What’s the best Antivirus for You

There are so many things to consider when it’s time to purchase antivirus software, but don’t let all the options overwhelm you. Take your time and don’t get too fixated on every little detail. Some systems will definitely conform more to your needs than others. But many people simply go with what seems to be the most popular or reputable antivirus company.

6DKnow this: A reputable company will have a warranty and offer refunds, and will also include with the service a phone-based technical support.

That said, if you have kids, you’ll want a software that provides parental monitoring. Such software can do many things including tracking the websites your kids are visiting.

Or, if you’re leery of anything related to “the cloud,” you’ll want the so-called installation software rather than cloud-based: You download this, install it and it goes to work. BUT, the clouds fine. Stop worrying.

Another variable is if you’re looking to protect a business network rather than a home network, as some antivirus plans are designed more for one or the other. Yes, there’s a difference.

For instance, a program that’s designed for a business will respond very quickly to data breaches at any time. Another program might be formulated more to fit the individual who deals with large amounts of very sensitive data, whether at the workplace or at home.

Another factor to consider is the type of device you want protected. Is it a Mac? A PC? A cell phone? In the world of antivirus software, one size does not fit all.

There’s really a lot of companies out there providing antivirus software. Before you commit to any one particular service, make sure you’ve already drawn up what your specific needs are for cyber protection. For instance, you may need a service that provides the entire gamut: You have children; you run a business out of your home; you deal daily with very sensitive data.

Cybersecurity is relatively inexpensive, and payment plans are flexible. A common plan is to pay a yearly subscription. Others are a one-time payment. Some companies offer different packages at different prices.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Protect your small business against viruses with these tips

It is September and it’s National Preparedness Month—a great time to get involved in the safety of your community. Make plans to stay safe, and this includes maintaining ongoing communications. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

6DI learned in high school biology class that one of the things that distinguishes life forms from inanimate objects is that living things replicate. Therefore, a computer virus is, well, alive; it replicates itself. It’s alive enough to cause billions of dollars of destruction from the time it attacks a computer network until the disaster is cleaned up.

But just what is a computer virus?

Not only does this nasty program file duplicate itself, but it can spread to other computers without human involvement.

Unlike a virus with DNA, a tech virus usually doesn’t produce symptoms to give you an early warning. But it’s hell-bent on harming your network for financial gain.

Though a virus is malicious, it may impersonate something harmless, which is why the user lets it in. One type of virus is spyware— which allows your computer to run smoothly as always, while the spyware enables criminals to watch your login activities.

Though viruses often corrupt in secret, others can produce symptoms including:

  • Computer programs and smartphone applications open and close spontaneously.
  • Computer runs very slowly for no apparent reason.
  • Someone you know emails you about the global email you recently sent out promoting a product you have nothing to do with.

You can protect yourself or your business from a virus in the following ways:

  • A malment is a common way to let a virus into your computer. This is a malicious attachment that, when clicked, downloads the virus. The email message tricks employees into clicking that attachment. Unless it’s been confirmed by the sender that you’ll be receiving an attachment shortly, never open attachments. Or at a minimum, scan them with antivirus software.
  • Never open an attachment sent out of the blue by the IRS, company bank, credit union, medical carrier, etc.
  • Apply the above rules to links inside emails. A “phishing” email is designed to look legitimate, like it came from the bank. Click on the link and a virus is released. Or, the link takes you to a site that convinces you to update some login credentials—letting the hacker know your personal information.
  • Never use public Wi-Fi unless you have a VPN (virtual private network) encryption software.
  • All devices should have continually updated security software including a firewall.
  • Browser and operating system as well should be updated with the latest versions.
  • Prevent unauthorized installations by setting up administrative rights.
  • Employees, from the ground to the top, should be aggressively trained in these measures as well as bring-your-own-device protocols.
  • Back up your data. Why? Because when all else fails and your data and devices have been destroyed by malware, a cloud backup allows you to not only recover all your data, but it helps you sleep at night.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how malware works and other tricks that cyber thieves use. To learn more about preparing your small business against viruses, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

The Role of Antivirus Software

The purpose of antivirus (AV) software is to detect, neutralize or eradicate malware (malicious software).

6DAV software not only will identify and destroy the computer virus, but it’s also designed to fight off other kinds of threats such as phishing attacks, worms, Trojan horses, rootkits and more.

How does AV software work?

  • It will first scan (either on automatic timer that the user selects or manual) the computer’s files to seek out any viruses that fit the description that’s in a virus dictionary.
  • Using a method called heuristic analysis, it will also try to detect suspicious activity from any program that might seem to be infected.

