Why Do I Need Dark Web Monitoring?

Dark Web monitoring fills an important security gap for individuals and businesses. It has applications in cyber security, reputation management and brand management. By monitoring Dark Web activity, individuals and organizations may be alerted to cyber attacks or data breaches.

Admit it: You search your name on Google to see what’s there. Most businesses pay attention to their online reviews. Some monitor social media to see what customers are saying. Dark Web monitoring completes the picture of your and your organization’s online reputation. It can also tip you off to data breaches or potential cyber attacks.

What Is the Dark Web?

In its broadest definition, the Dark Web is a portion of the Deep Web, which itself is a collection of websites and databases that are not indexed by the major search engines (Google, Microsoft Edge, Yahoo!, DuckDuckGo, etc.). In 2018, CNBC estimated that the Deep Web was 400 to 500 times the size of the Internet that most people use.

The Deep Web itself is benign. It consists of password-protected content, encrypted databases and data, including millions of articles, books, recipes and public records. Some of these can be accessed through specialized search engines, such as a university’s library catalog of digital media or LexisNexis.

Amid those terabytes of data lurks a smaller set of sites that can be accessed with browsers such as TOR, short for The Onion Router, a browser that attempts to conceal the user’s location by routing web traffic randomly across the globe. Promises of anonymity and cover from law enforcement have made the Dark Web a haven for illegal activity. It is where many cyber crimes originate, and where you will find cyber criminals offering their services and software for sale alongside the fruits of their labors: credit cards, login credentials and personal information.

Why Are Businesses Monitoring the Dark Web?

Because a great deal of cyber crime originates on the Dark Web, monitoring is a tool that thwarts and reveals attacks. In some cases, it can be the first warning of a data breach.

Dark Web monitoring begins with a deep dive on selected data points. For businesses, this is most commonly the business name and the names of senior executives and managers. This creates a baseline of information that is known to be compromised, as well as intelligence on any discussions about the business or its leaders among cyber criminals. This information is provided to the business with notes on any areas of concern.

Once the baseline is established, the Dark Web is searched on a regular basis for new information. This may include

  • Mentions of the business or its leaders by cyber criminals, which can signal a pending attack
  • Solicitations to buy or sell information on the business or its leaders
  • Newly posted data, which may include compromised logins for systems, user accounts or personal accounts of the company’s leaders
  • Customer data, such as credit card numbers, exfiltrated from a company’s database

When new information is found, the business receives an immediate alert that can be used to prepare for or stop a cyber attack. In some cases, this is the first evidence of a data breach that compromises customer information.

Dark Web monitoring may also reveal what people are saying about a business and its employees, providing opportunities to repair reputational damage. It can also be used to prevent disgruntled former employees from selling stolen data online after their separation from a company.

How Can I Monitor the Dark Web?

Dark Web monitoring requires specialized software that can access and index the hundreds of thousands of hidden sites that criminals use to communicate. There is currently no free solution, and until recently, monitoring was an expensive service available only to large companies.

Protect Now is pleased to offer affordable small-business Dark Web monitoring that includes a full baseline examination of data about your business and employees, as well as regular updates on any new information that appears online. If someone adds to that information, attempts to buy or sell it or discusses using it, you will be notified immediately so that you can take action.

Online Dating Scams – You May Find Much More than Love Online, and It’s Not Good

These days, if you want to date, there are hundreds of online dating sites and apps out there, but instead of finding love, you may fall for one of online dating scams and lose a lot of money. Most people think that a person has to be “naïve” or “gullible” and the reality is you just need to be human and want to be loved. Sometimes our heart gets in the way of our mind and basic common sense.

What Are Online Dating Scams and How They Work

Online Dating Scams or romance scams are hot topics these days, especially after a report came out from the Federal Trade Commission that said people have lost more than $1 billion in romance scams over the past five years. In 2020, $304 million in losses was reported, and last year, victims of online dating scams lost $547 million.

These reports show that romance scammers are a dangerous breed. They find photos of attractive people or even take on the identity of someone else. Then they create a story and set out to find some victims. They can easily create a perfectly legitimate looking profile, but there is almost always a story about why they can’t meet in person once you get to know each other… they might work on an oil rig, or they are stationed overseas with the military.

