images portrayed in the media can be misleading. You may be thinking of a geeky-looking guy who causes peoples’ computers to get infected with viruses or cracks passwords to raid the accounts of big business. This is one kind of hacker, but in a broader sense a hacker is a person (male or female) who uses their programming skills and technical knowledge to create and modify computer software and hardware by finding their weaknesses and exploiting them.

11DHackers can be motivated by a number of reasons, both positive and negative. For instance, criminal hackers can create malware to commit crimes, such as stealing information and money, while other hackers are benevolent. They may work for big companies or the government in the name of protecting them from bad hackers.

It helps to be familiar with these general categories of hackers:

Black hat hackers

This is a hacker who gains unauthorized access into a computer system or network with malicious intent. They may use computers to attack systems for profit, for fun, for political motivations, or as part of a social cause. Such penetration often involves modification and/or destruction of data, as well as distribution of computer viruses, Internet worms, and spam.

White hat hackers

Also known as “ethical hackers,” white hat hackers are computer security experts who specialize in penetration testing and other testing methodologies to ensure that a company’s information systems are secure. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas.

Gray hat hackers

These are skilled hackers who sometimes act legally, sometimes in good will and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

In addition to these definitions, the term “hacker” is currently used to refer to any individual who deliberately tries to compromise a computer system—regardless of objective.

It may also simply refer to someone who likes to tinker around with the innards of computer systems, and it may also mean a really smart person who can solve any computer problem.

So, while you may have generally thought of hackers as criminals, the term actually describes a range of people with different technical skills and motives. That’s why it would be more helpful if we used the term with descriptors, such as “white hat hacker” or “criminal hacker,” so we have a better idea to whom we are referring.

After all, hackers shouldn’t have a bad reputation overall. They are usually very talented people and we need more of the good variety: white hats.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

State sponsored Attacks big Problem

/in , /by

The U.S. Office of Personnel Management, an identity database, was attacked by hackers rather recently, and they hit the jackpot: More than 21 million federal workers are at risk of identity theft for perhaps the rest of their lives, reports an article on forbes.com.

1DThe hackers from overseas now have security clearance documents for these employees that contain some very sensitive personal information. And nobody can take these documents away from the hackers.

That’s the problem with these centralized identity databases. It’s like all the loot is in one location, so that when the thieves strike, they get it all. And as the forbes.com article points out, not too many governments care to invest the money and energy in optimizing the security of these huge central databases. And it’s not just the U.S. with this problem. Other countries have also had either cyber attacks or big issues with their national ID systems.

On the security evolution clock of 24 hours, cybersecurity comes in in the last few seconds. Governments for eons have been very staunch about issuing security in the physical form, such as constructing walls and other barricades near borders.

But protecting a computer database from harm? It’s just not as prioritized as it should be. The forbes.com article notes that the cybersecurity of a country’s citizens makes up the whole of the nation’s security.

Seems like things will be getting way more out of hand before things start getting under control, if ever. In line with this trend is that hackers have, in their possession for all time, fingerprint data of more than one million U.S. security clearance holders.

Governments need to start focusing on protecting the cyber safety of all the millions and millions of ants that make up its nation, or else one day, the empire just might crumble.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

Twitters ups its Security Game

/in /by

Twitter recently announced its new tool to help with management and monitoring of its users’ accounts: the Twitter data dashboard.

7WAn article on lifehacker.com details what this new tool will offer. For instance, you will not need to use your real name on Twitter—and I have to admit, this is an odd way to promote the tool, because I’m sure that scads of Twitter users haven’t been using their real name for years. It’s not as though Twitter can tell that “Emily White” is really Sashea Fiopwieei.

Anyways, users will be happy that their privacy settings will let them control whether or not their tweets are kept public. You will be able to enable login verification to increase your account’s security.

The Twitter data dashboard can be accessed from the settings menu that users can find on twitter.com. It shows the user’s account activation details and recent login history. It also reveals any devices that have accessed the account.

This setup allows the user to review account activity in an expedient way and make sure that everything looks right.

Now suppose you notice login activity from an unfamiliar app. You can go to your settings and look for the apps tab and revoke the application’s access to your account.

The lifehacker.com article also points out that if you notice logins from unfamiliar locations, you can immediately change your password.