Antivirus programs come in different flavors, but the common denominator is that they seek out viruses and other malware, and neutralize them.

The computer’s hard drive and external drives are also included in the scanning process.

What’s really important is that you make sure that your AV software is set for automatic updates—and on a daily basis at that—so that any new viruses or malware can be quickly pounced upon and rendered disabled.

Cybercrimes are more prevalent than ever, says the McAfee Threat Report. Check out some findings:

  • Fairly recently (first quarter of 2013) was a time that was the most active, ever, for the entire gamut of malicious software generation.
  • More than 14 million new samples were identified by McAfee.
  • Malware is evolving, becoming savvier. An example is the Zeus malware that gets spread when the user unintentionally downloads it (from being tricked into doing so), or, when the user opens an attachment in an e-mail, not knowing it’s poised to infect his computer. This malware is smart because it evades anti-spam software by presenting as graphics instead of text in the e-mails.
  • Every month means about six million new botnet infections.
  • Between the first and second halves of 2013, new phishing websites doubled in number.
  • Sixty percent of the leading Google search terms returned malicious sites just in the first 100 search results alone.

The key is simply to have antivirus installed, let it run its updates automatically and pay for the annual license. As long as you have it, it will prevent most infections.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is Fake Antivirus Software?

Most of you know how important it is to have security software on your computers to stay protected from viruses, malware, spam and other Internet threats. Unfortunately, cybercriminals also know that it is critical to have security software, and they are using this knowledge to trick us into downloading fake antivirus software that is designed to do harm to your computer.

6DFake antivirus software is one of the most persistent threats on the Internet today. It masquerades as legitimate software, but is actually a malicious program that extorts money from you to “fix” your computer. And often, this new “antivirus” program disables your legitimate security software that you already have, making it challenging to remove.

These rogue programs often hook you while you’re browsing the web by displaying a popup window that warns the user that their computer may be infected. Often, the popup includes a link to download security software that offers to solve the problem, or redirects you to a site that sells the fake antivirus software. It is also often also called scareware since the hackers use messages like “You have a virus,” as a way to get you to click on their message.

Because the idea of having an infected machine is alarming to us—it can mean lost data, time, and money—most of us are eager to get rid of any potential problems, and this is what has made the bad guys who make fake antivirus software so successful.

And once you agree to the purchase, the cybercriminals end up with your credit card details and other personal information, and you get nothing but malware in return.

So here’s some steps you can take to protect yourself from the bad guys:

  • Never click on a link in a popup window. If you see a message pop up that says you have a virus or are infected, click the “x” in the corner to close it.
  • If you are concerned that your computer may be infected, run a scan using the legitimate security software you have installed on your device.
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service, which protects all your PCs Macs, tablets, and smartphones from online threats as well as safeguarding your data and identity.

While it is frightening to think that your computer may be infected, don’t fall for fake alerts that could compromise your personal and financial information. Take a minute to run a scan using your trusted security software rather than give more money to the bad guys.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Twitter Phishing Leads to Identity Theft

Identity Theft Expert Robert Siciliano

Twitter phishing is a growing problem and is spreading through a virus. Twitter accounts that have been hacked are spreading a link with a request to click on and download a video.

Some Twitter phishing involves Twitter porn. Today Ena Fuentes, who’s definitely a hot little number, started following me on Twitter and wants me to check out her new pics. Problem is Ena is probably controlled by a dude from some little village in an oppressed country who’s using dumb human libido to snare his intended victims.

The Register reports users who follow these links are invited to submit their login credentials via a counterfeit Twitter login page (screenshot via Sophos here). In the process they surrender control of their micro-blogging account to hackers, who use the access to send out a fresh round of phishing lures.

In the past, compromised accounts have sent pictures and links to spoofed websites. The new attacks mimick email address book attacks when the compromised account sends direct messages to the users followers. Twitter only allows direct messages to those who are following you.

When clicking links and downloading whatever intended multi media file, the unsuspecting victim may end up with a virus that spreads a keylogger and/or harvests user login details. Criminals know many internet users have the same passwords for multiple accounts.

Shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained by NextAdvisor:

“Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.”