Many people who have fallen victim to online dating scams report that they were contacted by these scammers on a dating site, but you really don’t have to be single and looking for them to contact you. They use everything from emails to direct messages on social media to start building a relationship, and many of these start right on Instagram or Facebook.

Romance Scammers Pray on Your Emotions

As master storytellers, cybercriminals involved in online dating scams create a tall tale to con others, and in the process, something always happens — their car breaks down and they need $700 for a repair… their child is sick, and they can’t pay the medical bills… they are a bit short on rent and will be homeless if they don’t pay up… and they come to their “online love” for the cash, but in reality, it’s all a lie. They also might create some sort of reason they need to move funds from one account to another or they have an inheritance that will pay for your lives together, but in order to get it, they need you to be a middleman. In reality, they may be using you to launder money.

You might think that there is no way you would fall for something like this, but millions do each year, and it’s easier to do than you might think. Let’s look at an example.

Finding Your Soulmate

Rebecca D’Antonio was looking for love on the popular dating app, OKCupid. There, she met the man of her dreams, a handsome widowed father from Australia who worked on an oil rig. Rebecca immediately fell for the Aussie, who said his name was Matthew, and they engaged in conversation for weeks before he started needing money for things. Believing him to be her long-distance boyfriend at this point, she was happy to help out when she could. Over time, she ended up sending him around $100,000.

Eventually, Rebecca caught on to the scam, but it was too late. She had to declare bankruptcy, and her life crumbled around her. She ended up confronting “Matthew,” and even explained that she had thought about suicide because she was so distraught about this, and “he” simply responded with “Well, you have to do what you have to do.”

Rebecca wasn’t the only one who fell for “Matthew’s” charms, and eventually, after report after report, it was found that he was actually a member of a Nigerian gang of cybercriminals.

Another well-known case of a romance scam is from the Netflix documentary, “The Tinder Swindler.” The movie is a profile of a man named Shimon Hayut, who went by the alias Simon Leviev. Over time, he was able to swindle people out of more than $10 million in online dating scams.

Look Out for the Lies

The good news is that there are some things that you can look for to determine if a person you meet on an online dating app could be a scammer.

First, most of the time, the person will say that they are not in the US, or they are travelling for an extended period of time. Many will say they work on an oil rig, that they are in the military, or that they are a doctor working overseas with a humanitarian organization.

Next, you should take note of any instances where they ask for money. They often will ask for money for the following reasons:

  • To pay for surgery or medical costs
  • To pay off gambling debts
  • To pay for travel expenses, i.e. a plane ticket
  • To pay for a visa or other travel documents
  • To pay for custom fees

Even if they ask for something that is not on this list, they may ask for a victim to send money in a certain way. For instance, they may want money wired to this, or they may ask for money in the form of gift cards or a reloadable debit card. They do this because they know that there is only a very small chance that they will be caught, and once these transactions are made, it is almost impossible to get your money back.

What to Do if You Think You are Talking to a Romance Scammer

If you think that you are talking to a person who may be a romance scammer, you should start taking steps immediately.

First, never, ever send money to them. If you already have, stop it immediately. Next, you should cut off communication with the person. Reach out to a person you trust, and then pay attention to what your friends and family have to say about this love interest. You should also consider doing some research about what the person told you. Did they say they were in the US Army and stationed overseas? Where? Is this a common scam when you search Google “US Army scammer”? Finally, you want to do a reverse image search of the photos they are sending you. Do they come up as someone else?

Reporting Online Dating Scams

If you believe that you are involved in a scam, you should report it to the FTC. You should also report the person’s profile to the site you met them on.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Apple Releases a New ‘Personal Safety User Guide’ to Help with AirTag Stalking

Over the years, Apple has attracted all types of users thanks to its relatively safe and secure devices and software when compared to other products. However, with the release of AirTags, this has changed a bit, as they can fairly easily be manipulated by people to track others. This has put a lot more focus on Apple products and safety, and it has ultimately led Apple to release a new Personal Safety User Guide, which was created to keep customers safe.

airtagMost of the suggestions and tips that are found in the guide aren’t things that are foreign to people who use Apple products, but there is a new section in the guide all about AirTags. In the guide, Apple explains the numerous features it has applied to AirTags, which were created to stop any unwanted tracking or stalking. It also shares information on what to do if there is an AirTag alert that doesn’t belong to them.

