Time to tighten up Google Privacy Settings

There is good news for the tech-unsavvy out there: Google has made their privacy settings easier to work with. This day has not come a moment too soon. “My Account” is Google’s new dashboard.

ggWhen you use any Google account, the giant company collects information on you. The new dashboard will reveal what information this is. My Account also has other privacy related features; check it out first chance that you get. It has the following three sections.

Security

  • If you get locked out of your Google account, Google will contact you via the phone number and e-mail address you’ll see in this section, and you can change them, too.
  • You can look over a list of apps, websites and more that have access to your Google account info. You can place restrictions on permissions.
  • Lists devices that have connected to your Google account.
  • You can change your password.

Privacy

  • Google collects information on you including what you watch on YouTube; this section reveals which information on you is saved.
  • This section controls what phone numbers people can reach you on Hangouts.
  • Additionally you can adjust your public likes and subscriptions on YouTube.
  • Third, you can alter the information that you share on Google+.

Account Preferences

  • Here you can select the language for your Google accounts.
  • Here you can delete your entire account or some of it.
  • You can adjust the accessibility features.

Think of how great it would be to view a list of all the information that Google has collected from your computer, tablet or smartphone…and then delete whichever items you choose. You now no longer have to use the excuse, “It’s too techy for me,” to avoid delving into the privacy settings and making adjustments to your liking. You have a right to know what Google gets on you and what everyone else on the planet can see, too.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Catphishing is a Heartless Scam

When someone online presents as a different person than their true self, this is called catphishing, and it occurs on online dating sites.
heartbleed

  • Google the name of the object of your interest. Obviously, “Kelly Smith” and “John Miller” won’t get you far, but “Jaycina McArthur” just might. What comes up?
  • See if they have social media accounts, as these suggest they’re a real person. But the absence doesn’t prove they’re a phony, either. Not every legitimate person is into the social media thing.

Here are warning signs:

  • More than one profile on a social media site.
  • Few friends or followers on social media (but then again…this doesn’t prove they’re a catphisher. Remember, Hitler had a million followers, and Christ had only 12!).
  • Photos don’t include other people.
  • Photos are headshots rather than of activities.
  • They find a way to contact you other than through the matchmaking service.
  • They quickly show neediness and request money.
  • They quickly proclaim “you’re the one” despite never having met you in person.

Additional Steps

  • Right click their photos to see where else they are online. Is it them on other sites or some model’s or real estate agent’s picture?
  • Copy and paste excerpts from their profiles and see if they show up elsewhere.
  • It may seem counterintuitive, but if you’re interested, ask for a face-to-face correspondence early on in the relationship (like a week or so into it) so that you don’t waste time getting dragged down by what ultimately turns out to be a catphisher.
  • If the person doesn’t use Skype, ask for a local meeting in a crowded public spot (assuming it’s a local person).
  • If they back down from a face-to-face meeting, be suspicious. They’re not necessarily after your money, but that 6-2, 180pound stud might actually be a 5-7, 240 pound guy who’s 10 years older than what his profile says.
  • Don’t reveal private information like where you work. Make sure there’s nothing revealing about your location on your social media profiles. A catphisher will want this information.
  • Be highly suspicious of someone who wants to know a heck of a lot about you—like if your parents live in town, what kind of home you live in, how much you earn, etc.

Trust your gut. If he or she sounds too perfect, they’re probably fakes.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to prevent being tracked

You worry about being hacked, but what about being tracked? Yes, there are hackers and then there are trackers.

8DInternet tracking namely refers to the user’s browsing habits being followed. But there are ways to make the trackers harder to tag behind you.

  • Duhh, a fake name. What an innovative idea! It’s amazing how many people have their real name splashed all over cyberspace. Sure, you should use it for LinkedIn, and also Facebook if you want your childhood classmates to find you. But do you really need to use it for accounts like Disqus that allow you to post comments to articles? If you want to provide feedback to a site, must you use your real full name?
  • Use a virtual private network (VPN), as this will mask your IP address and others from tracking you. A VPN will encrypt your activities on open WiFi too. Hotspot Shield is a VPN provider; it’s compatible with iOS, Android, Mac and PC.
  • Now you may think, “What’s so bad about being tracked? So what if cookies know I keep clicking on all the Miley Cyrus articles?” Well true, so what.
  • But what if cookies also find that you’ve been clicking on an awful lot of articles about heavy weight training? You’ve been doing research for an article you want to write for your latest magazine assignment or maybe your son is interested in weightlifting. What if this timeline coincides with when you’re suing someone for smashing into your car while you were in it, causing back injury? The defendant’s attorney may uncover you’ve been researching heavy weight training, and this doesn’t look good for someone claiming a bad back.
  • Before you begin browsing, make sure you’re logged out of social networks. This means finding the “logout” or “sign-out” tab and clicking its options, rather than just closing out the site tab. Otherwise, more tracking.
  • Make sure your cookies are cleared before and after browsing.
  • If you use Twitter, go to the basic account settings to a box called “Tailor Twitter based on my recent website visits,” and make sure it’s unchecked.
  • Have JavaScript blocked when filling out forms. An extension called NoScript will block companies from using JavaScript for tracking you when you fill out their forms. However, think hard before you do this, because there are so many additional uses for JavaScript, and if you have a browser add-on that blocks it, it will probably slow loading times. Techy people will know how to set up the add-on so that it blocks JavaScript only for certain companies.
  • Disposable e-mail address. You can be tracked with your e-mail address—unless it’s a disposable one. Some services provide addresses that dissipate after a few minutes, while others provide addresses for longer use. Your e-mail carrier may also provide the option of creating additional e-mail addresses by adding characters to your name in the primary e-mail, so that these additional e-mails can be used and forwarded to the original.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Tips to being anonymous Online

