How to Stop Your Cellphone from Getting Hacked

If you are like most of us, you probably have a password, antivirus program, and a firewall for your home computer to protect it from hackers. Are you doing the same thing for your phone?

From 2015 to 2016 malware infections on smartphones swelled by 96%, and about 71% of the smartphones out there do not have any software at all to protect them. What does that mean for you? It means the odds are against you when it comes to getting your phone hacked. Luckily, there are some things you can do to protect your mobile phone from hackers:

  • Update Your Operating System – Many people skip updates for some reason. Don’t put it off. Most of these updates contain security fixes that your old operating system didn’t have.
  • Put a Lock On It – If your phone doesn’t have a passcode on it, it’s like leaving the front door of your home open for burglars. Hackers will get in; it’s just a matter of time. If you can, use a biometric method, like a swipe or finger tap. In addition, set up a good passcode. Make sure it’s totally unique and nothing a hacker can guess, like your address or birthday.
  • Use Caution with Public Wi-Fi – Public Wi-Fi is great, in theory, but it can also be dangerous, as it is very easy for hackers to access your info. It’s usually pretty safe to use a public Wi-Fi connection for things like catching up on the news or watching a movie, but don’t put any personal information into your device such as your banking password or credit card number.
  • Check Up On Your Apps – Hackers often use phone apps to access data. So, to make sure you are really safe, make sure to delete any apps that you aren’t using regularly. An outdated app can be dangerous, too, so make sure to always update when one is available. Also, only download apps from reputable sources like Google Play and iTunes.
  • Use a VPN – Finally, use a VPN, or virtual private network. This will encrypt your information when you use it over a public network. They are free or cheap, usually $5 to $30, and that small investment is definitely worth it for your safety.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

7 Ways to Prevent Getting Locked Out of Your Home

Be honest. Do you have a key to your house under your doormat or a flowerpot? If you do, you might as well put a sign out that says “Come rob me.” This isn’t to say you shouldn’t have a key somewhere, though. After all, you might need it one of these days. However, there are better places to hide your house key:

  • In a Lockbox – A key lockbox is a good idea. These have a combination that you will need to get into it, but, of course, you have to remember that combination.
  • In Your Car – You also might consider leaving an extra house key in your car. The glove compartment or under a floor mat are good options. Even if someone breaks in, they aren’t going to be looking for a house key.
  • In a Fake Rock – You can also use a fake tock to hide your house key, as long as it looks like a real rock, and as long as it blends in. If the fake rock stands out like a sore thumb, it’s not one that you should use.
  • Under the Siding – Hiding the house key under your siding is another method to consider. Tie thin wire or strong string to the key, and then push the key under the siding so that only the string hangs out. When you need it, simply pull the string.
  • At Another Home – Do you have neighbors that you trust? If so, consider hiding the key at their house, and then offer to allow them to hide their key at yours. Even if their key is discovered, it won’t work in your locks.
  • Upgrade to an Automatic Garage Door – If you can access your home through the garage door, consider a keypad for the garage. Then, you can simply use a code to open it. Just be cautious that you aren’t sharing the code with anyone and everyone.
  • Ditch Your House Key – Finally, consider upgrading your locks to a key-coded lock. These programs can be programed at anytime and anywhere, and they aren’t super expensive. The simplest locks are about $35, and go up to a couple of hundred, depending on the features. This will definitely solve all of your house key problems.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to Delete Yourself from Social Media

Have you been thinking that it’s time to make the drastic choice to remove yourself from social media? Most of us were quick to join the social media bandwagon, but these days, you might have worries about privacy. Though it’s possible to delete yourself from social media, the process isn’t easy, and it might not be totally foolproof.

Why Do You Want to Leave?

Before getting into how to delete yourself from social media, it’s important to ask yourself why you want to leave. Experts say totally deleting yourself might not be the best move. For instance, a potential employer, who will more than likely search for you on social media sites, especially LinkedIn, might wonder what you are trying to hide. There is also the fact that removing yourself from social media can make you look boring, unhip, or illegitimate.

Deleting Your Accounts

If you are sure that you want to delete your social media accounts, there are sites that you can use to find out how. These include:

Are Deleted Accounts Really Deleted?