Apple has described this new guide as a resource for anyone who has concerns about harassment, abuse, or stalking through technology. Those who are experiencing this type of harassment or abuse can look at the guide and see step-by-step directions on how to remove access to their information as well as a guide on what they can do to improve their own safety. Though this guide doesn’t technically introduce any new features, it is a good start for people who are looking for a resource to help in these situations.

In this guide, Apple offers a full bulleted list of 13 different tasks that people can use to improve their security. The guide also shares three different checklists, which all provide directions to help people change their settings if they believe that someone might have access to their accounts. Additionally, there are tips on how to stop sharing information with other people.

Meanwhile, AirTags are being used by travelers to locate their lost luggage. Check out our post Be Aware of These Safe Travel Security Tips for more info.

When AirTags were first introduced, the main concern was that people could use the devices to stalk or follow and track other people. As more people have begun to use them, this has turned those concerns into a reality, as there are many reports of people using AirTags to follow others.

To help alleviate some of these issues, Apple introduced a new update that would make the AirTags beep if not near the owner’s phone for a set period of time. There is also a new app that Apple released, called Tracker Detect, which allows Android users to scan for these connections, too.

In addition to stalking, car thieves have also been using AirTags to track down, and eventually steal, expensive vehicles. There is also the fact that parents or partners can use the devices to track their children or significant others, which may bring up some moral issues.

Of course, not all AirTag use is bad. In fact, they can be very useful for things like finding your car in a crowded parking lot, finding your luggage when traveling, or even knowing where your pet is at any time. People also use these tags for much simpler things, like finding their keys in their apartment. Other people report using AirTags for good reasons, too, including tracking where their belongings are during a cross country move.

If you ever have concerns about being tracked with an unwanted AirTag, there are some things you can do to protect yourself. First, any AirTag that is not near its owner will cause an alert to appear on your Apple device. This tells you that an AirTag tracker is close by. They also put out a little alarm if they are away from the owner’s device for too long. Finally, if you are an Android user, you can also download and use the app Track Detect to make sure there are no AirTags nearby.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Your Accounts from Russian – or Any — Cyberattacks

No matter when you look at the news, there is probably a story about Russian hackers…and if there is not a story about hackers from Russia, there is likely a story about hackers from China or a place like Turkey. There is definitely a chance that any hacker or hacking group could launch an attack against the US, and the government has even briefed companies about what to do if they believe they are at risk.

hacker chest

Just because you are an individual, it doesn’t mean that you are not at risk of a cyberattack, just like a company is. You may be wondering how you can protect yourself, since this is the case. This is a great time to learn more about how to stay safe from cyberattacks – no matter where they come from.

Many cybersecurity threats are coming from what is known as a “Distributed Denial of Service” (DDOS) attack, which is often launched against a website or a financial network. Basically, the hackers push so much traffic to a network or site that it totally crashes, which disrupts business. At this point, the IT team has to focus on getting the network or site back up, which opens a window for a hacker to move in right under their noses.

These attacks can happen at any time, and they can be quite far reaching. Back in 2012, a group of Iranian activists attacked more than a dozen banks in the US, which disrupted all of their sites.

So, what can you do to make sure this doesn’t happen to you? Here are some tips:

In addition to below, check out our post: Russian Hackers: 14 Ways to Protect Yourself and Your Business

  • CASH, YES Cash: Try to keep a little cash available, especially if you are going out of town. This way, you will have money in case a banking network or ATM is not working due to a DDOS.
  • For every banking or financial account you have, make sure you have a strong and unique password. Don’t reuse any passwords, and do not use any social media password for any banking site.
  • Always watch your financial accounts for unusual activity. Check your bank account online or via phone at least once a week, and if you can, every day or two. If there is a problem, it is always best to find it as early as possible.
  • Russian hackers often try phishing scams on social media or via email in order to get access to corporate networks. Never, ever click a link in an email or on social media from someone you do not know. They also use text messages to try to get people to respond with information that will allow them into accounts. Even if it seems like it’s coming from a company you are familiar with or even do business with…confirm everything before you click or give information.
  • Sign up for email or text alerts for all of your financial accounts. This way, if there is a weird transaction, you will be notified immediately.
  • You should also consider signing up for multi-factor authentication for any financial account. When you do, and someone tried to sign into your account…even yourself…the bank or other company will send you a code to the email or phone number they have on file. Even if you put the correct username or password in, you cannot get into the account without that code.
  • Always update all of your apps and software on every device, including phones, tablets, and computers. To make it easy, set these updates to occur automatically, and then you don’t have to worry about it.
  • Don’t believe everything you see online. There are a lot of scams out there, and there is a lot of “news” out there that is not real nor correct. Use common sense before doing anything.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Be Aware of These Safe Travel Security Tips