How to protect yourself:

  1. Don’t just click on any link no matter where it’s coming from. Attackers understand a person is more likely to click a link from someone they know, like and trust. If someone direct messages you requesting you click something, their account may be in control of a criminal.
  2. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  3. Install McAfee anti-virus protection and keep it updated.
  4. Change up your passwords. Don’t use the same passwords for social media as you do for financial accounts.
  5. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  6. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing hacked accounts on Fox News

Criminal Hackers Get to Momma and DaDa Via Children

Robert Siciliano Identity Theft Expert

I’m particularly irate about this. There’s criminal hackers, then there’s complete lowlife scumbag criminal hackers that hack children. InternetNews reports hackers took over sections of the PBS.org Web site earlier this week, installing malicious JavaScript code on the site’s “Curious George” page that infects visitors with a slew of software exploits.

For the uninitiated Curious George is a little happy go lucky bumbling monkey that continually gets himself in a pickle. His curiosity almost kills the monkey in every episode. Thank heavens for “”The Man in the Yellow Hat” which is Georges keeper and occasional life saver. A 41 year old male knows this when he waits 38 years to spawn.

Security research firm Purewire found that when visitors tried to log onto a fake authentication page they were served with an error page that took them to a malicious domain where the malware attempted to compromise users’ desktop applications.

So here you are in your kitchen making a bunt cake. You continually glance over in amazement that a 3 year old, who cant color in the lines or spell or count above 20 or even tie her own shoes, but she can navigate through an inexhaustible gaming and learning website of PBSKids. She whacks away at the keyboard from morning till evening. So intensely she hacks that when it’s time to pull her away from the computer to maybe, ahh eat? She takes a fit because you caught her mid Sid The Science Kid.

Little do you know that while little miss Mitnick was tap tap tapping away, some frigging cheesebag was trying to rifle all your data via a Clifford The Big Red Dog JavaScript reliant puzzle.  Is there no shame? Boundaries? Apparently not.

It is not immediately evident how hackers compromised the site. They may have taken advantage of a known flaw and  exploited a SQL injection vulnerability.

Kids playing were met with a pop-up message requesting authentication to enter a username and password during a game. “But DaDa, I don’t know my words yet”.  From here, no matter what was entered they were directed to an error page that had malicious code. The JavaScript then loaded malware targeting flaws in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. If the affected computer was not up to date with all their critical security patches then they got the bug.

Lax security practices by consumers are giving scammers a base from which to launch attacks. USA Today reports IBM Internet Security Systems blocked 5000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily.

The key to identity theft protection and preventing your computer from becoming a zombie is to engage in every update for every browser, software and media player that you use, keeping your operating system updated and use anti-virus software such as McAfee Total Protection.

And if your 3 year old happens to engage a toothless criminal hacker from the Eastern Bloc and you haven’t been up to date, make sure you have a backup plan if your data is compromised.

1. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes

·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers

·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls

·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors

·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name

·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly

·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing soulless criminal hackers on Fox News

Big Time Identity Theft Hackers Indicted

Robert Siciliano Identity Theft Expert

ABC news and a bazillion other outlets report that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin'” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity. Once a criminal, always a criminal.

Gonzalez and two other unidentified hackers believed to be from Russia have been charged with hacking into Heartland Payment Systems, 7-11 and Hannaford Brothers Company, Dave and Busters and TJX Corporation, which involved up to 45 million credit card numbers..

Gonzalez was originally arrested in 2003 by the U.S. Secret Service and began working with the agency as an informant. Federal investigators say they later learned that the hacker had been tipping off other hackers on how to evade detection of security and law enforcement worldwide.

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

The NY Times reports according to the indictment, Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores and used a technique called “wardriving” to monitor wireless networks. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

Threat Level, by Wired magazine, reported that Gonzalez had lived a lavish lifestyle in Miami, once spending $75,000 on a birthday party for himself and complaining to friends that he had to manually count thousands of $20 bills when his counting machine broke.

Protect yourself;

1. You can’t prevent this type of credit card fraud from happening to you when the retailer isn’t protecting your data. Eventually credit card protection solutions will  be available. For now, protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

3. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing credit card data breaches and the sad state of cyber security on Fox News

Identity Theft Is Easy Over P2P

Robert Siciliano Identity Theft Expert

Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked and have your identity stolen.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

The Register reports that a Washington state man has been sentenced to more than three years in federal prison after admitting to using file-sharing program LimeWire to steal tax returns and other sensitive documents. He searched LimeWire users’ hard drives for files containing words such as “statement,” “account,” and “tax.pdf.” He would then download tax returns, bank statements, and other sensitive documents and use them to steal identities.

