Are Your Devices Spying on You? Here’s How to Stop It

Though you might not realize it, your electronic devices are probably spying on you. These things, like your cell phone, know everything from what you are reading to where you are at any given time. How do they know it? Well, many times, you actually give the device and its apps permission to collect the information. . And while some of the following instructions are somewhat “limited”, setting up privacy requires a little bit of digging. So, dig in ! Here’s how to stop it:

Stop Your Laptop from Spying

Windows

Do you use Windows? If you do, you can limit what you share by going to “Settings” and clicking “Privacy.” Here, you can enable or disable settings for the apps you have on your laptop. You have to do this each time you install a new app.

Macs

Are you using a Mac? If so, you can definitely limit how much information you send to Apple by clicking on the Apple menu, choosing System Preferences, and then Security & Privacy. In the “Privacy” tab, you can see information on what apps can share. When you click “Analytics,” you can see more. Keep in mind that if you install a new app, you need to do this again.

Chromebook

Google is well known for its love of collecting data, so if you have a Chromebook, you should really pay attention. Go to “My Activity,” and then delete anything you want. You can also stop some of the devices data collection by choosing “Manage Your Google Activity,” and then clicking “Go to Activity Controls.”

Phones

As with laptops, you can do the same with a cell phone.

Android

If you own an Android phone, choose “Google,” and then choose “Personal Info & Privacy.” Then choose “Activity Controls.” There, you can choose what to share. As with the laptops, you have to update this each time you install a new app.

iOS

If you own an iPhone, you can find a Privacy setting when you look at the Settings menu. Open this, and then click on “Analytics.” This allows you to see what you are sharing with Apple. You can easily toggle it all off if you like. For every app, you can go back to the “Privacy” settings, and then check these settings for every app you have on your phone.

Fitness Trackers

You might be surprised to know that your fitness tracker could also be spying on you. Apps like FitBit and Strava are controlled through the Privacy and Settings options on your phone, but there is more you can do, too.

FitBit

On the FitBit app, you can tap on your profile, and then the account name. Tap on “Personal Stats,” and then “Settings” and “Privacy.”

Strava

On the Strava app, click on “Menu” or “More,” depending on what type of device you have. Then, choose “Settings” followed by “Privacy Controls.”

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Your Photos Are Displaying Your GPS Info!

During the holiday season, people are constantly posting family photos online, especially photos that contain kids. Sure, you think your kids are the most adorable out there, but do you really want the entire world to have access to these pictures? Do you want everyone to know where you live? …and did you know this? When you put photos like this online, pedophiles and predators can get your GPS coordinates.

You might want to put up a photo of your kids and dog opening their gifts on Christmas morning or you and your spouse toasting the New Year, but creeps can easily access the exact location each of these photos were taken, and it’s easier to do than you might think.

How is something like this possible? Each time you take a photo with a digital camera or a smart phone, it creates data called EXIF, of “exchangeable image file format.” This data essentially geotags your photo with the GPS coordinates of where you took the image.

If you remove this data, however, the bad guys can’t see where you are located. However, you have to do this for each and every new photo you want to post online.

How to Remove the EXIF Data

Here are the steps that you should take to remove the EXIF data:

 iPhone:

  1. Locate the picture on your iPhone.
  2. Open it, and tap the Share button.
  3. Tap on Options and in the next pane (up top), toggle off Location and/or All Photos Data.

Android:

From Google Play download the free app Photo Metadata Remover

Windows:

  1. First, right click on the image.
  2. Choose “Properties” to see the data, which should include the time and date that the image was taken.
  3. Click “Details.”
  4. Click “Remove Properties and Personal Information.” This is where you delete the EXIF data.
  5. You might be confused because you don’t see longitude and latitude here, but rest assured, it’s there. All you have to do to see it is to download an EXIF reader.
  6. You can make a copy of the image, which will remove data, or you can manually delete the data.

Mac

Download and run ImageOptim software for Mac

Remember, you have to delete this before you post the photo on the internet. You also might want to consider going back and doing this for all of the photos you have posted.