One of mankind’s greatest inventions (besides the wheel) is the Internet.

10DUnfortunately, with this marvelous invention comes the drawback of privacy—or shall we say, lack of.

The Internet is a wonderful tool, but users must fight to remain as anonymous as possible, because getting too much of yourself “out there” could lead to trouble. In fact, it’s a big business all in itself: tracking users’ data and selling it to advertisers. Now this may sound rather benign, because no matter how much or how little of you is “out there,” you’re always going to see ads anyways.

But it’s the idea that other entities are tracking you, and also the idea that you don’t know who. All the time, information about you is being swooped up without your knowledge.

  • IP tracking. The “IP address” of your computer stands for Internet protocol. The IP address is issued by your Internet service provider and is unique to every user. An IP address can be tracked, revealing the user’s home address. Law enforcement will track an IP address of, for example, someone making threats via e-mail to bomb a school.
  • ISPs insist they don’t track IP addresses. But there are cases that make this hard to believe, such as when someone downloads a copy of a new movie. Not long after, they get a letter warning they’ve violated copyright law. This means their browsing habits were shared with a private company.
  • Cookies. Visit a site. It has cookies or data pieces that will record that you visited it. This is why when you visit the site again a week later, you’re automatically taken to the page you were last on. Cookies can also build a pattern of your web habits, so that before you know it, ads are popping up everywhere relating to sites you’ve visited.
  • Social media. Sites like Facebook will track your browsing habits with cookies, leading to the targeted advertising.

So how can you remain as anonymous as possible?

  • Open new links in an incognito window. When you right-click, a selection box will appear; choose “open in incognito window.” The incognito window means you will not leave behind cookies or browsing history. However, this doesn’t mean you’ll be the Invisible Man. But at least it’s a way of cutting down on how much of your browsing habits are revealed and shared.
  • You can download Hotspot Shield. It will put a stop to third-party tracking and encrypt data that you share with sites. You may also want it even more for its ability to mask your IP address. There is a free version and a premium version that costs $29 bucks.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to keep a Clean Online Presence

At any given time, someone, somewhere, is probably googling you. This could be a former classmate, a neighbor, someone you’re trying to do business with, a relative, who knows?

1PAre you confident that whatever they find will be information that’s truly representative of you? Maybe if you have a really common name, it may be lost in cyber muddle, but the more unusual your name is (or how the first name is spelled), the easier it will be to find you. If you want a clean online presence, there are things you can do.

  • Search yourself on Facebook, Twitter, LinkedIn, etc.
  • Google yourself and see what comes up within the first two pages of results. Make sure you’re logged out of Google or other browser you’re searching on. The results can be different vs being logged in.
  • Log back in and search your name again to see how the results look.

But how do you get rid of negative information and make yourself look better?

If you’re the creator of negative information, it’s a cinch. Just go into your Facebook account or wherever the unflattering information is, and delete it. Also adjust the settings for privacy, such as limiting post or image visibility to select visitors.

