10 Tips to Stay Safe Online

Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks.

4HJust like there are dangers in the ocean, there are many dangers lurking on the Internet. And a savvy web surfer and searcher knows that there’s ways to protect themselves. Here are some tips to keep you safe while you surf the internet.

  1. Know the scams. Read articles and blogs, follow the news, and share this so you can  learn about different kinds of scams and what you can do to avoid them and also help your friends.
  2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
  3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.  McAfee SiteAdvisor is a free download and protects you from going to risky sites
  4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
  5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to www.passwordday.org
  6. Protect your info. Keep your guard up. Back up all of your  data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
  7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected. For more information on how to protect your Wi-Fi connection, click here.
  8. Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing McAfee LiveSafe™ service which has a much better firewall than the one that comes built into your operating system.
  9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans
  10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from some hungry cyber-shark.

These are the basics to help you stay safe online. To stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

USB Drives – With Convenience Comes Risk

I’m sure most of us have used a USB drive (or thumb drive) at one point or another. They are super convenient to transfer files, especially when they are too large for email or you don’t have access to an Internet connection.

2DBut it’s this same convenience of being portable, readily available, and inexpensive that make them a prime target for cybercriminals. There’s a number of ways that these devices can fall victim to the underworld.

Because USB drives are primarily used to share and transfer files, it’s an easy target for hackers who are looking to distribute malware. And because most USB drives are set to auto-run (meaning that when you plug it into your computer, it will automatically open up the drive), the malicious software could be automatically transferred to your computer as soon as you plug this in. So once they get you to copy an infected file to the USB drive, it’s easily spread to other computers every time the USB drive is plugged in.

While their small size and portability make them easy to carry in your pocket or pretty much anywhere, it also makes them susceptible to loss or theft. Depending on what type of information is stored on here, losing this device could expose your personal information. A USB drive could easily be misplaced, dropped or taken from a table so it’s important to be careful when using these devices.

Another thing to keep in mind is that files aren’t really deleted, even if you hit the “delete” button to take something off your USB drive. In this case “delete” really means “hide” so unless you run a “wipe” program to really get rid of the files, someone could still retrieve your data, so you still need to make sure you are careful with these devices.

So here’s some tips how can you ensure that you stay safe and protect your information when using USB drives:

  • Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
  • Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
  • Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
  • Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Remember just as with being online, we need to make sure our conveniences don’t expose us to risk.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Online Tax Time Scams: How to Avoid

Filing your taxes online is convenient but also comes with some potential security problems. My job as an expert in all things online-security is to spell out what these online tax scam risks are and how to avoid them. As you get ready to file your taxes this year, here are some things you should know about.

9DThere were billions of fraudulent refunds that the IRS discovered for just 2012. Both consumers and business owners (small to medium) are being targeted by hackers during tax time. Following are tax time scams that are related to online filing:

  • Phishing: If you get an unsolicited email that seems to be from the IRS or similar, requesting personal information (especially bank account information, passwords or PINs) or claiming you’re being audited, it’s time to smell a big rotting phish. The IRS will never contact you via email, text message or social media. Make sure you don’t click on any links or open or download any attachments if you even suspect that the message is fake. Report any time of phishing to phishing@irs.gov.
  • The fake IRS agent: Crooks will pose as IRS agents and contact you by email or phone. They’ll already have a few details about you, probably lifted off your Facebook page, using this information to convince you they’re the real deal. If you sense a scam, go to IRS.gov/phishing.
  • The rogue tax preparer: It’s best to use a reputable tax return service, rather than an independent-type preparer. After all, some of these preparers have been known to charge extra high fees for getting you a bigger return, or steal some of your refund.

Additional Tips for Online Tax Time Scam Protection

  • Protect your data. From the moment they arrive in your mailbox, your personal information (financial institution numbers, investment records, Social Security numbers, etc.) must be secured. Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact and are sure of the recipient.
  • Chuck the papers. Opt for electronic statements to be received via email to eliminate paper statements coming into your mail box where thieves could get at them.
  • Check and monitor your statements. To ensure that you’re not a victim, the best thing to do is to monitor you monthly bank statements and do a credit report at least once a year.
  • Use a clean machine. Make sure that the computer you use is not infected or compromised. The operating system and browser should be updated. It should have comprehensive, up to date security software, like McAfee LiveSafe™ service, which protects all your devices, you data and your identity.

If you’re vigilant and follow these guidelines and you won’t have to deal with online (or offline) tax time scams. You can also watch this video from the IRS.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

What is a Denial-of-Service Attack?

