What is a mobile wallet?

/in /by

Some say there will be a day when the wallet you carry in your pocket or purse will become obsolete. Technology is evolving in a way that will likely eliminate all our credit cards, store cards, and IDs. We will use our mobile devices as our primary means of commerce and identification. The technology behind mobile wallet combines near field communications (NFC) and applications. Depending on which is used, a user might need to wave their phone near a reader to make a payment or verify identification, or they may open an app and simply click a button.

Mobile wallet is still in its infancy but the technology is quickly gaining steam. Google introduced Google Wallet, a mobile app that turns your Android phone into a wallet by securely storing your credit cards on your phone, and it has gained popularity by using promotional offers. When you make a purchase from a brick-and-mortar store that accepts Google Wallet, you not only pay but you can also redeem discount and promotional offers quickly by simply tapping your phone at the point of sale.

Google Wallet facilitates online shopping by securely storing your credit cards for use on the Internet as well. Paying is quick, easy, and safe when you make a purchase from an online merchant that accepts Google Wallet. If you choose to make your phone a wallet, I seriously suggest a mobile security product as a companion to help protect your device against viruses and malware.

Protect it. Just like your leather wallet, your mobile wallet is portable, it is subject to being lost or stolen and the data contained can be accessed or the applications running may have access to additional information, resulting in your data being compromised. Any time you are using a mobile wallet remember that wireless is inherently insecure. Use a secure virtual private network (VPN) such as the free Hotspot Shield VPN that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

What is mCommerce and how do you keep transactions safe?

/in , /by

mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present. In other words, “present” might mean your mobile is equipped with an application that you use to make a purchase in person, such as to buy a cup of coffee or a train ticket. “Not present” could be when you use another application or your mobile browser to make a remote purchase over the Internet or another type of mobile network.

There are several different forms of mobile commerce:

Mobile shopping: You comparison shop or purchase something online using your mobile device (and its browser or a mobile app)

Mobile banking: You interact with your bank account (actions such as check the balance, transfer between accounts, make payments) using your mobile device

Mobile wallet (mobile payments): The mobile device itself is used to authorize payment (via a stored credit card)

Mobile point-of-sale (POS): Specialized card swiping attachments let your mobile device be used to collect payment from a credit card

All of these forms of mobile commerce require a wireless connection to the internet over Wi-Fi or your carrier’s 3/4G connection. Always use a like Hotspot Shield when engaging in mCommerce. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop or iPhone and your Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Iran Blocking VPNs on its Already Strangled Internet

/0 Comments/in /by

Free societies really have no idea what it’s like to live in a censored and controlled nation that locks down the internet and filters what citizens are allowed to consume.

Imagine wanting to login and research information on health or find a friend online or simply watch some funny videos on YouTube…only to discover that your government doesn’t allow it.

In Iran, the UK-based group Small Media reported,“Prominent Persian-language websites and other online services have been filtered one by one, and communications with external platforms is becoming progressively more difficult.”

Iran isn’t the only country like this. Countries with some kind of internet censorship are frequently Middle East and North Africa (MENA) countries, as well as some countries in Southeast Asia and China. Specifically, Saudi Arabia, UAE, Qatar, Bahrain, Yemen and others in the MENA region block a lot of content and often communication applications like Skype, Viber and social media sites. Pakistan has blocked YouTube; in Vietnam, some ISPs block Facebook; some Central American countries block communication apps as well.

Reuters reports, “A widespread government internet filter prevents Iranians from accessing many sites on the official grounds they are offensive or criminal.”

“Many Iranians evade the filter through use of VPN software, which provides encrypted links directly to private networks based abroad, and can allow a computer to behave as if it is based in another country.”

“But authorities have now blocked ‘illegal’ VPN access, an Iranian legislator told the Mehr news agency on Sunday. Iranian web users confirmed that VPNs were blocked.”

It’s not just users in Iran who relyon US or European-based services that enable them to tunnel around the government censorship.

Robert Siciliano is an Identity Theft Expert. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Fighting the Cyber Intelligence Sharing and Protection Act (CISPA)

/1 Comment/in /by

All my life I’ve been hearing about Big Brother. For those unfamiliar with the term, coined by George Orwell in his 1949 masterpiece, Nineteen Eighty-Four, Big Brother is the embodiment of a society under complete surveillance by its government. But it’s not fiction; infact, our everyday activities are being monitored, today, right now, either by self-imposed technology or the ever-present Big Brother.

Traditionally, documenting our existence went like this: You’re born, and you get a medical and a birth record. These documents follow you throughout your life, filed and viewed by many. You must present these records in order to be admitted to a school, to be hired, or to be issued insurance. You get a Social Security number shortly after birth, which serves as your national identification. These nine digits connect you to every financial, criminal and insurance record that makes up who you are and what you’ve done. Beyond that, it’s all just paperwork.

