TeamViewer Clients Victims of other Hack Attacks

Get an account with TeamViewer, and you will have a software package that enables remote control, online meetings, desktop sharing and other functions between computers.

9DBut recently, customers of TeamViewer have reported remote takedowns of their computers that resulted in different forms of monetary theft, such as bank accounts being cleaned out.

The cyber thieves controlled the victims’ computers via their TeamViewer accounts. Customers would witness their mouse arrow suddenly moving beyond their control.

The infiltration, though, did not occur on TeamViewer’s end, insists the company. Instead, the software company called users “careless” because they reused their TeamViewer passwords on other sites like LinkedIn, reports an article at theregister.co.uk. The company has since apologized. Frankly, I agree with TeamViewer. Careless password reuse is one of the main reasons why so much fraud is occurring.

The stream of support tickets from customers prompted TeamViewer to implement two new security checks which will warn customers via e-mail of suspicious login attempts to their TeamViewer account and ask their permission to allow this or not.

Another safeguard newly in place will be that of the company checking the GPS of login attempts, plus requiring a password reset when anybody tries to log in from a new location.

Some customers have been critical that the release of these new security features took too long, since the reports of the hacking began a few weeks prior to the finalization of these new features.

As mentioned, the origin of these hacks is apparently the reuse of TeamViewer passwords on other sites that were then hacked. TeamViewer managed to get ahold of the leaked passwords, and also leaked e-mail addresses, that were all the cyber crooks needed to remotely hijack the computers.

However, some victims reported that they never reused their password and even had two-factor authentication. Further, some victims are placing blame on the company for the breaches.

The company is taking the breach seriously and wants its affected customers to upload their log files. TeamViewer especially wants to hear from customers with two-factor authentication who were compromised.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Can Two-Factor Authentication actually fail?

You’ve probably read many times that two-factor authentication is a superb extra layer of protection against a thief hacking into your accounts, because gaining access requires entering a One Time Passcode (OTP)—sent via text or voice—into a login field. In other words, no phone, no access.

7WBut CAN a hacker get the phone? Ask Deray McKesson, an activist with Black Lives Matter. Hackers got his phone.

Now, this doesn’t mean they busted into his home while he was napping and took his phone. Rather, the thief took control of his mobile account.

The thief rerouted McKesson’s text messages – to a different SIM card that the mobile carrier, Verizon, had issued to the thief. This is how the criminal got the two-factor code. Next thing, the imposter was in McKesson’s Twitter and e-mail accounts.

So though two-factor is a pretty well-padded extra layer of protection, it can be circumvented.

“Someone called Verizon impersonating me,” tweeted McKesson on June 10. The crook got a different SIM this way. The flaw isn’t the two-factor system. In this case it was Verizon, allowing this to happen just too easily.

“Today I learned that it is rather easy for someone to call the provider & change your SIM,” says a subsequent tweet. Though Verizon does require the last four digits of the user’s SSN to get a new SIM card, this isn’t enough to filter out imposters, as we see here. McKesson further tweeted he was “not sure” how the imposter knew those last four digits, but that “they knew it.”

Verizon has since implemented additional safeguards.

So what really happened? How did someone get McKesson’s SSN? Did he reveal it somewhere where he didn’t have to? And then the wrong person saw it? Was he tricked into revealing it through a phishing e-mail?

Nevertheless, here’s what to do:

  • Set up a secondary code on your phone’s account.
  • This is a personal identification number that an imposter would have to reveal before any changes were made to the account—even if he gave out your entire SSN to the mobile company rep.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Before you die, do This

“Nobody likes to do it, but it has to be done.” You’ve heard that before. This time, it applies to 26 documents that you should have all bundled up in a folder that trusted family members have access to (someplace where fire and water won’t damage them). But first let’s go over some details about what should be in that bundle.