I did a story with a Fox News reporter and a local family who had four kids, including a 15-year-old with an iPod full of music, but no money. I asked her dad where she got all her music and he replied, “I have no idea.” He had no idea that his daughter had installed P2P software on the family computer and was sharing all their data with the world. The reporter asked me how much personal information I could find on the P2P network in five minutes. I responded, “Let’s do it in one minute.”

There are millions of PCs loaded with P2P software, and parents are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox.

A Glorious Week of Identity Theft

Robert Siciliano Identity Theft Expert

If there was ever a week to get high, totally drunk, on information security and identity theft scammers and hackers, then this is it! Media outlets everywhere have been pumping out story after story of data breaches, identity theft, criminal hackers and indictments! Yeah team! For a criminal hacker groupie, this is Woodstock!

Dark reading reports Eight defendants were arraigned in a Brooklyn court for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services. An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford and seven other defendants. When identity theft defendants named Courtney, Gabe, Marsha, Saul and Ron are involved in a $22 million identity theft scheme, then you know it’s just a matter of time until someone named Britney or Brad will get busted too! It’s the identity theft apocalypse!

ABC News reports that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin’” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity.

Information week reports in the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year. Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

Cnet reports Rogue Facebook apps steal log-in data, send spam. Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims’ friends. So far, six malicious applications have been identified: “Stream,” “Posts,” “Your Photos,” “Birthday Invitations,” “Inbox (1),” “Inbox (2)” according to a blog post by Trend Micro researcher Rik Ferguson. The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called “sex sex sex and more sex!!!,” which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn’t appear to be malicious and may have been compromised somehow to begin the distribution of the spam, he said.

USA Today reports Hackers harness Twitter to do their dirty work.  A cyber gang has begun experimenting with setting up free Twitter accounts, then sending out Tweets from the popular micro-blogging service that are really coded instructions to botted PCs to carry out criminal activities. Anti-virus maker Symantec has isolated several samples of infected PCs carrying a unique new infection, dubbed “Sninfs.”

The PCs most likely got infected when their users unwittingly clicked to a tainted web page or on a corrupted link carried in an email or social network message, says Marc Fossi research and development manager at Symantec Security Response.

Protect yourself;

Don’t just sit back and get hacked. Arm yourself with anti-virus that runs automatically in the background and prevents “Courtney, Marsha and SoupNazi” from stealing your identity. Pick up McAfee’s Total Protection software and take control of your PC security.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing the sad state of cyber security on Fox News and check washing and campus security on ABC News.

Social Media Banned, Creates Identity Theft Risk

Robert Siciliano Identity Theft Expert

The Marines recently banned soldiers from using social media sites such as MySpace, Facebook and Twitter. This is for two reasons. First, because they fear that these sites’ lack of security may allow malware to infiltrate government computers. And second, they’re concerned about the potential for leaked military data. Military personnel are often prohibited from informing friends and family of their locations or missions, regardless of whether they’re communicating with handwritten letters, email, or the telephone. These measures are necessary to prevent leaks that would impede the soldiers’ missions and safety.

It’s no surprise that they have now banned social media.  I recently reported on Sir John Sawers, the incoming head of MI6, the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. Military personnel should held to a higher standard. We are talking about national security here, and we can’t risk leaks that could jeopardize lives.

Anyone who thinks this is absurd need only look at sporting events for confirmation of why this type of communication should be banned. Every time I watch a baseball or football game, when I see the coaches talking to players, or the pitcher talking to the catcher, they cover their mouths with a hand, glove or paperwork. Why? Because there are thousands of “lip readers” watching the event who are happy to report on what was just said in order to give the opposing team an advantage. You’d think after all these years covering their mouths, lip readers would just give up. But no, that’s not the case at all. There’s always someone watching, waiting, hoping for someone to screw up so they can give the other team an advantage.

Today, social media gives scammers an advantage. Somebody is always watching and waiting for an opportunity. Social media is built on trusting relationships. Scammers can exploit that trust to gather information that could be used in password attacks. If you ever forget your password and have to reset it, the answers to several of the security questions might already be available in your profile. And in many cases, the default privacy settings leave profiles open to anyone.

Security professionals were able to create a virus called ZombieSmiles, which gains control of the victim’s browser and allows the hacker to access supposedly private data through the Facebook API, including friends, groups, wall postings and applications. Facebook applications allow a third party to access your data, which opens a Pandora’s box of possibilities for hackers. So if you send me a Facebook application and I refuse, it isn’t because I’m being rude, it’s because I think that the potential risks simply outweigh the benefits. No offense. I just don’t want my identity stolen.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discusses a Facebook Hack on CNN