Even if you have deleted your social media accounts, it’s important to make sure that you are fully deleting them or simply deactivating them. Some sites, even after you delete the accounts, will continue to retain the data you supplied.

Delete All Social Media, Not Just The Big Four

If you are serious about deleting your social media account, make sure that you are looking beyond the big four: Facebook, Twitter, LinkedIn, and Google Plus. Other sites have your data, too, including sites like Flickr, dating sites, blogs, support forums, Amazon, eBay, etc. There are also old social media sites you might not use anymore, like MySpace. Whether you have signed in lately or not, your old MySpace could be lurking out there.

What You Will Lose…and Gain…From Deleting Social Media Accounts

You will lose and gain when you delete your social media accounts. You stand to lose your marketing presence, for one, and you might not be able to go back. You also might lose touch with friends and family, or your sense of community. On the flip side, though, you will gain more time and probably have less anxiety.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Are you Scam Aware or a Sitting Duck?

You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

Do You and Your Staff Know What To Avoid?

Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

  • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
  • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
  • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

Reporting Scam Attacks

It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Half of American Adults on FBIs Biometric Database

Here’s a bit of a shock for you: about half of all adult Americans have a photograph stored in the FBI facial recognition database. What’s even more shocking, it is that these photos are being stored without the consent of the individuals. Approximately 80 percent of the photos the FBI has are of non-criminals, and might take the form of passport or driver’s license photos. Furthermore, there is a 15 percent rate of inaccuracy when matching photos to individuals, and black people are more likely to be misidentified than white people.

You can’t deny that this technology is very powerful for law enforcement, but it can also be used for things like stalking or harassment. There is also the fact that this technology allows almost anyone to scan anyone else. There are no laws controlling it, either.

If you think that’s scary, consider this: The technology to do this has been used since around 2010, and the FBI never informed the public, nor did they file a privacy impact assessment, which is required, for five years. Where is the FBI getting this information? From the states.

Basically, the FBI made arrangements with 18 different states, which gives them access to driver’s license photos. People are not made aware that the FBI has this access, nor are they informed that law enforcement from across the country can access this information.

Just last year, the GAO, which is the US government accountability office, took a look how the FBI is using facial recognition and found that it was lacking accuracy, accountability, and oversight. They also found that there was no test for a false positive nor racial bias.

What’s even more interesting is that several companies that develop this technology admit that it should be more tightly controlled and regulated. For instance, one such company, and the CEO, has said that he is “not comfortable” with this lack of regulation, and that the algorithms that are used commercially are much more accurate than what the FBI has. But, many of these companies are not willing to work with the government. Why? Because they have concerns about using it for biometric surveillance.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Getting Owned or Pwned SUCKS!

A well done New York Times article recently re-introduced this topic to the masses. Being “owned” isn’t new, but the term is not becoming part of popular culture. If you use the internet or are often on social media, odds are good that you have been OWNED. Whether you are called out for a misspelling on your latest Facebook post, or you were proven wrong after sharing a “fact” or post from another site…you have probably been owned.

The word “owned” comes from the hacker world, and real “ownage” is not just about proving you wrong. You might also see it as “pwned,” which is pronounced “poned.” It is actually about stealing your private information, and then shaming you or diminishing your worth as a person. The best at “owning” can actually control your virtual presence.

Take a look at the email hacking scandal that Hillary Clinton went through during the 2016 presidential campaign. Though there was nothing of consequence found in those emails, the act of being hacked, or owned, alone, could have been the reason she lost the election.

Take a look at President Trump, too. You have surely noticed that he is doing his best to own as many people and even foreign governments as he can. Owning is a form of “one upping” and it can get nasty.

Getting owned is nothing new. In fact, Aristotle even talked about similar acts. Today, we just do it virtually.

In the case of hacking, when a hacker owns someone, they are showing that they have superior abilities. The word is also used in the gaming community to describe the act of mastering game play or besting opponents. Of course, we also use the word owned in the real world, when we drop a well-timed joke or have the opportunity to prove another person wrong. You might have even owned someone yourself.