  • Search engines. Ask the search engine to remove the page result. For Google go here. For Bing go here.
  • Google+. Hide what you don’t want others to see. Check out the privacy settings.
  • LinkedIn. Make sure your profile is updated.
  • Twitter. Make the account private to prevent retweets. If you’re new to Twitter, think very carefully before you tweet, as tweets really do get around.
  • In addition to these tactics, try online reputation management firms. They aren’t cheap, but they work, mostly.
  • Go through all of your account profiles and upgrade them. Make them crisp, clear and free of fluff or anything that doesn’t flatter you. Add information that makes you more impressive. And use a good photo for your profile or avatar. Really, some Facebook profile pictures are ridiculous and unflattering, some not even making any sense.
  • Replace racy or otherwise negative images of you with more respectable ones. Or just delete them, period, like endless selfies that shout, “Ooh, look at me in this one!”
  • Be very careful what photos you put up on Facebook and Instagram. If you’re soliciting for donations, don’t have a photo of you eating lobster.
  • Sign up with a nameplate site like about.me, seelio or flavors.me where you can say good things about yourself and list your skills.
  • Get your own domain, even if you think your name is taken (use a variation), then use a reliable hosting company and put up your work.
  • Link all of these accounts so that visitors to one will be driven to the others.
  • Sign up with services to show your skills such as YouTube and Vimeo. See what’s out there for your various talents (e.g., Flickr for photographers).
  • Follow the cardinal rule: Don’t put anything in cyberspace that you wouldn’t want to reveal to 50,000 people at the coliseum.
  • Oh, drinking and posting don’t mix. Just don’t. Stop it. Really.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is the Cloud?

You’ve probably heard of people storing information in “the cloud,” but what does that really mean, and is it safe to put your data there?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294The cloud is best described as a network of servers offering different functions. Some servers allow you to store and access data, while others provide an online service. You may be familiar with “cloud services” offered by companies such as Google and Adobe.

The term “cloud” comes from cloud computing, which is essentially using a group of computer resources to maximize their effectiveness.

The cloud is now comprised of millions of servers worldwide, and chances are you access it on a regular basis. For instance, you may have uploaded a picture from your smartphone to Instagram, which stores images in the cloud, or you could be using cloud storage service.

Because the cloud allows you to upload and access data and services from any Internet-connected device, it’s certainly convenient, but that doesn’t mean that it’s always safe.

Many worry about hackers getting into clouds, especially ones in which the services do not offer two-factor authentication. (This is when you need two different components to gain access to an account, such a something you know, like a password, and something you have, like a unique fingerprint.) Another potential vulnerability is that hackers might intercept data as it’s being sent to the cloud, especially if that data isn’t encrypted, or scrambled, to keep it from being read by unauthorized third parties.

Cloud customers must have faith that the service provider is doing all it can protect their prized data.

Not all cloud providers operate the same way, with the same security, but there are minimum standards, which they must meet. It’s important to know about the different levels of security, so you can make the right choices about your service providers.

A few cloud service providers:

  • Windows Live
  • iCloud
  • Google
  • Amazon Cloud Drive
  • Dropbox

Lots of storage can be obtained for free. Rates vary and getting cheaper by the day.

Cloud providers have everything to lose and nothing to gain be being insecure. It is well known that poor security can damage a brand. However, cloud security generally begins with the user and not the cloud itself. If your devices are old, outdated, poorly utilized, or don’t have the proper security, you could be the weak link.

So, make sure that your devices and security software are up-to-date and look for cloud providers that offer advanced security options such as encryption and two-factor authentication. And, if you really want your sensitive information to stay secure (such as tax returns and other financial and personal information), you might consider saving those files on a backup hard drive rather than putting it in the cloud.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

The most horrible Craigslist Killing ever

Beware. This is tough to read. An expectant woman had spotted an ad on Craigslist asking for baby clothes, so she contacted the ad placer—a woman—then went to her Longmont, Colorado house alone.

2HThe woman stabbed the would-be seller and removed the seven-month-old fetus. The baby died but the victim survived.

When police arrived, the 26-year-old victim was there but the fetus was gone. The 34-year-old psycho supposedly did not know the victim. She had her husband drive her to the same hospital that the victim went to, claiming that the fetus, which she had with her, was a miscarriage.

Oddly, the stabber has two kids already, and her husband is not a suspect.

Six weeks prior, Craigslist got negative attention when an elderly couple was murdered after responding to an ad for a car.

It’s a novelty to point out that these ads were placed on Craigslist, but there is nothing inherent about this medium for advertising that makes it dangerous.

The root of the problem is that of meeting strangers alone in secluded or barren locations. Making this worse is when the ad responder is physically compromised, such as from elderly age or pregnancy. What on earth are they thinking?

One solution is the so-called safe zone, a designated trading spot where Craigslist sellers and buyers meet, out in the open, around other people, such as at a police station parking lot.

Currently there are safe zones in 22 states; they are listed on the Safe Trade Stations website.

If your state doesn’t have one, or if the one in your state is far away, then the next best thing is to arrange to meet the seller or buyer in a public spot full of people such as at a busy café, if the item they’re selling is small enough. And bring someone with you.

If it’s a car or other very large item for sale, this makes things more challenging as far as location of the meeting. Bring two people with you, and try to arrange the meeting in a public spot, if at all possible. If you can’t find anyone to accompany you, and the item for sale can’t be transported to a public spot, then pass up the deal.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What is Shoulder Surfing?

