Cybercriminals Camping Out on Hotel WiFi Using Evil Twins

When traveling on business or for pleasure, seeking out a reliable WiFi connection is usually a priority for most travelers. While mobile 3G/4G connections satisfy some, the speed of WiFi for laptops or uploading/downloading larger files doesn’t compare.

NBC news reports, “More and more hotels are stepping up and offering guests free WiFi, but security experts say some thieves are using the popular service to steal guests’ sensitive information, and they’re doing it by tricking people into using a fake free WiFi connection.

“A cyber thief creates a dummy WiFi connection using a mobile hot spot, and will give it a generic name to resemble a hotel’s actual WiFi connection, such as ‘Free Hotel WiFi.’ If a guest connects [his or her] laptop to the dummy WiFi, the thief gains access to all of the guest’s browsing activity, and will often times use a key-logger program to capture username and password information.”

This is called an evil twin: Anyone can set up a router to say “T-Mobile” “AT&T Wireless” or “Wayport.” These connections may appear legitimate but are often traps set to ensnare anyone who connects to it.

Wireless users who connect to an evil twin risk their data being scraped by a criminal who captures all of their unencrypted communications that are going through his wireless router. Each and every wireless data packet is sniffed and captured by a software program that will later piece together all the information in order to steal identities. Unsecured, unprotected and unencrypted communications over an evil twin on any publicly connected WiFi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers.

On wireless connections that aren’t properly secured, your best line of defense is to use virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is free and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

New Smartphone Owner? Pay attention

Recent reports show smartphones are outselling dumbphones for the first time ever. Dumbphones are actually called feature phones, which is odd because they don’t offer many features. Well, they do, like a camera, texting, crude internet access, and a few other extinct bells and whistles—but not as many as a smartphone.

The Wall Street Journal reports,Smartphones accounted for 51.8 percent of mobile phone sales globally, research firm Gartner said…. The growth, up 46.5 percent compared with the same quarter last year, is driven by sales in the sub-$100 Android market.” The fact that Android’s lower prices reflect the rise in smartphones is significant due to the fact that Apple’s new iPhone 5C will be priced at $100 or less and older-model iPhones can be had for pennies with a two-year contract.

This is big. This means millions and millions more people are now using smartphones. (My dad got his first smartphone with the iPhone 5. The man won’t stop texting me pics of squirrels on his deck, deer in his yard and birds on the 30 feeders he has.)

The technology in smartphones today is just astounding. Whether you use an iPhone, Android or even a BlackBerry, having the world at your fingertips makes getting things done far more efficiently. Besides the obvious benefits of communications, multimedia and online shopping, a smartphone is a great way to save money. Just the other day, I went to a store to make a purchase and was floored by the cost of an item that I usually buy every two or three years. I immediately went online via my smartphone and found what I was looking for—for 90 percent less than what I had almost paid. Frankly, I don’t know how brick-and-mortar shops survive when consumers have this kind of access to price comparisons.

Now that you are a new and proud smartphone owner, you must recognize you are no longer using simply a phone. It’s a little computer. And can be hacked in the same way as that big one you have in your basement office. You can’t carry this little PC around and not keep security in mind. So here’s the guide to care and feeding of your little computer:

Operating system (OS). Update your operating system when required. The device itself has settings that will alert you to new updates. Never update your OS because you receive a text message telling you to do this. It’s a scam.

Password protect it. This isn’t a feature phone. It’s a smart little computer that accesses applications and data. If your phone is lost or stolen, you want it password protected.

Invest in Locate/Lock/Wipe software. Whether built into the OS or downloaded as an app from a third party, get software that will remotely locate your device if it is lost, then will lock it if needed and wipe the data.

Protect your wireless. Not all wireless is created equal. Your carrier’s 3G/4G has a level of encryption that’s crackable, but unlikely to be cracked—whereas any open or free WiFi connection can expose your device and its data to criminals. Installing Hotspot Shield VPN (available for both  iPhone and Android) will encrypt all WiFi communications, protecting you. And it’s free.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

10 Tips to Better Password Security

Now that Apple has rolled out its new “Touch ID” fingerprint biometric technology, none of us ever has to enter a password ever again….NOT. While biometrics is certainly an option for authentication and a fingerprint is the most likely method of password deployment, it will be a long time until (if ever) a fingerprint is the sole way in which we are identified. I do, however, believe fingerprinting is a good thing, and with science and technology working together, someday we might perfect biometrics—and it will not be considered an invasion of one’s privacy, either.