Obviously, doing this before you post a photo is the easiest way to go about protecting your information, and it will make you much more selective on what you put on social media, as you probably don’t want to have to go through these steps each and every time you post.

Here are some additional tips:

  • Turn off the GPS option on your camera
  • Check out the privacy settings on your social media accounts. Who can see it? Can a stranger?
  • Also, remember, that if you post on one network, like Instagram, the photo might also appear on another network, like Facebook, which has different settings.

This is one of those things that people just don’t even realize is happening. Don’t worry but do something about it now. If you have a lot of photos online, you might be panicking. It’s probably okay, but make sure you change your habits going forward. Also, if you know anyone who posts a lot of personal photos online, make sure they know about this, too.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Are you a Target of a List Scam? WARNING: You Probably Are

You might not realize it, but there are scammers out there that are focused on conference attendees and exhibitors. What do they want? They want money wires, credit card numbers, and any personal information that they can use to steal a person’s identity. One way that a scammer can get this info is by using an invitation scam or a list scam.

scamBasically, if you are a person who is registered for a conference, if you are a conference vendor, or if you are speaking at a conference, you might receive an email…or a number of emails…that invite you to attend a conference. They might also offer to sell you a list of people who will attend the conference, and their contact information. This, of course, could be beneficial for you, but it is too good to be true? It certainly is.

Lists Like These are Lies

With these scams, many people are targets, as well as associations. If you do an internet search for “Attendee List Sales Scam“, you will find a number of associations that have members and those interested in marketing to members, which are targeted by a criminal or criminals to purchase lists that don’t exist.

It may sound great to get a list like this, which will give you access to this information, including contact information for attendees. But they are all lies. On top of this, getting this info might even be illegal.

Consider this for a moment…when you sign up for a conference, did you opt-in to have your personal info shared with other people? Likely not, and that may also mean that other attendees didn’t do this, either.

To find out if a list might be legitimate, look at the policies for the conference. Do they give info to third parties? Do they sell or rent these lists? Is the company name that contacted you on the list of third-party vendors? If all of this seems legitimate, the list is probably fine…but if not, it’s a total lie.

If you believe that you are dealing with a liar, the first thing you should do is contact the Better Business Bureau online and find out if the company is legitimate, or not. If it is a scam, you can read information and reports from other people. If it is not a scam, but you are not interested in anything from them, simply mark the email as spam. If you believe you are dealing with a scammer, considering letting the association or meeting planner aware of the scam, or, don’t do anything. Instead, delete the email. In most cases, these scammers are just looking for an active email address, and if you reply or unsubscribe, they will know your email is active.

Other Conference Invitation Scams

Another type of conference scam is when attendees are told about exhibitors that don’t exist. This might push people to sign up for a conference, when in reality, those exhibitors won’t be there. In some cases, you might even find that the conference itself won’t be there! Instead, they are just fishing for your information by telling you a great exhibitor will be there.

So, if you are in this situation, the first thing to do is to start researching. First, look up the name of the person who contacted you online. See if they say who they are. Look for their LinkedIn profile, or look for reviews on them. You can also contact the venue where the conference is set to be held. Ask if the conference will be there. Before you send your fee, look to see if there is any cancellation or refund policy in place. You also should do some research about the company’s reputation. Finally, make sure that you only pay for a conference with your credit card. This way, you won’t be held liable for the fee if this is a scam. You can get your money back, and all legitimate conference companies will be very happy to take your credit card and all credit card companies will refund your money as long as you detect the fraud in short order.

Even More Scams

There are even more scams to be aware of, too. One of these is when a scammer begins to contact attendees about hotel reservations. However, once you pay, you find out it’s a scam. Typically, a scammer who does this scam contacts the attendees and explains that they are a representative for the hotel hosting the conference. They then tell you that their rates are rising quickly, or that rooms are close to selling out, so you must act quickly if you want a room. Of course, they can take all of your information over the phone, including your credit card number. Once you do this, you have just given a scammer all of the information they need to start spending.