1PEssential Documents

  • Your will: Some say not a copy, but the original, accompanied by instructions. Supplying everyone in your will a copy is also advised by others.
  • A completed power of attorney form that your benefactors have access to, should you become rendered impaired.
  • Complete list of loans you’ve made to others, and debts.
  • Proof of ownership of the following if you have them: owned property/housing, vehicles, cemetery plots, savings bonds, stock certificates, brokerage/escrow mortgage accounts and partnership/corporate operating agreements.
  • Last three years’ of tax returns might seem excessive, but if you can, do it.

Bank Accounts

  • Name of bank and phone number, account numbers, online login information
  • Register a family member or spouse’s name with the bank; have them sign the registration document to allow them access to your accounts.
  • A list of safe deposit boxes if you have them

Retirement List

  • Pensions
  • Annuities
  • IRAs
  • 401ks

Medical

  • Power of attorney form. If you become incapacited, who will make medical care decisions for you? This should also be IN your will.
  • Choose your POA attorney while you’re of sound mind.
  • Have it spelled out how you’d like to be treated in the event of incapacitation (and this includes what should be done if you end up in a persistent vegetative state). Who pulls the plug?

Marriage & Divorce

  • Does your spouse know where your marriage license is?
  • If you’re divorced, make sure there are documents spelling out child support, alimony and any property settlements and financial divisions. To avoid disputes, include bank account numbers for the appropriate settlements.
  • Keep copies of life insurance documents.
  • Last but not least is the qualified domestic-relations order, that can prove your spouse got a share of your retirement accounts.

Life Insurance

  • Family members should have copies of life insurance documents and contact information for the carrier.

In a Nutshell, the Top 26

  1. Marriage license
  2. Divorce papers
  3. Living will (what should be done if you’re alive but incapacitated)
  4. Personal/family medical history
  5. Authorization to release medical care information
  6. Durable healthcare POA
  7. Do-not-resuscitate (DNR) order
  8. Tax returns
  9. Housing, land and cemetery deeds
  10. Escrow mortgage accounts
  11. Proof of loans made and owed debts
  12. Titles for vehicles
  13. Stock certificates, savings bonds and brokerage accounts
  14. Partnerships and corporate operating agreements
  15. Life insurance policies
  16. IRAs
  17. 401ks
  18. Pension documents
  19. Annuity contracts
  20. Bank account list
  21. List of bank usernames and passwords
  22. Safe-deposit box list
  23. Will
  24. Letter of instruction for the will
  25. Trust documents
  26. Updated passwords document for all your critical accounts.

Do you have docs you think should be on this list? Please provide in the comments.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to Stop Sharing Your Location Information

The Internet helps us connect and share with people around the world, but there are some people with whom you definitely shouldn’t be sharing your information. Although it’s not pleasant to think about, it’s not just friends and family that can see your online posts, bad guys can too, including criminals and even sex offenders.

7WSo, when you take a photo of your kids in your backyard, know that if you post that picture on social media, a predator can potentially obtain the GPS coordinates of where that picture was shot.

This is because every time you take a picture, technical data is created and stored along with the image. This is called “EXIF data”, or exchangeable image file format. When this data includes location information, such as the exact GPS coordinates of where the photo was taken, the image is then “geotagged.”

The good news is you can view the EXIF data, and remove it to prevent predators from getting your location information. EXIF data will always be added to the storage of every picture you take; there’s no way to prevent this. But you can delete it.

Here’s how to prevent strangers from seeing your location information:

  • Select the image on your computer and right-hand click on it.
  • Select “properties.” You’ll find all the data here.
  • Go to the location, or EXIF data.
  • At the end of all the information you’ll see “Remove Properties and Personal Information.” This will wipe out the coordinates.
  • You should go through this process before posting photos online, because once they’re online, you can’t control who sees this information.
  • However, it will still be worth your while to strip this data from photos already posted online. For all you know, tomorrow is the day that a bad guy reads your location information, so today is the day to delete it.

Some people’s social media pages have an endless scroll of personal photos, including pictures of their children and teens. Be very selective of what you post online, and always delete the EXIF data before posting.

Save the pictures you don’t post for a hardcopy photo album. That way you’ll dramatically cut down on the time spent eradicating your location information, while increasing your online security.