The next time you’re in a public place and glued to your smartphone or tablet — whether it’s at the gym, a coffee house, the airport, or just a park bench— know that someone might be peering over your shoulder to see what you’re doing. The snooper could just be curious, or they could be trying to capture your login information so they can use it to access your accounts impersonating you later on.

4DThis behavior is called “shoulder surfing”, but it doesn’t always mean that someone is literally looking over your shoulder. It can also be done from far away, using binoculars or even a small telescope.

That’s why you should always work with your back tightly against a wall. If that’s not possible, be aware of who’s around you, or behind you, and try to shield your screen. Of course, shoulder surfing can also occur at the workplace where giant computer screens are facing outward for anyone walking by to see.

And it isn’t just the screen contents that the thief wants. A skilled thief can watch the user’s finger movements to pick up on passwords and login information.

Shoulder surfing can be completely concealed in settings where people are normally packed together, such as on public transportation, airplanes, concert halls, or even a busy emergency room.

Think of how easy it would be for you to watch what the person next to you is typing, especially if they’re wearing a headset and oblivious to their surroundings.

The fact that this is an easy way to steal information is what makes it so common. A study of commuters in the UK found that 72 percent shoulder surfed—mostly out of boredom rather than for fraudulent intent, but that just goes to show how easy it really is.

Here’s some simple ways to protect yourself from should surfing when entering or accessing personal data on your devices:

  • Look for an area where your back is against a wall.
  • Be aware of your surroundings at all times, not just people but also video cameras.
  • Consider using a screen protector to obscure the visibility of the display.
  • Save your personal, business and financial matters for when you are in the privacy of your own home.

So whether you’re just surfing social media sites at a coffeehouse, or an executive trying to catch up on work on a plane, make sure that you keep an eye out for anyone whose eyes are glued to your screen.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

3 Ways We are Tricked into Cyber Attacks

So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.

9Drecent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.

One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.

People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).

Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.

3 Key Pathways to Getting Hacked

  1. Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
    1. Do not click on links inside emails, regardless of the sender.
    2. Never open an attachment or download files from senders you don’t know or only know a little.
    3. Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
  2. Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
    1. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
    2. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
    3. To  check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
  3. Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
    1. Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
    2. Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
    3. Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?

All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is Spam?

Everyone’s heard of spam as it pertains to emails. Spam isn’t necessarily a malicious message designed to trick you into revealing your credit card number or PayPal login information.

emailBut spam is an unsolicited message, sometimes referred to as junk mail. Spam can be very annoying and relentless in nature, often attempting to convince you to buy something. Sometimes these messages are untruthful, such as those advertising human growth hormone pills (when they actually contain nothing of the sort). Spam also includes phishing which are messages designed to trick you into giving up personal information. Other messages can be legitimate advertisements—nevertheless, you did NOT ask for these solicitations.

Spam arrives in the form of emails, instant messages, and text messages—and it can also affect smartphones.

Spammers buy lists from brokers that continuously harvest email addresses from the web. They also run dictionary attacks, throwing billions of combinations of words and numbers at an email database to find valid address combinations.

Though some emails are obvious spam, such as ones with particular keywords like Viagra, sex lifeprescription drug discounts and fast weight loss, other spammy messages are not so obvious; they may appear legitimate or show a sender address of a family member, friend or business associate.

For instance, the sender may appear to be from your bank), with a subject line warning you to urgently update your account information. Similarly, the subject line may not be threatening, such as one referencing “your recent order from Amazon” or “your shipment from DHL,” yet it is not legitimate.

Spammers have found that if enough of these go out all at once, they’ll reach a statistically significant percentage of recipients who will have placed an order from Amazons within the previous 48 hours, or are expecting a delivery from DHL any day.

Here are some tips on how you can fight spam:

  • Be careful with your email address. Don’t supply your email address to sites you’re not sure about, and never post it in a public place.
  • Verify. If you’re not sure if an email is valid, even though it appears to be from your bank, medical carrier, employer, etc., don’t respond to the email. Contact the company or business by phone to verify the email’s validity.
  • Think before you click. Don’t click blindly. Never click on links in unsolicited emails. If you think the email is real, check the link URL to make sure you are being directed to a legitimate site.
  • Open with care. Think twice open attachments that you’re not expecting or from someone who normally wouldn’t send you an attachment.
  • Be cautious. Don’t be fooled by sensational subject lines. Another type of fraud is a subject line claiming you won a prize or are owed money.
  • Ignore it. If the email shows up in your spam or junk folder, chances are it’s spam, so LEAVE IT ALONE!

It’s simple: Never reply to spam.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.