In the meantime, here’s how to improve your password security:

Use different passwords. At least use different passwords for each of your accounts. Using the same ones gets you in trouble with others when one account is hacked.

Cover the keyboard. Use your other hand to cover the keys as you type and be sure no one watches when you.

Log off. Log off when you leave your device, even if it’s just for a minute. Open accounts allow password resets.

Antivirus that thing. No matter your device’s age, use security software and keep it up to date to avoid malware.

Only use your devices. Never enter passwords on computers such as at internet cafés or library PCs, which may have malware.

Use a VPN. When entering passwords on unsecured WiFi connections at an airport or coffee shop, hackers can intercept your data. But with a virtual private network, you eliminate that risk.

Don’t share passwords. Your buddy/mate may not be your buddy/mate forever.  People change. And they become vindictive sometimes.

Change your passwords regularly. Change your passwords semi-annually and avoid reusing passwords.

Beef up your passwords. Use at least eight lowercase and uppercase letters, numbers, characters or symbols in your password.

Use a password manager. Google “password manager” and get one. It can create and store passwords on all your devices and browsers.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

What are the Risks from Mobile Eavesdropping?

Ever heard of mobile snoopware? For those affected, it’s unnerving and creates a sense of paranoia. I’ve worked with families that found spyware on their phones designed to watch their every move. The hacker, they say, turned their mobiles on and off, used the phone’s camera to take pictures, and use the speakerphone as a bug. All year long I receive emails from people who have experienced the same issues. Scary.

Mobile carrier networks are encrypted and aren’t likely to be snooped on, but they have been cracked. WiFi, on the other hand, is extremely vulnerable. There are a few ways to snoop on a mobile:

  • GPRS cracks: A phone’s 3G connection sometimes defaults to the hacker-created General Packet Radio Service (GPRS) if 3G isn’t available.
  • Bluetooth recorders: If you pair a Bluetooth headset with a phone, the sound comes through the earpiece—just as does a Bluetooth recorder sold through spy shops will. However, this often requires a hacker to have direct access to your mobile device.
  • Spyware device in hand: Snooping tools can monitor calls and texts. It’s legal when the phone’s owner installs it, such as a parent monitoring his or her kid’s phone.
  • Spyware remote install: Spyware doesn’t require physical access to the device when a user clicks an infected link or the device is on a free unsecured wireless connection.
  • Cracking encryption: Don’t worry about it unless you are a high-end executive or a government agent; in that case, anyway, you probably own a device that has advanced encryption in the hardware and software.
  • Bluetooth: Require a password to access your device and turn off Bluetooth. As always, keep the device close.
  • Spyware: Keep your device’s antivirus updated and beware of what links you click.
  • WiFi hacks: Use a virtual private network such as Hotspot Shield VPN.

Protect yourself from eavesdropping:

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Do You Know Who’s Spying on You?

There have multiple revelations about government agencies spying on their citizens, which, frankly, should come as no surprise. But there are also several others who are also spying on you, and often you’ve given them permission to do so.

  • Hackers: Routers can be hacked if not properly secured. Spyware can be installed if your PC doesn’t have antivirus, antispyware, antiphishing and a firewall.
  • Internet service providers: The company that provides you your internet connection collects data about you that is stored on its servers and is available to law enforcement with a warrant or corporations that feel you violated copyright.
  • Employers: Like it or not, your employer owns the devices it provides you, and in some cases can access the devices you own if they are used for company communications.
  • Identity thieves: Criminals set up shop looking for potential victims of their multitude of scams. They check you out via social media or simply pick you at random via a phishing email. But once they connect with you, they research your IP address—and everything else they can find about you—to make their scam more believable.
  • Websites: Sites install cookies in your browser to track where you go and what you click. The purpose of this is to send you targeted ads and sell you stuff.