You also have the option for setting up login verification to add an extra layer of security to your account. Twitter’s new dashboard will let you manage your Twitter archive and control your address book contacts, among other items that you will have more jurisdiction over.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Mother Nature can ruin your business: Get ready for natural disasters now

/in , , /by

September is almost over. This means National Preparedness Month is nearing its end. Nevertheless, you must be prepared all year long to stay safe. National Preparedness Month culminates September 30th with National PrepareAthon Day.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294In the boxing ring, if you focus on the knockout punches too much, the quick sharp jabs are what may bring you down. This is how some businesses approach their security. They put too much emphasis on preventing that mountainous data breach, while smaller everyday threats sneak by.

Those smaller threats may be difficult to get at, and they can knock you out for good. A company may have all eyes on that Russian hacking ring, a fire or hurricane. But threats come in all flavors.

A business just can’t use all its artillery against the “big” threats, because this will create non-flexible tactics that unravel in the face of an unexpected threat.

Unless company leaders are psychic, they can’t anticipate every possible threat. But being narrowly focused is no good, either. Here are some tips on how to widen that focus and plan for disaster:

  • Certainly, gear up for the “big” threats like natural disasters and brick-and-mortar crimes. This includes having insurance plans, conducting evacuation training, and implementing additional protection like smoke detectors and fire extinguishers.
  • Create a list of as many possible threats you can think of. If you can conceive it, it probably can happen.
  • Come up with a backup location should your primary office location be rendered inoperable.
  • Create a core response team for any kind of disasters, and see to it that the members are easy to reach. Have a secondary team in place in case anyone in the primary core can’t function.
  • Establish post-disaster communication plans for employees, customers/clients and vendors. Have a list of backup vendors.
  • Create security plans that are flexible rather than rigid, and make sure they are regularly updated.
  • Back up all data. Have an onsite data backup as well as cloud backup.
  • Replace computers every 2-3 years. But don’t wait that long if the following symptoms of a croaking computer occur: odd noises during boot-up; things taking way too long; a blue screen.

The preparation and prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business for disasters, download Carbonite’s e-book, “Five Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

7 Ways to protect Yourself Online

/in , , /by

The biggest mistake that you can make to threaten your online safety is to treat the online world different—as far as your private information—than you would treat the physical world. In other words, if someone walked up to you and said, “Hi, can you please provide me with your name, address, birth date, home phone, cell phone, email, usernames, passowords all your friends names and all their contact info?” I think not.

9DWhat sane person would pass out cards with their Social Security number, birth date, full name, home address and bank account information to every stranger they walk past on the street? But essentially, that’s what many people do online.

Here are seven risky online behaviors:

  • Posting photos. As innocent as this sounds, photos of children have been known to get stolen and posted on child porn sites. Right click, save image as, then save to desktop; that’s all it takes. Does this mean never post photos of your kids? No. But save the picture of your naked two-year-old girl in the bathtub for your desktop. And don’t post vacation photos until after you return home.
  • Another thing about photos: Don’t post pictures of yourself engaging in activities that could come back to haunt you in some way. For example, you post a picture of yourself smoking while at a picnic. You apply for new health insurance and say you’re a nonsmoker. The insurance company might decide to view your social media pictures to catch you in the act.
  • Sounds innocent: You let your kids use your computer. But even if there are parental controls in place, your kids can still unknowingly let in a virus. Then you sit down to do some online banking…and the hacker whose virus is in your computer will then have your login credentials and bank account numbers, plus everything else. Ideally, you use a designated computer only for conducting sensitive online transactions.
  • A hacker sends (via bot) out 10,000 e-mails that are made to look like they’re from UPS. Out of 10,000 random recipients, chances are that a good number of them are waiting any day for a UPS shipment. This could be you. Will you open the e-mail and click on the link inside it? If you do, you’ll likely download a virus. This is a phishing scam. Contact the company by phone to verify the e-mail’s legitimacy. Better yet, just never click on the doggone links.
  • Do you know your apps? They most certainly know you—way too much, too. Applications for your phone can do the following: read your phone’s ID, continuously track your location, run your other applications, know your SIM card number and know your account number. Before downloading an app, find out what it can find out about you.
  • Don’t take silly online quizzes. Whoever’s behind them might just want to get as much information on you as possible with the idea of committing identity theft. Got some extra time? Read a book or do a crossword puzzle.
  • Never conduct business transactions using free Wi-Fi unless you have a virtual private network. Otherwise, anyone can cyber-see what you’re doing.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

A new kind of home security. Smart, voice controlled and autonomous

/in , /by

One of the reasons you—and many others—don’t have your alarm on during the day is because you know you’ll keep forgetting to turn it off every time you want to step into the garage or go outside. So you just keep it off. And that’s not smart because many home invasions and burglaries occur during daylight hours.