If you are in doubt, you can contact the organizers of the trade show directly, and then ask who is booking it. If things don’t sound legitimate, you should give them the name of the company you believe is scamming you so they can pass off the information to others.

Understand Your Options

  • It is imperative that when you sign up to attend or present a conference that you only interact with the company that is running the conference.
  • If you have any doubts you can confirm with the company that the offers you are getting from the third-party are correct.
  • You also can get an official list of official vendors from the meeting planner.
  • Keep in mind that any legitimate company might have your personal info, but they won’t release that information to third parties without your permission.
  • Sometimes an exhibitor might get the mailing address of an attendee. You can opt out of this, though. It might be harmless, but that doesn’t mean all of them are.

Wi-Fi Hacking

Finally, you want to keep an eye out for Wi-Fi hacking. This common scam targets conference goers, too. When you go to a conference or a trade show, you can connect to the free Wi-Fi, right? This allows you to stay connected, and also ensures everything runs smoothly if you are running a booth. Hackers, of course, know this, so they create and set up fake networks. Once these are set up, you can connect to them without even knowing…and then they have

access to your device. They can then take your info and watch what you are doing online. Utilize a VPN to prevent any Wi-Fi intrusions.

Remember, these fake networks look very similar to real networks that might be set up by the conference. So, you always want to double check before you connect, and if you are in doubt, ask one of the organizers which one is legitimate. They can confirm the network for you.

There are always scammers out there, especially when you are going to a conference. There are simply too many opportunities for scams for them to pass this up. Fortunately, you can follow the advice above and make sure that you report any suspicious activity. Not only can this protect others, but it can stop scammers in their tracks.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Security Appreciation: Cyber Security

Awareness; knowledge or perception of a situation or fact.

Appreciation; a full understanding of a situation.

Cyber Security Appreciation

“My business has been hacked. Now what?” Here are the steps you should employ immediately.

Hire a Professional – When a business is hacked, it is entirely possible they were compromised because they did not employ technicians to prevent it in the first place. Therefore 3rd parties that specialize is security and breach mitigation should be contacted immediately. These IT security professionals specialize in prevention and containment. Their role proactively is to seek out vulnerabilities by utilizing vulnerability scanning software to seek out points of entry and patch those vulnerabilities prior to an intrusion.

Change and Reset Passwords – Many hacks begin with compromised passwords. Easy to guess/easy to hack/easy to crack passwords make the hackers job, well, EASY. Never using the same password twice, and utilizing upper case, lowercase and characters along with using a password manager ensures password security.

Update All Software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats. Maintain redundant networked hardware systems in place, backed up data, contingency plans to put duplicate systems online immediately following a breach.

Update Your Companies Hardware – Old outdated hardware simply can’t keep up with the requirements of newer robust software or the security software required to keep networks secure.

Back Up All of Your Data – You have to make sure that you are regularly backing up data to a secure location. This data should also be encrypted.

Manage All Identities – Make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable.

Utilize Multi-Factor Authentication – You can use multi-factor authentication to keep accounts protected, too. This means every time a device or an online account is accessed, an additional text message must be sent with a one-time pass code or a one-time pass code sent to a key fob. There are hardware devices available that are also forms of second factor or multi factor authentication.

Security Awareness Training – Assuming employees know what to do and more importantly, what not do, is risky. Providing effecting ongoing security awareness, and in the authors opinion “security appreciation training” is partnering with employees to protect the network.

Patching – Set up a system so that you can always ensure that your hardware and software is always patched and updated on a regular basis. This helps to keep your data safe.

Align Your IT Security with Other Business Security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and keeping all types of security in mind including IT security, has a direct impact on revenue.

Recognize Social Engineering Scams – Every time the phone rings, every time an email comes in, every time an employee opens up a US postal letter, be suspect. Criminals contacting you or employees will try to bamboozle them with gift card scams, utility bills scams, invoices for products and services, you name it. There are thousands of scams designed to fleece consumers and small businesses.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.