How to digitally detox on Vacation

Many years ago when you were on vacation, before Facebook, Instagram and Twitter were invented (assuming you were an adult then), you had a great time, right? You weren’t “connected,” because there was no social media to be connected with.

2DIf today you can’t imagine being disconnected from social media while on vacation, ask yourself how this can be, if years ago, you never missed what had not yet been invented.

And what about constantly checking e-mail while on vacation? Or constantly perusing various websites with your mobile while at the beach?

Intel did a recent study:

  • 55% of Americans can’t disconnect while vacationing.
  • Two-thirds actually wanted to disconnect (detox), but less than half actually did so.
  • But when they did disconnect, 88% reported feeling okay about it and connecting better with travel mates.

Motivation to Detox

  • Know that cybercrooks are banking that vacationers do not disconnect.
  • Vacationers are especially vulnerable when they use public Wi-Fi, as cyberthieves can “snoop” on login entries and steal login information (such as to your bank, or get your credit card number when you online shop at the coffee house).
  • Can’t stay away from your e-mail when vacationing? Cybercrooks can gain access here, too.
  • Though installation of a virtual private network will prevent cyber snooping, it won’t prevent shoulder surfing, or thieves using high powered cameras to capture what you’re doing across the coffee house.
  • Of course, your devices should have security software that’s always updated.
  • Your devices should be password-protected as well.
  • Before embarking on your vacation (and not a few days before, but a few weeks before), practice disconnecting for 24 hours. If you must check your e-mail daily for business purposes, at least practice disconnecting from social media for 24, even 48 hours. Can you do it?
  • Can you stay off your mobile device while waiting at the dentist’s office or at the motor vehicle agency?
  • These “home” practice sessions can help you overcome withdrawal symptoms of not checking Twitter, Facebook or e-mail every 10 minutes.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Predators use Emojis to target Kids

Who’d ever think those silly little yellow circular faces and other such cyber symbols would become such a worldwide smash? I’m talking about emoticons, also known as emojis. Five years ago Apple put an emoji keyboard on its mobile devices. Six billion of these doggone things are sent every day.

12DBut a story at kdvr.com says this isn’t as innocent as it seems.

The story mentions Sheila Allison and her 12-year-old who regularly communicate via emojis. For instance, Allison’s job means she’s not home when her daughter is going to bed, so she sends emojis for zzzz’s, kisses and princess. (There’s an emoji for everything, and not all of them are faces; some are animals, fruits and other symbols.)

So expansive is the emoji language that a person may be considered fluent in it, knowing the hidden meanings of these icons.

Mike Harris hunts down pedophiles for a living, says the article. He’s fluent in emoji, knowing over 1,200 of the icons. He points out that one emoji may have three or four different meanings.

There’s even a Speak Emoji app that translates “emojiese.” The symbols can be used to bully and threaten. They can be used to communicate any number of messages, such as, “Got any crack?”

There are emojis with very concrete meanings, such as bomb, gun and knife symbols. Others are a bit more cryptic, though sending the emoji of a frog to someone you recently called “ugly” should have an obvious interpretation.

More Meanings

  • Dog (even cute) emoji = b–ch.
  • Pile of poop = sh*t.
  • Harris explains that the sequence of a running-man emoji and a bowling ball emoji means “I’m going to hit you.”
  • Guess what a scared face, knife and shower means.
  • Harris adds that a peach can mean erotic. So can raindrops.
  • Context is important; two people discussing the weather and sending raindrop emojis are meaning rain, nothing more.
  • Anyone whose head is in the gutter will use the banana emoji.
  • Meanings can be invented spur of the moment: sending the pig emoji to an overweight person or when discussing cops. An emoji of a shark (I’m sure there’s one) can refer to a lawyer.
  • But a very non-contextual emoji is footprints; this can mean beer.

Sorry, don’t shoot the messenger! Just giving all those over 30 a heads up!

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

TeamViewer Clients Victims of other Hack Attacks

Get an account with TeamViewer, and you will have a software package that enables remote control, online meetings, desktop sharing and other functions between computers.

9DBut recently, customers of TeamViewer have reported remote takedowns of their computers that resulted in different forms of monetary theft, such as bank accounts being cleaned out.

The cyber thieves controlled the victims’ computers via their TeamViewer accounts. Customers would witness their mouse arrow suddenly moving beyond their control.

The infiltration, though, did not occur on TeamViewer’s end, insists the company. Instead, the software company called users “careless” because they reused their TeamViewer passwords on other sites like LinkedIn, reports an article at theregister.co.uk. The company has since apologized. Frankly, I agree with TeamViewer. Careless password reuse is one of the main reasons why so much fraud is occurring.