Covid seems to be on the downswing (hopefully). Airlines are reporting record-breaking bookings. There are a number of travel security considerations to be made when traveling domestically and even more when internationally.

Rental Cars

Be Aware of These Safe Travel Security TipsIf you are planning an upcoming vacation or a business trip, you might be thinking about renting a car. “Smart Cars” are all the rage, and they connect to the internet. You get Bluetooth, navigation, hands-free calling, live-streaming, and much more. In fact, if you have a fairly new car, yourself, you probably already have some access to these features. You probably connect your devices to your car, too, so that you can stream music, text, make phone calls, etc. This is no issue because it’s your own car, and only you and your family are using it.

Now, think of this. You have your devices, you are on vacation, and you have a rental car. So, you connect, just as you do at home. But what you don’t realize is that your personal information is now on the car, and the next person who rents it might be able to access it.

I travel a lot, and I rent a lot of cars. There has not been one car that I can think of that hasn’t had information about previous renters in it, and that’s pretty scary. I could even access their address book information in some cases.

Even if all you want to do is listen to Pandora or something, connecting to the rental car might still store data onto the car, including where you are driving. This might not seem like a huge deal if you are on vacation, but what if you have a rental car at home? The person who rents the car next can access your home address, your workplace, where you shop, etc.

The vehicle can also store your phone number and your text logs, too. Again, this can get into the hands of the wrong people unless you know how to delete them.

As you can see, there is more to auto safety than simply putting on your seat belt and refraining from texting and driving. If you are connecting to a smart car, the person who drives it next could learn so much from you; information that you certainly don’t want people to know.

Do This, Not That 

Here are some tips you can use the next time you rent a car:

  • Don’t use the USB port on a rental car to charge your phone. It can transfer data to the car. Instead, buy a cheap adapter and use the cigarette lighter.
  • Check up on the permission settings of your devices. If the infotainment system allows you to choose what is sent, only give access to things that are necessary.
  • Before you turn the car on, make sure to delete your phone from the car’s system.

Will your identity get stolen as soon as you connect your phone to a smart rental car? Probably not, but by connecting it and not deleting the data, you could run into some security and privacy issues down the road, including identity theft. Be smart, and don’t put yourself in a situation where someone else might get access to your personal information.

Everything Else

Some thieves specialize in hanging around tourist spots to spot the tourists and make them victims of hands-on crimes such as purse snatching or a mugging. But don’t wait till you’re aimlessly wandering the piazza with your face buried in a huge map to take precautions against less violent forms of crime.

  1. Before traveling, make copies of your driver’s license, medical insurance card, etc., and give these to a trusted adult. Have another set of copies in your home. Scan them and email them to yourself.
  2. Never post your travel plans on social media until you return. You never know who’s reading about you.
  3. Before departing from home, make sure your credit card company and bank know of your travel plans.
  4. Clear your smartphone or other devices of personal data that’s not essential for your trip.
  5. Travel on a light wallet. Take two credit cards with you in case one is lost or stolen. Have with you the phone numbers for your bank and credit card company, just in case.
  6. Avoid using Wi-Fi in coffee houses, airports, and other public areas other than just catching up on the news. Use a VPN. Google it.
  7. When traveling internationally, read up on the safety of food and water and get whatever shots you may need.
  8. Never give your credit card number to the hotel staff (or at least, anyone identifying themselves as hotel staff) over the phone in your hotel room. The call could be coming from a thief posing as hotel staff telling you they need your number again.
  9. Never leave anything out in your hotel room that reveals personal information, such as a credit card receipt, passport, checkbook, medical insurance card, etc. If the room does not have a safe, then have these items on you at all times.
  10. Use only an ATM that’s inside a bank, never a free-standing one outdoors somewhere. Cover the keypad with your other hand as you enter the PIN to thwart ATM skimmers.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Wi-Fi Hackers Snoop on Your Phone and Laptop: Here’s How They Do It