Prevent spying:

  1. Lock down your wireless router using its built-in security settings that have WPA2 encryption. Your router’s wizard will walk you through the process.
  2. Update your browser, OS-critical security patches, antivirus, antispyware, antiphishing and firewall.
  3. Set your browser to clear your cache daily.
  4. At work, just work. No playing online.
  5. Lock down your social profiles and say little. Keep it professional.
  6. Use a VPN (i.e Hotspot Shield VPN) to mask your IP address and protect your internet traffic from snoops.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Security Measures for the Wealthy vs. for the Rest of Us

“Wealthy,” by some standards, might mean being in the top one percent of earners today in the US, which is $370,000 a year. Otherwise, the “bottom” 95 percent is making less than $150,000 a year, and then 75 percent of the population makes less than $66,000 a year. Depressed? Sorry; the point of this post is to provide you with options that the wealthy might use for security vs. what everyone else considers affordable.

  • Home security: Alarm systems today can cost from under a hundred dollars to several thousand. Celebs and CEOs often invest heavily in all the bells and whistles, whereas all we of more modest means really need is a simple system to protect our doors and windows that also comes with a siren and is possibly connected to a monitoring station at the price of a dollar a day. Even cheapo stickers and signs on eBay offer a layer of protection.
  • Auto security: You could ride like Kanye West in an armored car costing several hundred thousand dollars…or you could install some tinted windows, take a defensive driving course and toss in a kill switch for a few bucks.
  • Personal security: If your name is Larry Ellison (CEO of Oracle), you might drop $1.7 million on bodyguards and everything else. Otherwise, take a self-defense course utilizing adrenal stress training.
  • Information security: Budgeting for information security is often relative to the amount and kind of data that needs protecting. So a big company should be spending big bucks, whereas for $49.95 you should be renewing your antivirus every year.
  • Identity theft security: For 10 bucks a month, anyone can protect his or her identity with identity theft protection. For almost free, everyone should get a credit freeze. I do both and recommend you do the same.
  • Wireless security: The beauty here is that protecting a wireless connection can be free via a free VPN service from Hotspot Shield. And for another few bucks, you can get a paid version that’s ad-free and faster—and you don’t need to be wealthy to afford it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

10 Ways to Protect Your Twitter Account From Getting Hacked

Recent news of Twitter accounts being hacked has slowed a bit, partly due to Twitter implementing two-factor authentication. When you sign in to Twitter.com, there’s an option in “Settings” under “Account security” for a second check to require a verification code to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address. To get started, follow these steps:

  • Visit your account settings page.
  • Select “Require a verification code when I sign in.”
  • Click on the link to “add a phone” and follow the prompts.
  • After you enroll in login verification, you’ll be asked to enter a six-digit code that Twitter will send to your phone via SMS each time you sign in to www.twitter.com.

In cases where more than one person accesses the same Twitter account, Twitter’s two-factor authentication is less effective. Create an open dialog with fellow account holders and share second-factor authenticating identifiers via text.

Some more tips:

  1. Limit the number of people that have access to your account.
  2. Use a strong password.
  3. Use Twitters login verification.
  4. Watch out for suspicious links, and always make sure you’re actually on Twitter.com before you enter your login information.
  5. Never give your username and password out to untrusted third parties, especially those promising to get you followers or make you money.
  6. Make sure your computer and operating system is up to date with the most recent patches, upgrades and anti-virus software.
  7. Beware of phishing. Phishing is when someone tries to trick you into giving up your Twitter or email username and password, usually so they can send out spam to all your followers from your account. Often, they’ll try to trick you with a link that goes to a fake login page.
  8. Beware of typosquatting or cybersquatting. Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter.
  9. Beware of short urls. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service, such as URL Expanders for Internet Explorer and URL Expanders for Firefox.

10. Use aVPN (Virtual Private Network). Protect your private information and sensitive data from snoopers and hackers while surfing the web at WiFi hotspots, hotels, airports and corporate offices with Hotspot Shield VPN’s WiFi security feature.

 

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

How Likely Am I to Be a Victim of Mobile Crime or Data Theft?