The stream of support tickets from customers prompted TeamViewer to implement two new security checks which will warn customers via e-mail of suspicious login attempts to their TeamViewer account and ask their permission to allow this or not.

Another safeguard newly in place will be that of the company checking the GPS of login attempts, plus requiring a password reset when anybody tries to log in from a new location.

Some customers have been critical that the release of these new security features took too long, since the reports of the hacking began a few weeks prior to the finalization of these new features.

As mentioned, the origin of these hacks is apparently the reuse of TeamViewer passwords on other sites that were then hacked. TeamViewer managed to get ahold of the leaked passwords, and also leaked e-mail addresses, that were all the cyber crooks needed to remotely hijack the computers.

However, some victims reported that they never reused their password and even had two-factor authentication. Further, some victims are placing blame on the company for the breaches.

The company is taking the breach seriously and wants its affected customers to upload their log files. TeamViewer especially wants to hear from customers with two-factor authentication who were compromised.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Before you die, do This

“Nobody likes to do it, but it has to be done.” You’ve heard that before. This time, it applies to 26 documents that you should have all bundled up in a folder that trusted family members have access to (someplace where fire and water won’t damage them). But first let’s go over some details about what should be in that bundle.

1PEssential Documents

  • Your will: Some say not a copy, but the original, accompanied by instructions. Supplying everyone in your will a copy is also advised by others.
  • A completed power of attorney form that your benefactors have access to, should you become rendered impaired.
  • Complete list of loans you’ve made to others, and debts.
  • Proof of ownership of the following if you have them: owned property/housing, vehicles, cemetery plots, savings bonds, stock certificates, brokerage/escrow mortgage accounts and partnership/corporate operating agreements.
  • Last three years’ of tax returns might seem excessive, but if you can, do it.

Bank Accounts

  • Name of bank and phone number, account numbers, online login information
  • Register a family member or spouse’s name with the bank; have them sign the registration document to allow them access to your accounts.
  • A list of safe deposit boxes if you have them

Retirement List

  • Pensions
  • Annuities
  • IRAs
  • 401ks

Medical

  • Power of attorney form. If you become incapacited, who will make medical care decisions for you? This should also be IN your will.
  • Choose your POA attorney while you’re of sound mind.
  • Have it spelled out how you’d like to be treated in the event of incapacitation (and this includes what should be done if you end up in a persistent vegetative state). Who pulls the plug?

Marriage & Divorce

  • Does your spouse know where your marriage license is?
  • If you’re divorced, make sure there are documents spelling out child support, alimony and any property settlements and financial divisions. To avoid disputes, include bank account numbers for the appropriate settlements.
  • Keep copies of life insurance documents.
  • Last but not least is the qualified domestic-relations order, that can prove your spouse got a share of your retirement accounts.

Life Insurance

  • Family members should have copies of life insurance documents and contact information for the carrier.

In a Nutshell, the Top 26

  1. Marriage license
  2. Divorce papers
  3. Living will (what should be done if you’re alive but incapacitated)
  4. Personal/family medical history
  5. Authorization to release medical care information
  6. Durable healthcare POA
  7. Do-not-resuscitate (DNR) order
  8. Tax returns
  9. Housing, land and cemetery deeds
  10. Escrow mortgage accounts
  11. Proof of loans made and owed debts
  12. Titles for vehicles
  13. Stock certificates, savings bonds and brokerage accounts
  14. Partnerships and corporate operating agreements
  15. Life insurance policies
  16. IRAs
  17. 401ks
  18. Pension documents
  19. Annuity contracts
  20. Bank account list
  21. List of bank usernames and passwords
  22. Safe-deposit box list
  23. Will
  24. Letter of instruction for the will
  25. Trust documents
  26. Updated passwords document for all your critical accounts.

Do you have docs you think should be on this list? Please provide in the comments.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Posting Kids’ Photos online is illegal?

In France, anything is possible. Like getting tossed in jail for posting your children’s photos on Facebook.

12DYes indeed, it’s true. People in France might be put behind bars for putting their kids’ pictures on Facebook. Or, they may face heavy fines. This is because the French authorities deem posting kids’ photos online threatens their security.

Parents are being warned about the consequences of this violation. The authorities believe that posting images of one’s kids online can lead to some pretty nasty things:

  • Photo-napping, particularly by pedophiles
  • Stealing the images and posting them on adoption sites
  • Kids, when grown, suing their parents for emotional damage that they think resulted from photos of their younger selves being posted online
  • Parents may even sue each other if photos of their kids go up after a divorce.