Wi-Fi is inherently flawed. Wi-Fi was born convenient, not secure. It is likely that you have heard about how dangerous it is to use an unsecured public Wi-Fi connection, and one reason is because a scammer can easily snoop. It is easier than you might think for a person to hack into your device when it is connected to a public Wi-Fi connection. In some cases they may be able to read your emails and messages, access your passwords, or even get personal information like your bank account number.

wiIt’s possible that your router or any router you connect to has been hacked and you won’t know it. A known tactic called DNS (Domain Name Server) hacking or hijacking, skilled hackers, (both black-hat and white-hat) can crack the security of a business or your home Wi‑Fi resulting in a breach. From there, if they are savvy, they’d set up a spoofed website (like a bank, or ecommerce site) and redirect you there.  From here the goal is to collect login credentials or even monitor or spy on your transaction’s on any website.

Think about this too; you are sitting in a local coffee shop working on your laptop while connected to the shops Wi-Fi. Someone sitting near you could easily download a free wireless network analyzer, and with some inexpensive hardware and software (google “Wifi Pineapple”), they can see exactly what you are doing online…unless your device is protected. They can read emails that you are sending and receiving, and they can do the same with texts.

Using a Wi-Fi Hotspot Safely: Tips

 Knowing what can happen when you are connecting to a public Wi-Fi spot, you want to know how to use them securely. Here are some ideas:

  • Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. For example, if your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device may connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.
  • When setting up a wireless router, there are a few different security protocol options. The basics are WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP), was introduced in 1997.
  • Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Or “ATT WIFI” might be real, but a hacker might have “Free ATT WIFI” as a fake network. Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device. If you don’t know if a network is safe or not, feel free to ask.
  • This is a bit 101, but when you log into any website, make sure the connection is encrypted. The URL should start with HTTPS, not HTTP. Most sites today encrypt your session automatically.
  • Use a VPN when you connect to a public Wi-Fi connection. A VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a scammer can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account. VPNs are free to a monthly/annual fee or a lifetime license.
  • If you are using a private network, make sure that you understand that they, too, are vulnerable. Anyone who has some knowledge can use these networks for evil. Always use a secure connection, and seriously, consider a VPN.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Threats to Be Aware of If You Use a Gmail Account

If you have a Gmail account, you should be concerned. Why? Because there are millions of malicious emails that are sent to users of Gmail every day.

gmailNow while Google upsets many people for many reasons, they do a pretty good job at keeping your email account secure. And they provide a number of tools to accomplish that task. The problem is not usually Google, the problem is usually in the “seat” and that’s you buddy. All of you fools using the same password across multiple accounts are potential victims of “credential stuffing” and those of you using the same pass code across multiple accounts are just, well dumb. No offense. But really, it’s just stupid.

If you want to know if your email address and it’s associated password have been included in any of the 12+ billion stolen records we have access to, head over to my company’s website ProtectNowLLC.com and plug your email address and any associated passwords in to see if you have been breached. And don’t worry, we don’t have access to any of your data nor do we store your information.

If you want to engage in best practices regarding your Google account, head over to Googles Security Checkup and run through your security settings. You’re crazy (or lazy) if you don’t.

Google is pretty secure, though, and many of these scammy emails are stopped right in their tracks. However, not all of them are, and if you use a corporate Gmail account, you could be more at risk than others. Here are some statistics for you to take a look at:

  • Scammers send more than 4 times the number of malware emails to corporate Gmail accounts than they do to personal Gmail accounts.
  • Scammers send more than 6 times the number of phishing emails to corporate Gmail accounts than they do to personal Gmail accounts.
  • Scammers send more than 4 times the number of spam emails to corporate Gmail accounts than they do to personal Gmail accounts.

Focusing on Threats to Corporate Gmail Accounts

You may be shocked to know that scammers like to focus on certain Gmail corporate accounts than others. For instance, when you think of all the corporate email addresses out there, educational entities and non-profits are more than two times more likely to be attacked with malware than others.