Here’s some more tips to use location services safely:

  • Turn off the GPS function on your smartphone camera or digital camera. This is important if you are going to be sharing your images online. Instructions on how to turn off geotagging will vary, but we suggest referring to your phone or camera’s manual for further instructions on how to adjust this feature. You also might want to consider only letting certain apps (like maps) use your location data on your mobile device.
  • Check your privacy settings on social networks and photo sharing sites. Make sure that you are only sharing information with friends and family. Also, make sure that you only accept people into your network that you know in real life.
  • Be aware of the fact that the information you share on one social network may be linked to another.For instance, a photo you post to Twitter may automatically post to your Facebook profile. Because of this, it’s important that you check the privacy settings on all your accounts.
  • Finally, be careful about what images you’re sharing and when you are sharing them.Rather than uploading a picture that reveals your location the moment you take it, wait until you get home to upload it.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

10 Ways our Privacy is invaded

2POnce you become active online…and especially once you become “connected” with a smartphone…your privacy will be in sizzling hot demand—and in fact, you can bet that as you read this, it is already being invaded in ways that you couldn’t possibly imagine. Here are some of those ways, provided by wired.com:

  1. Someone could be collecting information on you via a keylogger: It’s a little tool that records your keystrokes, that someone secretly inserts into your computer. A keylogger, however, can also be deposited by malware that you unknowingly downloaded.
  2. Tracking technology that retailers use. You are in a large department store and must pass through several departments to get to the one you want. Your smartphone is connected during this time. The tracking technology scans your face (or maybe it doesn’t) and connects with your phone, identifying you as a potential customer for the goods that are in the departments you are passing through or near to. Next thing you know, you are getting hit with ads or e-mails for products that you have no interest in.
  3. Video surveillance. This is old as far as the technology timeline, but it is still a favorite among all sorts of people including those with twisted minds. Video cameras can even be hidden in your front lawn. They can also be found at ATMs, placed there by thieves, to record users’ PINs as they punch them in.
  4. E-mail monitoring. Your e-mails could be being monitored by a hacker who has remote viewing capabilities of your computer (because you unknowingly let in a virus).
  5. Personal drones—those small-enough-to-by-held-by-a-child aircraft that are remote controlled; they can be equipped with cameras to take pictures of you, and they can even follow you around.
  6. Public WiFi. Snoops and hackers can eavesdrop on your unsecured WiFi internet with the right hardware and software. Use Hotspot Shield to encrypt your data.
  7. And in addition to these ways your privacy could be invaded, a hacker could be spying on you through the little Webcam “hole” above your computer screen (a piece of masking tape over it will solve that problem).
  8. Peeping Tom. And of course, there is the old fashioned way of intruding upon someone’s privacy: stalking them (on foot or via car), or peering into their house’s windows.
  9. Reverse peephole. A person could tamper with a peephole on a house’s front door, apartment door or a hotel door, then be able to see what’s going on inside.
  10. Remote access technology can be malware installed on your device designed to extract all your sensitive data. Make sure to keep your devices security software updated.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Things to tell your Kids about Privacy Online

Those were the days when all parents had to worry about was the creepy guy lurking near the playground. Now parents have to worry about creeps all over the world reaching their kids via computer. And there’s more to worry about. Here’s what to teach your kids: 2P

  • Screen names should not be revealing about location, age or even gender. Never use the full name. Choose a name that would never outright point to the user, such as “Chris J,” when everyone knows the user as Tina Jones. “Chris” can make Tina (Christina) still feel connected to the screen name. And “sweetcheeks” isn’t a good screen name for anyone, especially a kid.
  • Before posting anything, make sure the answer would be “yes” if asked if your grandmother would approve.
  • Deleting an image or comment doesn’t mean it’s removed from cyberspace. While it was up, it could have been shared and recirculated. The No. 1 rule is: Once it’s online, it’s permanently there, no matter what you do with it afterwards.
  • Don’t assume that just because the privacy settings are high, that only a very limited audience will view the posting. Somehow, some way, there’s always a way for something to “get out.” An example would be an authorized viewer sharing the image or posting.
  • Racy images and offensive posts may seem harmless now, but down the road can return to haunt the user when they apply for college, a job or are in a lawsuit.
  • Never impersonate anyone.
  • Discourage sharing personal things online; it’s better to just yak about it in person or over the phone. As for things like address and Social Security number, this information should never be given out unless for a job or school application.
  • Be polite online. “Speak” coherently, use punctuation, don’t ramble, don’t swear and don’t use all caps. Use spell check when possible.
  • Avoid sex talk online at all costs. A predator can pose as anyone and win the trust of kids.