ANG1Typically, home security systems require you to push buttons.

  • What if you panic and forget the code?
  • What if you accidentally disable it?
  • What if your naughty visiting nephew messes with it?

It’s high time for the kind of home security system you’ve seen on ‘The Jetsons’—one that’s activated automatically when you leave your home.

Enter Angee—an up-and-coming company devoted to a smart, voice-controlled home security system.

What can Angees system do for you?

  • Say so long to those unsightly wall keypads where you might accidentally hit the wrong button.
  • Kiss goodbye to having to remember numerical codes, worrying if your elderly parent will remember it and worrying if a burglar could crack it.
  • By detecting the Bluetooth signal from your phone, Angee will automatically arm when you leave, and disarm when you arrive home.
  • As a backup method of identification should you lose your phone, or the battery run out, you can use voice recognition to disarm Angee. This can also be used for two-step authentication if you want to be extra secure.
  • Enjoying your private moments? Don’t want Angee to observe? Just say “Turn away.” You can even set Angee to automatically activate privacy mode when specific people are present at home.

Video Surveillance

  • Instead of cameras trained on one spot, Angee’s surveillance will respond to motion and rotate to face it. This allows Angee to capture events, wherever the action is. This way, an intruder will not be able to avoid camera range.

Angee Knows Youre Coming

  • When Angee is paired up with your smartphone, it will perform commands once you get near enough to your house after being out. So if you want the alarm to be disarmed as you approach your front door, Angee will do this—because it will detect when your mobile device is within a certain range.

There is a working prototype and the team behind it is on Kickstarter right now asking for your support to start serial production and make the future of smart home security reality: http://meetangee.com/get/08a33a.

Robert Siciliano personal and home security specialist to Angee. Learn more about Angee in this Video. See Disclosures.

Finding out which Employees keep clicking on Phishing E-mails

/in , /by

You have the best IT security, but dang it…the bad guys keep getting in. This means someone inside your house keeps opening the back door and letting the thieves slip inside. You have to find out who this enabler in your company is, and it may be more than one.

11DThey don’t know they’re letting in the crooks, because the crooks are disguising themselves as someone from your company or a vendor or some other reputable entity.

After figuring out who these welcome-mat throwers are, you then have to continuously keep them trained to recognize the thieves.

So how do you locate these gullible employees? The following might come to mind:

  • Create a make-believe malicious website. Then create an e-mail campaign—toss out the net and see how many phish you can catch. You must make the message seem like it’s coming from you, or the CEO, or IT director, a customer, a vendor, the company credit union, what-have-you.
  • You’ll need to know how to use a mail server to spoof the sender address so that it appears it really did come from you, the CEO, IT director, etc.
  • This giant undertaking will take away good time from you and will be a hassle, and that’s if you already have the knowledge to construct this project.
  • But if you hire an extraneous security expert or phish-finder specialist to create, execute and track the campaign, you’ll be paying big bucks, and remember, the campaign is not a one-time venture like, for example, the yearly sexual harassment training. It needs to be ongoing.
  • What leads to a data breach is that one doggone click. Thus, your “find out who the enabler is” should center on that one single click.
  • This means you don’t have to create a fake website and all that other stuff.
  • Send out some make-believe phishing e-mails to get an idea of who’s click-prone.
  • Set these people aside and vigorously train them in the art of social engineering. Don’t just lecture what it is and the different types. Actually have each employee come up with five ways they themselves would use social engineering if they had to play hacker for a day.
  • Once or twice a month, send them staged phishing e-mails and see who bites.
  • But let your employees know that they will receive these random phishing tests. This will keep them on their toes, especially if they know that there will be consequences for making that single click. Maybe the single click could lead them to a page that says in huge red letters, “BUSTED!”
  • This approach will make employees slow down and be less reflexive when it comes to clicking a link inside an e-mail.
  • Of course, you can always institute a new policy: Never click on any links in any e-mails no matter whom the sender is. This will eliminate the need for employees to analyze an e-mail or go “Hmmmm, should I or shouldn’t I?” The no-click rule will encourage employees to immediately delete the e-mail.
  • But you should still send them the mock phishing e-mails anyways to see who disregards this rule. Then give them consequences.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.