You may have heard news reports about popular websites such as CNN, Amazon and Yahoo! being taken down by a DoS attack, but have you ever wondered what DoS means?

3DThis common tech term stands for “denial-of-service,” where an attacker attempts to prevent legitimate users from accessing a website entirely or slowing it down to the point of being unusable.  The most common and obvious type of DoS attack occurs when an attacker “floods” a network with useless information.

When you type a URL for a particular website into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying access to legitimate users.

A distributed denial-of-service (DDos) attack is one where a site is attacked, but not by just one person or machine. DDos are attacks on a site by two or more persons or machines. These attacks are usually done by cybercriminals using botnets (remote computers that are under their control), to bombard the site with requests. Cybercriminals create botnets by infecting a collection of computers—sometimes hundreds or thousands—with malware that gives them control of the machines, allowing them to stage their attack.

There is also an unintentional DoS where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site’s regular users–potentially hundreds of thousands of people—click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. When Michael Jackson died in 2009, websites such as Google and Twitter slowed down or even crashed.1

While this can be an inconvenience to you, as you may not be able to complete transactions or access your banking site, there’s no real danger for you. But unbeknownst to you, your computer or mobile device could be part of the botnet that is causing a DDos attack.

To make sure you’re not part of a DDos attack:

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use

“Web slows after Jackson’s death”BBC News

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Will The Rise Of Tablets Affect Security Measures In The Workplace?

With unit sales of smartphones and tablets eclipsing those of desktop and notebook PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues in the workplace.

The issues of “BYOD” or Bring Your Own Device to work is plaguing IT managers everywhere. While your company’s IT guy has a relative hold on all the work laptops and desktops, and even some of the mobiles, he is quickly losing control when you bring your new Droid and connect it to the corporate network.  Now he has to worry if that last app you downloaded will infect the network when you plug your device into the company’s PC to update or sync something.

A study by ESET/Harris Interactive shows less than 10% of people using their own tablets for work auto lock them and people were more security-savvy about their smartphones, with 25% using autolock.

McAfee Labs™ points out today’s tablets are more powerful than notebooks were just a few years ago. Although their lack of real keyboards makes them unsuitable for many tasks (editing texts, programming, and design), they are very suitable for browsing the Web, which today is a primary source of malware.

Tablets mainly differ in the size of the screen of a mobile phone, but they share the same software, operating systems, and processors so their security concerns are nearly identical. About the only difference is that some tablets can use USB devices, which increases the attack surface of such devices.

And because like our mobile phone, tablets tend to be portable and one of our most personal computing devices, you need to take steps to protect it. Many of the best practices you use on your computer can be transferred to your tablet.

To help ensure that your tablet is protected, you should:

  • Always password protect your device and set it to auto-lock after a certain period of time to increase your mobile security
  • Never leave your tablet unattended in a public place
  • Don’t click on links on emails and text messages from people you don’t know
  • Even if you know the company or person, use a browser to search for a link or use the company’s official app to navigate to the site
  • Always double-check the web address of a site when doing a search on your mobile phone.
  • If you use online banking and shopping sites, always log out and don’t select the “remember me” function
  • Before downloading a third-party app, check other users’ reviews to see if it is safe, and read the app’s privacy policy to make sure that it is not sharing your personal information

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Holiday Shopping: Beware of Unethical Online Merchants

We have all encountered a sales clerk who was rude, a customer service representative who was incompetent and an online purchase that went south. Even I’ve been scammed out of an entire order and spent dozens of hours trying to get a return on another.

But when it comes to outrageous and shocking, including threats of violence and outright fraud, this story takes the cake.  An online merchant based in Brooklyn New York retailing designer sunglasses, some counterfeit and some real, thrives on bad customer service, over charging, making threats, stalking and abusing clients into giving up the fight over what’s right.

The merchant prides himself on getting negative feedback on consumer advocacy and review sites such as Get Satisfaction, ComplaintsBoard.comConsumerAffairs.com, RipoffReport.com, Yelp and Epinions.

He thrives on – for example “DO NOT ORDER ANYTHING FROM THIS COMPANY. This has been the most horrific experience EVER. I have extensive knowledge of website management and customer service, and they pretty much break every rule imagined. They are a total scam

The strategy of negativity gets this merchants website ranked high on search when listed with all the different opinion sites. Google and other search engines often rank a website to show on the first page of search based on how many links point to it from other prominent sites. So even though all the negative links are pointing to the unethical site from opinion sites, it still ranks on the first page of search helping its sales.