And now comes CISPA, a proposed law in the United States that would allow for the sharing of internettraffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill—which has been revived after being defeated last year in part because of widespread public protest– is to help the U.S. government investigate cyberthreats and ensure the security of networks against cyberattacks.

The Electronic Frontier Foundation adamantly opposes CISPA and calls the proposed legislation “apoorlydefined ‘cybersecurity’ exception to existing privacy law. CISPA offers broad immunities to companies who choose to share data with government agencies (including the private communications of users) in the name of cybersecurity. It also creates avenues for companies to share data with any federal agencies, including military intelligence agencies like the National Security Agency (NSA).”

I’m all for more security. But I’m not sure the CISPA bill has been well thought out. The implications for this bill and the potential for abuse are scary. Whether CISPA is passed or not, consumer privacy is eroding on a daily basis. Every time we connect to the internet, our IP address is revealed. An IP address is kind of like an online social security number which can be tracked or traced back to you. Masking this address with a virtual private network (VPN) is the first step toward locking down your online identity and personal information.  The second is to call, write, or tweet your congresspersonurging them to vote “No” on this bill.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Stop, Think and Connect on Public Wi-Fi

/2 Comments/in /by

OnGuardOnline.gov, co-managed by the Federal Trade Commission, is the federal government’s website to help you be safe, secure and responsible online.OnGuardOnline.gov is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.

Vulnerabilities

I, for one, am a big fan of the Department of Homeland Security, so I wanted to provide some DHS perspectives on wireless, its vulnerabilities and encryption–such as that obtainable through Hotspot Shield VPN—straight from the government’s mouth: “Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities and other public places are convenient, but they’re often not secure. When using a hotspot, it’s best to send information only to websites that are fully encrypted.

“You can be confident a hotspot is secure only if it asks you to provide a WPA password. If you’re not sure, treat the network as if it were unsecured.”

Encryption

You’ve heard it from this blogger before, but this is what Homeland Security has to say about encrypting your web communications:

“Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so that it’s not accessible to others. When using wireless networks, it’s best to send personal information only if it’s encrypted—either by an encrypted website or a secure WiFinetwork. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.” Homeland Security further states: “Don’t assume a Wi-Fi hotspot is secure. Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure.”

Hence, get yourself a wireless VPN! And use it. Advice straight from the DHS’s mouth.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.

How Does My IP Address Affect Different Services?

/1 Comment/in /by

You’ve probably heard the term IP address before but you likely aren’t fully aware of all the ways it is used. Or misused by various entities. Or how you can turn an IP address to your own advantage by taking control of who gets to use it.

An internet protocol (IP) address is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the internet protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: ”A name indicates what we seek. An address indicates where it is. A route indicates how to get there.”

When you visit a website, the website knows your IP address. When you send email or sign up for something online or use any internet-based service, the site knows your IP address. Your IP address matters to many sites for many reasons. Search engines want to know your IP address so they can serve up local search options and local ads and present themselves in the language (English or Chinese etc) associated with the IP address. Retailers want to know your IP address for security reasons.

Various online vendors—such as ecommerce sites, ad networks or retargeting services– want to know your IP address because they may sell web-based products specific to your location or country or browsing history. In some cases, the company may sell products or downloads that may be regulated by specific laws in that country. For example, downloads of copyright-protected content may fall under specific regulations with a particular country and any service that sells that content.

I came across a recent forum post asking the following question and thought the answer would be helpful to my readers: “I have Netflix Canada, but it doesn’t have all the shows that Netflix USA has. 1. Someone said Hotspot Shield would make it appear that I have a U.S. computer IP address (IPS? ISP?). Can anyone give a definitive answer on this? 2. How safe is this Hotspot Shield and would it work?”

So to answer the first question, Yes, Hotspot Shield, when installed on a PC, laptop, Mac or mobile device will use a US-based IP address when running. (If you have the paid version of their service, you can also choose IPs from other countries.) And in answer to the second question,Yes, Hotspot Shield is safe in regard to protecting your data as it travels over the Hotspot Shield VPN. And “would it work”…well, I don’t see why it wouldn’t work. Whether you want to use it in the manner the questioner is proposing is up to you. Keep in mind that the company may have a good reason for placing that restriction in the first place.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.

FTC: Identity Theft Top Complaint Once More

/0 Comments/in /by

Last year, 2012, marks the first year in which the FTC received more than two million complaints overall, and 369,132, or 18 percent, were related to identity theft—an increase of 30% over 2011. Of those, more than 43 percent related to tax- or wage-related fraud.