France’s privacy laws are a force to be reckoned with. How does a year in prison and a fine of almost $50,000 sound for posting children’s photos? Wow, French parents really better watch out when posting that photo of the family reunion or company picnic with kids in the background.

If you’re poo-pooing France right now, save your poo-poos for Germany as well. German police are urging parents to stop posting their kids’ images—especially because a lot of people are putting up images of their kids naked in the context of water activities.

Maybe if fewer parents got off on posting pictures of their naked toddlers and even older children (one can only guess what these parents are hoping to accomplish), the police wouldn’t be so rigid.

Still think the police are over-reacting? And maybe they are, but consider this: According to The Parent Zone, the average person posts nearly 1,000 images of their child online by the time that child blows on five birthday candles. Now maybe The Parent Zone isn’t the gospel, but we all know people who seem to have 8,000 pictures up of their children on social media.

What’s even more staggering, says The Parent Zone, is that 17 percent of these parents have never bothered to set their Facebook privacy settings. And 46 percent checked the settings only one or two times. This all means that these parents absolutely are in denial that some weirdo isn’t drooling over their naked preschooler in the backyard baby pool.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Three Quarters of a Billion Records breached

Last year, says the security firm Gemalto, over 700 million records were breached. Or, to put it another way, this translates to two million stolen or lost records every day.

3D2015 Breach Level Report

  • 1,673 hacking incidents
  • 398 were triggered from the inside of the attacked company: employees and even IT staff who were tricked (social engineering) by hackers into clicking on malicious links or attachments
  • Government agencies suffered the greatest data leaks.
  • Following that were nation states and healthcare enterprises (remember the big Anthem breach?)

Gemalto also says that the U.S. is the leading target of cyber attacks, with the UK, Canada and Australia following behind in that order. But don’t let Australia’s fourth place standing fool you. It reports only 42 publically reported incidents, while the U.S. has reportedly had 1,222.

How can you tell your computer has been compromised by an attack?

  • Your computer is running slowly; you’re not simply being impatient—the device really is moving at a crawl. This is a possible sign the computer is infected.
  • Another possible sign of infection: Programs open up without you making them, as though they have a mind of their own.

Protecting Your Computer

  • First and foremost, businesses need to rigorously put their employees through training. This includes staged phishing attacks to see if any employees can be tricked into revealing sensitive company information. Training for workers must be ongoing, not just some annual seminar. A company could have the best security software and smartest IT staff, but all it takes is one less-than-mindful employee to let in the Trojan horse.
  • If you receive an e-mail with a link or attachment, never rush to open them. Pause. Take a few breaths. Count to 10. No matter what the subject line says, there is always plenty of time to make sure an e-mail is from a legitimate sender before opening any attachments or clicking any links.
  • Use firewall and anti-virus software and keep them updated.
  • Use a virtual private network to scramble your online activities when you’re using public Wi-Fi so that cyber snoopers see only scrambling.
  • Use the most recent version of your OS and browser.
  • Regularly back up your data.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Security Appreciation lacking

What’s it gonna take for companies to crack down on their cybersecurity? What’s holding them back? Why do we keep hearing about one company data breach after another?

1SWell, there’s just not enough IT talent going around. The irony is that most company higher-ups admit that cybersecurity is very important and can even name specific situations that could compromise security, such as

having multiple vendors vs. only a single vendor; not having quality-level encryption in place; allowing employees to bring their own mobile devices to work and use them there for business; and having employees use cloud services for business.

Many even admit that they lack confidence in preventing a sophisticated malware onslaught and are worried about spear phishing attacks.

So as you can see, the understanding is out there, but then it kind of fizzles after that point: Businesses are not investing enough in beefing up their cybersecurity structure.

Let’s first begin with signs that a computer has been infected with malware:

  • It runs ridiculously slow.
  • Messages being sent from your e-mail—behind your back by some unknown entity.
  • Programs opening and closing on their own.

What can businesses (and people at home or traveling) do to enhance cybersecurity?

  • Regularly back up all data.
  • All devices should have security software and a firewall, and these should be regularly updated.
  • Got an e-mail from your boss or company SEO with instructions to open an attachment or click a link? Check with that person first—by phone—to verify they sent you the attachment or link. Otherwise, this may be a spear phishing attempt: The hacker is posing as someone you normally defer to, to get you to reveal sensitive information.
  • Mandate ongoing security training for employees. Include staged phishing e-mails to see who bites the bait. Find out why they bit and retrain them.
  • Never open e-mails with subject lines telling you an account has been suspended; that you won a prize; inherited money; your shipment failed; you owe the IRS; etc. Scammers use dramatic subject lines to get people to open these e-mails and then click on malicious links or open attachments that download viruses.
  • Install a virtual private network before you use public Wi-Fi.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Protect Yourself from Online Dating Scams

$200 million: The amount people were ripped off by online dating scams in a year.