Beware of making purchases on any website based on how they rank in search. Even a first page organic hit can lead to a scammy company.

Learn from others bad experiences. ALWAYS search “Name Of Company” in Google before you make a purchase. The review sites almost always show on the first page of search when “Name Of Company” has been blacklisted.

More on THIS STORY.

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Researcher Proves Your Friend Isn’t Your Friend

I’ve said numerous times that there’s too much trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. Apparently, they see no reason to distrust. Generally, your “friends” are people who you “know, like and trust.” In this world, your guard is as down as it will ever be. You can be in the safety of your own home or office, hanging with people from all over the world, in big cities and little towns, and never feel that you have to watch your back.

Computerworld reports, “Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named ‘Robin Sage,’ whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.”

Apparently, one of the easiest ways to gain acceptance as a trusted colleague is to be an attractive woman. I recently wrote about “Sandra Appiah,” a curvy lady who sent me a friend request. She had already friended two of my buddies, who accepted because they already had two friends in common. She had posted questionable photos of herself. Red flag? But my buds didn’t seem to see it the way I did.

The security researcher set up profiles on Facebook, LinkedIn and Twitter. “Then he established connections with some 300 men and women from the U.S. military, intelligence agencies, information security companies and government contractors.”

Steve Stasiukonis, another ethical hacker, took it to the next level. He used a similar technique and, with permission, infiltrated a company’s network to test their security. By creating a group on Facebook, he was able to access employees’ profiles.

He set up his own employee persona with a fake company badge, business cards, a shirt embroidered with the company logo, and a laptop. “Upon entering the building, he was immediately greeted by reception. Then displayed fake credentials and immediately began ranting about the perils of his journey and how important it was for him to get a place to check his email and use a restroom. Within in seconds, he was provided a place to sit, connection to the Internet, and a 24×7 card access key to the building.”

Social media can and is being used as a smokescreen. The idea behind social media is that we are social creatures that thrive in community and want to connect. The problem is that this ideal is based on the mindset that we are all sheep and there are no wolves.

When mama told you to not talk to strangers, there was wisdom in that advice. When you friend people who you don’t know, you are friending a stranger and going against moms advice.

Robert Siciliano, personal security and identity theft expert contributor to Just Ask Gemalto, discusses hackers hacking social media on Fox Boston. (Disclosures)

Privacy Laws for Kids Online

Numerous privacy groups are urging the FTC to update its Children’s Online Privacy Protection Act of 1998. The primary goal of the Children’s Online Privacy Protection Act, or COPPA, is to give parents control over what information is collected from their children online and how such information may be used.

Jeff Chester, Executive Director of the Center for Digital Democracy said, “The Commission should enact new rules for COPPA that draw upon its current investigations into behavioral marketing and other current digital advertising practices. It’s time for the FTC to do a better job of protecting the privacy of children online.”

The Internet today isn’t what is was in 1998. Back in the day, when dial up – the online equivalent of a horse and buggy – was the only means of getting around, the risks weren’t as great as they are now. The speed of technology has outpaced the security of information and the learning curve of users. Over time, many web operators conveniently forget the rules, chose to do things their own way, and then apologize when they are accused of doing something wrong.

The original COPPA was designed around websites that sell merchandise. Today, we have social media, Second Life, online gaming sites, and smartphones that can access the Internet anywhere, anytime.

The report states, “several start-ups…are experimenting with ways to use cell phones to bridge the digital and physical worlds and turn the tasks of everyday life, like buying coffee and running errands, into a game.” Many major companies are taking advantage of these applications for promotional purposes. A major fast food chain, for example, offers a soda and sandwich to people who “check in” three times. This company is also able to “use the data they collect from people’s cell phones to learn more about who their customers are and how they behave.”

Geolocation could pose a privacy threat. Information collected through geolocation is particularly sensitive, since it can allow a child to be physically contacted wherever he or she is, at any time. Parents need to be aware if there is misuse.

The descriptively named website PleaseRobMe.com aggregates real time location information that users have voluntarily shared on Twitter in order to bring attention to the potential problems with this type of sharing.

The risks are magnified for children, who will often fail to comprehend the significance of sharing personal information. And when a child’s location is collected automatically, neither the parent nor the child is aware that this information is being shared, nor are they given the opportunity to consent or refuse to consent to such data collection.