Imagine your body being targeted by 100 million viruses. That is exactly what’s happening to your networked digital devices. Laptops, desktops, netbooks, Macs, iPads, iPhones, BlackBerrys, Androids and Symbian mobile phones are all at risk. Research from McAfee Labs reveals a variety of threats:

  • Mobile: Android has become the most popular platform for mobile malware. Hundreds of Android threats soared from the middle of 2011 into thousands of threats in early 2012 into 2013. The bulk of these threats spread through third-party app stores and were financially motivated.
  • Malware: In the first quarter of 2012, PC malware developers delivered their most productive quarter ever, supporting a forecast of 100 million pieces of malware before the end of 2013. Malicious developers are building more rootkits (software designed to evade detection) and password-stealing Trojans (software that collects the information required to break into a device or an account). Like many consumers, they also like the Mac.
  • Spam and phishing: Believe it or not, spam volume has decreased to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click. In 2012, nearly all targeted attacks started with a spear phish cast.
  • Botnets: Botnets are groups of infected computers—often consumer PCs—that criminals manipulate to send spam, process fraudulent transactions, or conceal other nefarious activities. In 2012, infected bots reached five million.
  • Bad URLs: McAfee is recording 10,000 new risky or malicious websites each day. Website URLs, domains, subdomains and particular IP addresses can be deemed “bad” because they are used to host malware, phishing websites or potentially unwanted programs.

While these numbers do not yet approach the volumes of incidents occurring on PCs, they make it clear that mobile devices are genuine and increasing targets. For you as a user, forewarned is forearmed.

To avoid becoming a victim:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
  3. Use a private VPN. Hotspot Shield VPN, which is free to download, creates a virtual private network (VPN) between your iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures

5 ways to Protect Privacy on Mobile Devices

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances—without consumers knowing their rights and actively protecting their own privacy and personal data—that data could be used unethically.

Privacy is your right. But in our digital, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down. It’s that part of life that is shared between you and your loved ones and which is not communicated, recorded, broadcast or reproduced on the internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

In addition to reading “terms and conditions” and the privacy policies of apps and websites, now is a good time to check your privacy settings on social networking sites and other sites you already use. Don’t share by default; share by choice. Ensure you have a strong password and be aware of where and with whom you are sharing your personal data.

In addition, turn off features on your device that expose your device and may share information about you, such as location, GPS and Bluetooth. When you want to use these features, you can always turn them on temporarily.

  1. Install the latest antivirus software on your devices. Antivirus software is a must-have utility to protect your computer from viruses, spyware, Trojans and worms. These malicious programs are designed to invade your privacy and steal your personal data. As such, it’s critical for you to protect your devices with the latest antivirus program(s).
  2. Use a personal virtual private network (VPN). While antivirus programs do a good job of protecting your computer, it doesn’t secure your browsing session or your internet communications. A VPN is a perfect complement to an antivirus program. VPN services such as Hotspot Shield VPN protect your privacy online and secure your web sessions by creating a secure “tunnel” on the internet between the VPN server and your device. Hotspot Shield is available for iPhone/iPad and Android devices
  3. Use strong passwords. Most people tend to use their names, birthdates, driver’s license numbers or phone numbers to create passwords. The most common password, believe it or not, is the word “password.”
  4. Be careful what you share on social networking sites. Social networking sites such as Facebook have very vague and complicated privacy policies. In fact, their business models are based on trading, sharing or selling your private data to advertisers and marketers.
  5. Delete or clear the tracking cookies. Tracking cookies are small pieces of code that websites attach to your computer to store information about your online activities.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Serious Growth for mCommerce in 2012

The practice of mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present.

Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services, and it is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security concerns of mCommerce.

Some consumers in the U.S. have had bad experiences with criminal hacking and data breaches and so are concerned about their security. As a result, they are waiting for the various handset manufacturers (in other words, those who make the phones), mobile carriers (those who provide mobile service) and third-party technology providers (those who make the technology that facilitates financial transactions) to agree on standardization that will lead to more secure transactions.

Regardless, EcommerceTimes.com reports in its holiday retail edition that Foresee, a customer experience analytics firm, saw the Mobile Satisfaction Index jump two points over Christmas 2011 to a score of 78 on a 100-point scale.

When it comes to individual companies, Amazon took the number-one spot with a score of 85. Apple and QVC were next with scores of 83, with NewEgg and Victoria’s Secret coming in at 80 in the report. Those at the bottom of the list of 25 mobile retailers include Shop NBC with a score of 73, and Sears, RueLaLa, Overstock and Gilt.com, which each earned a 74 in the ratings.

The study shows that the mobile platform is maturing faster than the traditional web. But this will also mean criminals are moving to mobile as an attack vector.

To stay safe while mobile shopping:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
    1. Use a private VPN. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop, iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network. Hotspot Shield is available for iPhone/iPad and Android devices

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.