Parents should learn about how privacy settings work so that their kids aren’t left to figure it out themselves. Otherwise, uninformed kids might just let it go and not bother. This approach will let the whole world see what they’re posting. Privacy settings for all accounts should be high, including chat and e-mail accounts.

  • Keep the lines of communication open with your kids.
  • Peruse the social networking sites your kids use to see if they’re posting anything risky or inappropriate, such as announcing vacation plans (something that burglars search for).
  • Tell your kids to report anything suspicious online, just as they’d report to you if someone was hiding in the bushes outside your house.
  • Review the friends list of your kids.
  • Install Hotspot Shield VPN. This is security software which, in addition to antivirus/phishing software and a firewall, will help prevent hacking.
  • Make the non-negotiable rule that you can check your kids’ devices at will, and that any online “friend” your child wishes to meet must meet you first.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Consumers smartening up to Privacy Issues

According to a recent report from Pew Research, many Americans take privacy seriously—as in the cyber kind, but also offline. 2P

  • 9% of survey respondents thought they had strong control over how much of their personal information was collected and shared.
  • 38% thought they had moderate control; 37% believed they had little control; 13% said they had zero control.
  • 25% used temporary e-mail addresses or usernames for some online activities.
  • 24% gave non-truthful information about themselves (e.g., when registering on a site to post comments, a single woman might indicate that she’s a married man; or a childless person might indicate that he has kids).
  • 59% cleared their browser and cookies.
  • 47% avoided giving out non-relevant information for online transactions.
  • 55% remained anonymous for some online activities.
  • 74% believe the government should have better limits to collecting people’s data.

Why don’t more people do things in the name of privacy like adjust the settings of their accounts or smartphone? For starters, some don’t want to hassle with “techy” things, while others don’t think it’ll make any difference. Some just aren’t worried all that much and have nothing to hide. Others don’t want to pay more money for more security. And some are clueless over how much of their data gets shared, such as those who blindly allow mobile apps “permissions.”

Some users also know that higher privacy, in general, comes with slower loading times and other inconveniences. People want efficient usability. Nevertheless, people are getting cranky.

For example, the U.S. Drug Enforcement Administration was surveilling Americans’ phone calls overseas. They’ve now been sued. Secondly, the Stop Online Piracy Act was on the brink of being shelved, but lawmakers put a stop to these plans.

The National Security Agency’s metadata program with bulk phone calls was recently deemed illegal after the American Civil Liberties Union brought a lawsuit to the U.S. federal appeals court.

And that’s just a sample. There are more lawsuits in the works in the name of Americans’ privacy rights.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Consumers sacrificing Privacy for Convenience

It’s hard to believe that, according to a recent poll from the Pew Research Center, most Americans aren’t too upset that the government can track their e-mails and phone calls. There’s too much of a blasé attitude, it seems, with people thinking, “I don’t care if I’m monitored; I have nothing to hide.”

2PThis blows it for those of us who actually DO mind that the government is snooping around in our communications, even if we’re as innocent as a butterfly.

Privacy experts believe that governmental monitoring of online activities is just such a fixed part of Americans’ lives that we’ve come to accept it. But privacy experts are pushing for an increased awareness of the importance of digital privacy, and this begins with the U.S. masses putting out some demands for privacy.