Ownage equals power, and the concept of ownage is constantly evolving. The most successful owns are those that target the know-it-all; people who think they know more than they actually do. However, if you start owning, you simply set yourself up to be owned…and that really SUCKS.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Smart and Easy Ways to Protect Your Digital Life

Even if you don’t realize it, your identity is all over the internet. Whether you posted to an internet forum in 1996 or you ever had a MySpace page, this information is still out there, and you have to protect it. Here are some simple and easy ways that you can protect your digital life:

  1. Change Passwords – The first thing you should do is make sure you are regularly changing passwords. Make your passwords difficult to guess, and a mixture of letters, numbers, and symbols. Also, make sure that you are protecting your account when resetting passwords. For instance, you should have to answer “knowledge based authentication questions” before making a change.
  2. Take a Look at Account Activity – Many companies allow users to check out their recent activity. Google, Facebook, and Twitter are three examples. If something seems out of place, report it, immediately.
  3. Close Accounts You Don’t Use – Do you have an old MySpace page? Did you start a Blogger and never use it? If so, go and delete those accounts before they get hacked.
  4. Don’t Share Too Much – What do you share online? Are you getting too personal? Hackers can use personal information, such as your birthday, or even favorite sports team, to get into your accounts. This is especially the case if you choose to use this information in your passwords or in your password reset or knowledge based authentication questions.
  5. Use a VPN – With all of the talk about internet security making headlines, the safest way to access public Wi-Fi is through a VPN. A VPN, or virtual private network, encrypts your information.
  6. Don’t share account passwords – STOP THE MADNESS! Though you might think it’s cute to share a social media account with your spouse, it’s also dangerous. The more people who have access to your accounts, the higher the chances of getting hacked.
  7. Choose Trusted Contacts – Make sure to choose a couple of friends or family members as trusted contacts. That way, if you get kicked out of your social media accounts, they (meaning their email or mobile#) can help you get back in.
  8. Update All of Your Software – Finally, make sure that you are updating all of your software such as your OS, apps, or even Office docs when prompted. Don’t let those updates wait. Many of them contain important security updates, too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Busting Down the Door: 12 Ways to Stop Burglars from Entering Your Home

There is no such thing as a home that is fully burglar-proof, but there is also no such thing as burglars who have the skills of Ethan Hunt from Mission Impossible. With the right security in place, you can get your home almost burglar-proof.

When most people think of security, they only think of a few devices, and though they are great to have, they don’t protect you fully. Yes, you might have fake looking cameras that deter thieves, but what about those who try to get in anyway. Kicking the door in, which is an easy way a criminal gets into a locked home, can still be done. The only thing separating a burglar from getting in through a locked door is half inch pine molding. A 12 year old boy can kick in a door easy enough. You need to beef up your doors.

Here are some door reinforcement devices that can help:

  • Deadbolt/door knob wraps – these strengthen the immediate area around the lock
  • Door bar jammer – fits snuggly under the doorknob
  • Door brace – device that makes it more difficult to kick a door down
  • Door frame reinforcement – installed on the door jamb and made of steel

You can also use commercial kits like the Door Devil. This is a kit that contains a device made of heavy steel. It is installed over the door jamb, and is screwed directly into the frame. The system is easy to install, and it will add another level of protection to your home. When you combine this with other types of security, such as motion detection lights, surveillance cameras, and a security system, it will be very difficult for burglars to enter.

Here are some more general tips to keep your home more secure than ever before:

  1. Always keep your doors locked. Keep them locked when you are home and even during the day.
  2. Always keep your windows locked. This includes those on the second floor. A burglar can certainly climb.
  3. Keep the blinds and curtains closed. This helps to ensure that no one can look into your home to check out your valuables.
  4. Use top-flight locks and door reinforcements.
  5. Install security films on your windows. These will help to give the panes strength and will prevent penetrating objects from coming in, such as crow bars and baseball bats.
  6. Collect your mail and newspapers as soon as possible when they arrive.
  7. Give your home that ‘lived-in’ look with a system for home automation turning lights on and off.
  8. Place men’s work boots at the front or back door and make sure they look worn and scuffed. If you park your car out in the drive, place men’s gloves on the dash. If burglars see this, they will think twice as they will believe there is a large man in the home.
  9. Place a large dog bowl by the door, and make sure to make it look realistic. Add chewed up dog toys or a leash to the area, too.
  10. Make sure to trim shrubs that are hiding home entry points.
  11. Go to Google News. Type in your city and state along with the phrase “door kicked in.” You will likely be shocked by what you find. This will be more motivation to protect yourself.
  12. Make the investment into a beefy home security system. The best systems offer full alarm and police station monitoring along with cameras providing a clear view of what is happening in your home when you aren’t there. You can watch right on your mobile device.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Hire an Ethical Hacker NOW!