Google is Doing Its Best to Stop the Scammers

Google is well aware of these threats, and it has taken some big steps to stop the hacks. First, the company has installed an email classifier, which has an almost 100 percent accuracy rate when detecting scammy emails. Google also can send alerts to people who want to visit websites that are known for phishing or malware.

On top of that, Google offers two-step verification when users want to access their accounts, and the company also uses a hosted S/MIME feature, which

is helping to ensure that content of any email is secure and safe when it’s sent.

Finally, Google uses a TLS encryption indicator, which, when used, means that only the person you send the email to can read it.

Identifying a Phishing Email

Though Google has done a great job at stopping these threats, you may still find them getting into your email box. Here are some tips:

  • Expect the Unexpected – Most of the phishing emails out there look remarkably like legitimate emails. Thoroughly examine any email before you download files or click on links.
  • See Who Sent It – If you don’t know the sender’s name, be cautious, especially if the email asks for account information, including passwords.
  • Don’t Click on Links – Additionally, you should make sure that you are not clicking on links that appear in emails. If you must go to the site, type the address into the browser manually.
  • Look at Grammar – You also want to take a look at the grammar in emails. A lot of typos or bad grammar is a sure sign of a scam.
  • Notice Threatening Language – Finally, if you notice any threats in the email, it is probably a scam. A great example of this is “your account has been compromised.”

This is definitely not a full list of scams, but it does give you a good idea of what you might be up against. If something looks like a scam, it probably is.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Are Your Devices Spying on You? Here’s How to Stop It

Though you might not realize it, your electronic devices are probably spying on you. These things, like your cell phone, know everything from what you are reading to where you are at any given time. How do they know it? Well, many times, you actually give the device and its apps permission to collect the information. . And while some of the following instructions are somewhat “limited”, setting up privacy requires a little bit of digging. So, dig in ! Here’s how to stop it:

Stop Your Laptop from Spying

Windows

Do you use Windows? If you do, you can limit what you share by going to “Settings” and clicking “Privacy.” Here, you can enable or disable settings for the apps you have on your laptop. You have to do this each time you install a new app.

Macs

Are you using a Mac? If so, you can definitely limit how much information you send to Apple by clicking on the Apple menu, choosing System Preferences, and then Security & Privacy. In the “Privacy” tab, you can see information on what apps can share. When you click “Analytics,” you can see more. Keep in mind that if you install a new app, you need to do this again.

Chromebook

Google is well known for its love of collecting data, so if you have a Chromebook, you should really pay attention. Go to “My Activity,” and then delete anything you want. You can also stop some of the devices data collection by choosing “Manage Your Google Activity,” and then clicking “Go to Activity Controls.”

Phones

As with laptops, you can do the same with a cell phone.

Android

If you own an Android phone, choose “Google,” and then choose “Personal Info & Privacy.” Then choose “Activity Controls.” There, you can choose what to share. As with the laptops, you have to update this each time you install a new app.

iOS

If you own an iPhone, you can find a Privacy setting when you look at the Settings menu. Open this, and then click on “Analytics.” This allows you to see what you are sharing with Apple. You can easily toggle it all off if you like. For every app, you can go back to the “Privacy” settings, and then check these settings for every app you have on your phone.

Fitness Trackers

You might be surprised to know that your fitness tracker could also be spying on you. Apps like FitBit and Strava are controlled through the Privacy and Settings options on your phone, but there is more you can do, too.

FitBit

On the FitBit app, you can tap on your profile, and then the account name. Tap on “Personal Stats,” and then “Settings” and “Privacy.”

Strava

On the Strava app, click on “Menu” or “More,” depending on what type of device you have. Then, choose “Settings” followed by “Privacy Controls.”

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Your Photos Are Displaying Your GPS Info!

During the holiday season, people are constantly posting family photos online, especially photos that contain kids. Sure, you think your kids are the most adorable out there, but do you really want the entire world to have access to these pictures? Do you want everyone to know where you live? …and did you know this? When you put photos like this online, pedophiles and predators can get your GPS coordinates.

You might want to put up a photo of your kids and dog opening their gifts on Christmas morning or you and your spouse toasting the New Year, but creeps can easily access the exact location each of these photos were taken, and it’s easier to do than you might think.

How is something like this possible? Each time you take a photo with a digital camera or a smart phone, it creates data called EXIF, of “exchangeable image file format.” This data essentially geotags your photo with the GPS coordinates of where you took the image.