An article on arcamax.com points out that as long as Americans are sitting pretty with cheap and easy-to-use Internet experiences, nothing much will change. “People are very willing to sacrifice privacy for convenience,” states Aaron Deacon, as quoted in the article. He manages a group that explores issues pertaining to Internet use.

The article says that Pew’s research reveals that since the NSA revelation, 20 percent of Americans have become more privacy-conscious in a variety of easy ways like using a private web browser.

But most Americans shy away from the more complicated privacy protection methods. Furthermore, some people don’t even know of the extent of governmental monitoring.

Nevertheless, ease of use has made people complacent. Who wants to hassle around with encryption, decoding, coding, etc.? This stuff is great for techy people but not the average user.

The good news is that there is somewhat of a revolution geared towards making privacy methods less intimidating to Joe and Jane User. It just won’t happen overnight, but the market is “emerging,” says Deacon in the article.

Theoretically, if everyone turned techy overnight or privacy protection instantly became as easy as two plus two, this would make unhappy campers out of the businesses that flourish from tracking users’ online habits. The government wouldn’t be smiling, either, as it always wants to have fast access (e.g., “backdoor”) to electronic communications: the first communication choice of terrorists.

Thus far it seems that people have two choices: a fast, easy, cheap Internet experience that gives up privacy, or a techy, expensive, confusing experience that ensures privacy. The first choice is currently winning by miles.

Forewarned is forearmed. Pay attention. This is getting real.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How the Internet of Things is further killing Privacy

Privacy used to mean changing clothes behind a partition. Nowadays, say “privacy” and people are likely to think in terms of cyberspace. Stay connected, and you risk losing your privacy.

2PEven if you’re not connected, don’t even own a computer or smartphone, information about you can still be out there on the Internet, such as a listing for your address and phone number or a way for someone to get it with a small fee if you live in owner-occupied property.

An article on wired.com points out that the Internet of Things (IoT) is a privacy killer. But it’s also more than that. The evolution of technology forces us to redefine how we perceive our lives, says the article. Even an invention as primitive as the steam engine caused a rethinking among people. But whereas the steam engine was a slap, the IoT is a sledgehammer.

And the Internet of Things is only just beginning. Wired.com notes that the combination of the World Wide Web, big data, social identity, the cloud and more are all poised to erupt into something huge, and it won’t give us time to prepare.

The IoT will infiltrate the tiniest and most remote pockets of the planet, inescapable, impacting all who have a pulse, literally. It’s not like the steam engine in which, soon after its invention, many people were afraid to ride the train because they believed that God did not intend for humans to travel so fast, and thus, these folks easily avoided boarding the train.

We won’t be able to avoid the IoT. It won’t be a station we walk up to and then decide we don’t want to get on. We will be, as wired.com says, living inside the Internet. We’re too addicted to technology not to. Kids can’t imagine living without their smartphones. When their grandparents were kids, the only thing they felt needy for was an umbrella on a rainy day. You don’t miss what you can’t conceive of.

With the IoT slowly dissolving us, like a snake swallowing a giant rat and slowly dissolving it (certainly you’ve seen those unsightly images—you know what I’m talking about), our privacy will be dissolved along with us.

Strangers already can figure out what things we like to shop for without ever communicating to us. Your health habits, eating habits, dating habits…all the data that makes you YOU is continuously being shagged by Big Data. “Privacy” may one day become one of those words, like “oil lamp,” that’s no longer in use because by then, it will be such a far-removed concept.

Imagine living in a house made entirely of see-through structures, so that no matter where you are in it, people on the outside can see what you’re doing. There’s no brick, no aluminum, drywall or wood—just all some transparent material. That’s the Internet of Things.

Ways to shield your privacy:

Use a browser that has an “incognito” mode or privacy plug-in.

Use a VPN to mask your IP address and encrypt your data. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

Turn of GPS location for photos. iPhone and other devices saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is private Information and what is not?

Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.

1PThis means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.

So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.

And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.

But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.

Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.

Tips for Training Employees on Security Savvy

  • Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
  • Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
  • Show management is invested. Behavior changes start from the top down,
  • Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
  • Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
  • Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
  • Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.