1FDUI: dating while under the influence…of the quest for love…is costly to countless people.

A nytimes.com article notes that this quest impairs judgment, making it easy for con artists to bilk lonely people. Or are some people just plain stupid? But many victims are highly educated.

It all begins with a phony profile that grabs the victim’s attention. The nytimes.com report points out that the scamster uses attractive photos stolen off of other sites.

INTERRUPTION: If he/she is too gorgeous to be true, right-click the image to see where else it appears online! Is “Emilene McKenna” whom she says she is?

These scammers come from anywhere on the globe.

  • They prey upon loneliness, greed and desire.
  • Overseas scam rings
  • Solitary scammers working at home late at night
  • Women, not just men
  • They almost always profess to be in a glamorous or exciting line of work, though occasionally, they’ll pose as a more common person (perhaps to appear less suspicious).
  • People of all ages and walks of life, plus sexual orientations, are targeted.
  • The common denominator is a request for money.
  • Reasons for money requests run the gamut but usually focus on medical bills, legal fees or fees relating to a planned trip to meet the victim (which never occurs).

The nytimes.com article quotes victim specialist Debbie Deem that these con artists are skilled at mirroring the victim’s needs and creating “a sense of intimacy very quickly.” The victim soon becomes convinced that this is their soulmate—and thinks nothing of sending them the requested money.

However, the scammer may reveal their true colors after luring the victim into posing for raunchy photos or videos: The crook threatens to expose these unless the victim sends them money.

Other Facts

  • Being offered a spouse is a growing ruse.
  • Some victims have lost over $400,000.
  • Significant contact from the scammer lauding the victim.

How to Protect Yourself

  • If you haven’t already figured that out after reading this article…I’m very worried.
  • In addition to right-clicking the photo, copy and paste the profile’s narrative into a search engine and see if it shows up anywhere else like on an unrelated person’s blog or another dating profile under a different name.
  • NEVER SEND MONEY! Think: They’ve gotten this far in life without your financial help; they’ll survive without it.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Beware of Amazon’s scary Customer Service Hack

Do you shop at Amazon.com? Are you aware they have a back door through which hackers can slip in?

11DLet’s look at Eric’s experience with hackers and Amazon, as he recounts at medium.com/@espringe.

He received an e-mail from Amazon and contacted them to see what it was about. Amazon informed him that he had had a text-chat and sent him the transcript—which he had never been part of.

Eric explains that the hacker gave Eric’s whois.com data to Amazon. However, the whois.com data was partially false because Eric wanted to remain private.

So Eric’s “fake” whois.com information wasn’t 100 percent in left field; some of it was true enough for the customer service hack to occur, because in exchange for the “fake” information, Amazon supplied Eric’s real address and phone number to the hacker.

The hacker got Eric’s bank to get him a new copy of his credit card. Amazon’s customer service had been duped.

Eric informed Amazon Retail to flag his account as being at “extremely high risk” of getting socially engineered. Amazon assured him that a “specialist” would be in contact (who never was).

Over the next few months, Eric assumed the problem disintegrated; he gave Amazon a new credit card and new address. Then he got another strange e-mail.

He told Amazon that someone was impersonating him, and Amazon told him to change his password. He insisted they keep his account secure. He was told the “specialist” would contact him (who never did). This time, Eric deleted his address from Amazon.

Eric became fed up because the hacker then contacted Amazon by phone and apparently got the last digits of his credit card. He decided to close his Amazon account, unable to trust the giant online retailer.

  • Frequently log into your account to check on orders. See if there are transactions you are unaware of. Look for “ship to” addresses you didn’t authorize.
  • Amazon’s customer support reps should be able to see the IP address of the user who’s connecting. They should be on alert for anything suspicious, such as whether or not the IP address is the one that the user normally connects with.
  • Users should create aliases with their e-mail services, to throw off hacking attempts. In other words, having the same email address for all your online accounts will make it easy for them to be compromised.
  • If you own domain names, check out the “whois” info associated with the account. It may be worth making it private.

Be very careful when sharing information about yourself. Do not assume that just because a company is a mega giant (like Amazon), it will keep your account protected from the bad guys.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Can the cloud be trusted?

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

4HA cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

  • How often do you clean out dormant accounts?
  • What type of authentication is used?
  • Who can access and see my data?
  • Where is the data physically kept?
  • What level of encryption is in place?
  • How is the data backed up?
  • What’s in place for physical security?
  • Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

  • All data, even if old or irrelevant, should be backed up.
  • Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
  • Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.