As the internet grows ever more pervasive and essential, we find ourselves conducting most of our business online. We use the internet to shop, pay bills and manage bank accounts. We will increasingly rely on the electronic exchange of personal information as the internet continues to evolve and become even more consumer friendly. Subsequently, criminals will also evolve, working day and night to find and exploit vulnerabilities within our networks. These hackers will not sleep until they gain access to all of our information, which they can utilize to steal our identities or gain access to our financial accounts.

Statistics show that one in four American adults has been notified by a business or organization that his or herinformation has been compromised due to a data breach. This means that you could be taking all the necessary precautions to keep your information safe, but by simply doing what every other person in the world does—sharing your Social Security number or credit card information with a trusted organization—you put yourself and your security at risk. So, how do you protect yourself?

  • Lock down your PC with antivirus, antispyware, antiphishing and a firewall.
  • Always keep your devices’ OS and critical security patches updated.
  • Consider getting a credit freeze and/or identity theft protection.
  • Shred—don’t just throw away—personal information.
  • Lock down your wireless network with WPA2 encryption.
  • Protect data on wireless devices, particularly when using a public WiFi network, with a free VPN such as Hotspot Shield.

By following these guidelines, you will keep your identity safer. You know who you are; don’t let anyone else think he can be you.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What’s a Wireless “Sniffer” and Why Should I Care?

/2 Comments/in , /by

A sniffer is a software program used by IT administrators to monitor network usage, investigate network problems, investigate network misuse and abuse, identify configuration issues and determine the state of a network’s security. Sniffers ultimately decode the data so it is readable in words, numbers and computer code.

Note that last part: “determine the state of a network’s security.” That is a big one. This is because while good-guy IT security professionals use sniffers to determine the security of a network, bad guys also use them to see your data as it travels from your device to the router communicating the wireless internet signal.

Unsecured, unprotected, unencrypted and sometimes shared wireless internet communications over Wi-Fi in your home, office or any publicly connected Wi-Fi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers. A sniffer employed by a criminal can be used to spy on anything you communicate wirelessly. Criminals can steal your data, get your usernames and passwords, and potentially hijack your device…and your life.

The kind of data that is most vulnerable to sniffers is that which is unencrypted; this can include something as simple as files being copied and pasted or shared from one device to another. Any information coming through your browser that isn’t coming from or going to a website employing encryption designated HTTPS—the S means secure—is also vulnerable.

On wireless connections that aren’t properly secured—such as those public ones I mentioned earlier—your best line of defense is to use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft expert  consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

TJX Identity Theft Costs Another 10 million, Protect Yourself from WarDriving

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Most people are familiar with the TJX data breach, in which 45 million credit card numbers were stolen. TJX recently agreed to pay $9.75 million to 41 states to settle an investigation of the massive data breach. According to some reports, TJX has spent up to $256 million attempting to fix the problem that led to the breach.

It’s been said repeatedly that the criminal hackers responsible for the breach were sitting in a car outside a store when they stumbled across a vulnerable, unprotected wireless network using a laptop, a telescope antenna, and an 802.11 wireless LAN adapter. This process is called “Wardriving.”

WiFi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. WiFi wasn’t born to be secure. It was born to be convenient. As more sensitive data has been wirelessly transmitted over the years, the need for security has evolved. Today, with criminal hackers as sophisticated as they ever have been, wireless communications are at an even higher risk.

When setting up a wireless router, there are two different security techniques you can use. WiFi Protected Access is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy. Wired Equivalent Privacy was introduced in 1997 and is the original form of wireless network security. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.

It’s one thing to access your own wireless connection from your home or office. It entirely another story when accessing someone else’s unprotected network. Setting up a secure WiFi connection will protect the data on your network, for the most part, but if you’re on someone else’s network, secured or unsecured, your data is at risk. Anyone using an open network risks exposing their data. There are many ways to see who’s connected on a wireless connection, and gain access to their data.

There are a few things you should do to protect yourself while using wireless. Be smart about what kind of data you transmit on a public wireless connection. There’s no need to make critical transactions while sipping that macchiato.

Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s nothing on either device that would compromise me.

Install Hotspot Shield. A free ad supported program, Hotspot Shield protects your entire web surfing session by securing your connection, whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. They also offer an iPhone application. There are fee based programs, including Publicvpn.com and HotSpotVPN, which can create a secure “tunnel” between a computer and the site’s server.

Turn off WiFi and blue tooth on your laptop or cell phone when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.

Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is meant to act as bait.

Beware of evil twins. These are connections that appear legitimate but are actually traps set to snare anyone who connects.

Keep your antivirus and operating system updated. Make sure your anti-virus is automatically updated and your operating systems critical security patches are up to date.

Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano identity theft speaker discussing criminal wireless hack