If you remove this data, however, the bad guys can’t see where you are located. However, you have to do this for each and every new photo you want to post online.

How to Remove the EXIF Data

Here are the steps that you should take to remove the EXIF data:

 iPhone:

  1. Locate the picture on your iPhone.
  2. Open it, and tap the Share button.
  3. Tap on Options and in the next pane (up top), toggle off Location and/or All Photos Data.

Android:

From Google Play download the free app Photo Metadata Remover

Windows:

  1. First, right click on the image.
  2. Choose “Properties” to see the data, which should include the time and date that the image was taken.
  3. Click “Details.”
  4. Click “Remove Properties and Personal Information.” This is where you delete the EXIF data.
  5. You might be confused because you don’t see longitude and latitude here, but rest assured, it’s there. All you have to do to see it is to download an EXIF reader.
  6. You can make a copy of the image, which will remove data, or you can manually delete the data.

Mac

Download and run ImageOptim software for Mac

Remember, you have to delete this before you post the photo on the internet. You also might want to consider going back and doing this for all of the photos you have posted.

Obviously, doing this before you post a photo is the easiest way to go about protecting your information, and it will make you much more selective on what you put on social media, as you probably don’t want to have to go through these steps each and every time you post.

Here are some additional tips:

  • Turn off the GPS option on your camera
  • Check out the privacy settings on your social media accounts. Who can see it? Can a stranger?
  • Also, remember, that if you post on one network, like Instagram, the photo might also appear on another network, like Facebook, which has different settings.

This is one of those things that people just don’t even realize is happening. Don’t worry but do something about it now. If you have a lot of photos online, you might be panicking. It’s probably okay, but make sure you change your habits going forward. Also, if you know anyone who posts a lot of personal photos online, make sure they know about this, too.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

How to Protect Your Email from Hackers

It is easier than you might think to secure your email from hackers. The number one thing you can do is set up two step verification. Even if your username and password is compromised, bad guys will still need your mobile phone to access your account. And of course, never ever click on any links that come through your email unless you are positive it’s coming from a trusted sender. Not clicking on those links is easier said, than done, and even though is sometimes not enough.

Hackers have a saying – “Own the email, and you’ll own the person.” If you get hacked, the scammers will now have access to many, if not all, of the accounts that are associated with your email address.

How do they get access? Well, they send phishing emails, which look very much like real messages from a source you trust like UPS, PayPal, the IRS, your bank, a friend, your mom, etc.

Even people who seem smart or those who are in leadership positions can get tricked into clicking links in emails. Even John Podesta, who was the campaign chairman when Hillary Clinton, fell for a hack like this. He clicked on a link that seemed like it was from Google, but really it was a hacker…and that hacker got into his entire email account.

Don’t Let a Hacker Get Into Your Email Account

If you see a link and you want to or are supposed to click it, there are a few things you should do:

  • Hover your mouse over the URL to see if it looks strange. If the email says it’s coming from Chase Bank, but the URL looks like a bunch of nonsense, it’s probably not safe to click.
  • Many times, however, the URL can look very legitimate. So, you want to look for some other signs.
  • Look at the email for things like misspellings, grammar mistakes, or other odd things.
  • When in doubt, contact the sender via telephone

Additional Tips

  • If you see some type of urgency in the email, such as your account being compromised or your account being suspended, don’t be so quick to click.
  • There might also be some good, unexpected news in the email that you want to click…but again, be smart and only click if you are absolutely sure.
  • Is the message telling you that you must re-set your password? Be careful here. It’s likely a scam.

Emails from UPS, the IRS, PayPal, a major retailer, or your bank could also be suspicious, so again, don’t click until you are totally sure the link is safe.

Tips for Protecting Your Account

Here are some final tips that you can use to protect your account:

  • Employers need to engage security awareness training in the form of phishing simulation training.
  • Use strong passwords that are long and difficult to guess. They should be mixed with letters, numbers, and symbols.
  • Use two-factor authentication for all accounts, including your email account.
  • Don’t click on attachments unless you know exactly what they are.

When you really think about it, protecting your email account is one of the most important things that you can do to keep your information safe. Everything here is simple to do and understand, and it can make a big difference in your life, especially when you consider how easy it is to get hacked.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.