Kids are plugged in all day, which means it’s imperative that parents understand how these technologies are slowly infiltrating children’s’ lives in ways that we couldn’t possibly have imagined a decade ago. Hopefully, more transparency and oversight of the wild, wild web will keep new technologies in check, and your kids more secure. A great site to help educate you and your kids is www.WiredKids.org.

Robert Siciliano, personal security expert adviser to Just Ask Gemalto, discusses child predators online on Fox News. Disclosures

Keeping Kids Safe Online

It is no surprise that cybercriminals are taking advantage of the Internet and the people who use it. The Internet is like a bad neighborhood with bad guys around every corner. Any parent with an ounce of sensibility should recognize that when your child is on the wild wild web, they are at the same risk as they would be walking through the red light district in any big city.

I’m not saying this because I want to instill fear and panic, I’m bringing this up because sex offenders, pedophiles, criminal hackers and identity thieves treat the online world as if it was the physical world and use the anonymity of the web and the easiness of approach to seduce your children into doing things they wouldn’t normally do.

The Secret Online Lives of Teens, a survey conducted by McAfee, reveals that tweens and teens are relatively clueless about online privacy. The study sheds light on this generation’s tendency to use the Internet in ways that translate to danger in the real world.

There always has, is, and will be a predatory element out there. Generally, most people don’t want to think about that or even admit that it’s true. Instead of acknowledging the risks, most people completely discount this reality, telling themselves, “It can’t happen to me or my kids.”

The good news is you can do something about it. As soon as a family member becomes active online, it’s time to educate them—no matter what age they are—about cyber safety.

  • Set up the computer in a high-traffic family area and limit the number of hours your children spend on it.
  • Be sure you have computer security software with parental controls.
  • Decide exactly what is okay and what is not okay with regard to the kinds of web sites that are appropriate to visit
  • Use only appropriate monitored chat rooms
  • Never log in with user names that reveal true identity or that are provocative
  • Never reveal your passwords
  • Never reveal phone numbers or addresses
  • Never post information that reveals your identity
  • Never post inappropriate photos or ones that may reveal your identity (for example: city or school names on shirts)
  • Never share any information with strangers met online
  • Never meet face-to-face with strangers met online
  • Never open attachments from strangers

Once you have established the rules, make a poster listing them, and put it next to the computer.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security and Identity Theft on TBS Movie and a Makeover. Disclosures.

Phishing Scam: Using the U.S. General Commander in Iraq as Phish Food

Fishing of course is the sport of tossing a tasty wormy baited hook connected to a fishing line and patiently waiting for a fish to take the bait.

Phishing is the sport of tossing a wormy baited tasty lie connected to a wormy human and the degenerate patiently waits for a naïve victim to take the bait.

A phisher can send thousands of phish emails a day and eventually someone will get hooked.

Phishing is a $9 billion business. Unlike the ongoing depleting of the oceans fisheries, there are PLENTY of people out there to phish. Many of them today are from developing nations like India and China who are just getting a broadband connection to the internet and are considered fresh meat to the bad guy.

The New York Times reports “if you get an Internet appeal from Gen. Ray Odierno, the senior American commander in Iraq, asking you to pay lots of money to get your son or daughter out of combat duty, don’t believe it. And certainly don’t send the $200,000. General Odierno acknowledged that he is but one more victim of a social networking scheme offering a big — but fake — benefit, if you send big amounts of real money.

“I’ve had several scam artists on Facebook use my Facebook page and then go out asking people for all kinds of money: ‘If you pay $200,000, your son can get sent home early,’” General Odierno said at a Pentagon news conference.

Criminals may seek out military families and target them one by one or send a blast to thousands at a time and use a ruse that pulls at the heart strings of unsuspecting families who simply want their loved-one back home.

The General posted a large warning on his social networking site. “I have this big thing on my Facebook that says, If anybody asks you for money in my name, don’t believe it,” he said. “But it’s a problem.”

Frankly, I don’t like the idea of an American General having a Facebook page. It weird’s me out. Hopefully the high commander isn’t uploading pictures of himself doing shots of tequila while driving a tank.

My guess is there is someone out there who has the money and is probably acutely unaware of this type of scam, then is probably capable of getting hooked.  But more than likely nobody will cough up $200,000. But the scammers know to start high and they will go low. They will take a $1000.00 when it comes down to it. But they also know that people won’t argue with a General and nobody will “discount” the value of their loved-ones life. So overall it’s a pretty good scam. Just don’t take the bait.

Robert Siciliano personal security expert to ADT Home Security Source discussing Facebook scams on CNN. Disclosures.