You might think it’s crazy to actually hire a hacker, but if you don’t have an ethical hacker on your security team, you could be playing a dangerous game.

Ethical hackers are called “white hat hackers” and are legal hackers, that help businesses find security problems in their networks. Developer and security teams, who build out codes, should have a white hat hacker on their side. This way, they will know from the start if the code is vulnerable. This is also known as “application security”.

How Important are Ethical Hackers?

How important is this? It’s so important that even the largest companies in the world are using this practice. Take Microsoft, for instance. They host a competition for white hat hackers, and challenge them to find any bugs present in their codes. This is called a “bounty”. On participant, was able to bypass every single security measure that Microsoft had in place. Can you imagine what would happen if he was one of the bad guys?

This type of security solution should be the first line of defense for your company, as they expose the risks that your company might have. Additionally, many companies used white hat hackers to ensure that they are complying with legal standards, such as HIPAA.

Wouldn’t Security Audits Work?

A security audit is basically a checklist for what a network has and doesn’t have in place. There’s not rubber on the road. Ethical hacking is a real world test. A security audit isn’t. The job of a white hat hacker is to find as many holes in the code as possible, and then report them back to the company. Another benefit of using an ethical hacker is that the information they provide helps to enhance the detection quality of products. An audit probably wouldn’t find this information.

What Does it Mean For Your Company?

Before anything, it’s important that you realize that an ethical hacker can help you and your business. A strong security program must focus on both the security of the code and the program’s security as it runs. This is where an ethical hacker will be most beneficial. Of course, it’s best to get the coding right the first time, but mistakes happen, and this is where a white hat hacker can make a huge difference.

So, the next time you talk about staffing, remember to bring up the addition of a white hat hacker. It could be the difference between keeping your data safe or being the victim of a real hacker.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

The Best Gmail Phishing Scam Ever!

If you use Gmail, pay attention! Security experts have announced that there is a very effective phishing scam out there, and you are a target. This scam, which has only been growing over the past couple of months, is also hitting other email providers, too. However, it’s quite difficult to detect.

According to researchers at WordFence, who make a security tool for WordPress, this is a pretty serious attack and can have quite an impact, even for those who are up on security.

Here’s how it works:

You get an email from someone you trust…like a friend or family member or Google. The email, however, is actually not from them. It just looks like it is. Attached to the email is an attachment, which, when opened, links to a fake Google sign-in page. Everything about this Google sign-in page looks legit…but the address in the address bar is not…and here’s where it gets tricky. The address bar actually has a URL that looks real: https://accounts.google.com. However, before that address is whats called a “data URI”. Google it. This is NOT a URL. Instead, it allows the hackers to get your username and password as soon as you enter them into the fake login screen. To make things even worse, once they sign into your actual inbox, they use your information, including attachments and emails, to target your contacts.

Protecting Yourself From This Scam

If you are a Google Chrome user, you can protect yourself by taking a look at the address bar before clicking anything. A green lock symbol is your indicator that it is safe to browse. However, there are some scammers out there who have created their own site that are HTTPS-protected…which also means they will have a green lock. So, also take a look at the address.

Another thing that you can do is add in two-step authentication, which is an extra layer of security. Ultimately, it will help to lower the odds that your account will be compromised. You also might want to consider a security token, as well. If you don’t use two-step authentication with every account that offers it (Facebook, Twitter, iCloud etc), you’re a bit foolish my friend.

Google is aware of the issue, and they are working on improving security for their users. In the meantime, remain vigilant as you browse.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.