Parents Beware of Finstagram

/in /by

You have surely heard of Instagram, the photo sharing social network, but what about “Finstagram?” If you are like most parents, you have rules about the social media practices of your kids. However, once you learn about Finstagram, those might all go out the window.

When you combine the words “fake” and “Instagram,” you get Finstagram. Essentially, these are fake, or alternative, Instagram accounts that are created by teens, for the most part. These accounts can be used for harmless laughs, such as sharing embarrassing pictures with your close circle of friends, or for harmful deeds, such as hiding alcohol or drug use from parents. Finstagram accounts are also commonly used for bullying.

You can look at your child’s Instagram account and see the innocent angel that you believe you have raised. But, do they have a Finstagram account that shows a different side? It’s possible, and you might even be able to find it by using the Find Friends feature on the software. Of course, it’s possible that your child has linked their Finstagram to a new email address or even name.

On top of all of this, kids are using Finstagram accounts to do things that would never be acceptable on their “real” Instagram accounts. For instance, there have been instances where these fake accounts are used to post inappropriate or altered photos of their classmates in inappropriate situations. In some cases, things get so serious that the schools, themselves, have to contact Instagram to get the accounts shut down.

Even if you think that you have nothing to worry about with your own kids, it might be worth it to do a check on them. You can certainly ask your child if they have an account, and they might be forthcoming and tell you. Odds are, however, that they won’t. In fact, about 90% of Finstagram accounts are unknown, so it is the parent’s responsibility to look for the signs.

Parent should have all passcodes to access the device and its applications. Or the child can’t have a phone. Non-negotiable. Done deal.

Sit down with your child to talk about their usage of social media, and the repercussions of their actions on social media. You also might want to talk to other parents you know about Finstagram accounts. These accounts might be for innocent fun, but they could also ruin someone’s life.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Investigators Using Social Media to Find Missing Children

/in /by

Gone are the days when social media is only used to share what you had for dinner or announcing to the world that you are headed to the gym. But social media has become a platform for any and everyone to say what’s on their mind, and sometimes that’s great, but all too often it isn’t. Social is significantly lacking in decorum. But at least some are using social for good.

These days, law enforcement is using social media to find missing children.

Washington, DC police are leading the way on this. In 2017, alone, the district is averaging about 190 missing kids a month. By using social media, information about the children is getting out quickly. Previous to this, the district was issuing press releases, but with social media, there are now thousands of people getting information about these children.

This new way of spreading the word is helping to find missing children, for example a Twitter user recently created a screenshot of several missing person’s flyers. She then shared the tweet with her followers, and it received over 108,000 retweets. It also, however, raised the red flag that these girls might be the victims of a human-trafficking scheme.

DC police admits that missing children are vulnerable to this type of exploitation, but are quick to point out that there is no evidence that these missing people were linked to any type of known human trafficking scheme.

Other groups, such as the Black and Missing Foundation, are also using social media to share leads, but still use traditional media, too. For instance, in 2012, a missing teen in New York was found in a matter of hours after her story appeared on the television show, The View.

Thanks to this new way of making the public aware of missing kids, DC police are seeing results. During the last two weeks of March, for instance, eight children were found after their stories were shared on social media.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Stop being a Social Media Idiot

/in /by

Leave personal details off your Facebook page.

14DDoes the whole world—or even your private circle, many of whom you haven’t seen in person for years, or even at all—have to know you’re laid up from hernia surgery (i.e., vulnerable, defenseless)?

Try this experiment for a week: Assume that the only visitors to your Facebook are 1) future possible employers, 2) master gossip spreaders and reputation bashers, and 3) your future in-laws (if you’re not married). This should really change the game plan of how you post.

Never send naked photos of yourself.

Not even to your significant other. After all, in many cases of leaked nude images…the significant other is the leaker! If your lovey-dove wants to see you in your birthday suit, then present yourself that way in person—after you know for sure all the cameras in the room are turned off.

Enough with the selfies.

It’s gotten to a point where all selfies look alike: Some doofus holding up the phone and staring INTO the phone. Whatever happened to the nice images of yesteryear, where someone, posing nicely, was facing the viewer? Selfies are fine if you’re showing off your abs when the selfie next to it of 90 days ago shows the Pillsbury Dough Boy, but please, nobody is special enough to justify endless selfies, including those for which you corralled a bunch of people to take part in it.

Instagram is not for food images.

Don’t waste your time. Think “borrrrrring!” Who really wants to see your beet salad? If you want to promote your recipe skills, start a website.

“Like” only recent posts.

Nobody pays attention to likes on old posts.

Cross out cross-posting.

Post an item on your Snapchat story, then put it in a private message…NOT.

No ODRs, no oversnapping.

Avoid opening but not replying on Snapchat. Avoid double-snapping someone.

Say no to screengrabbing.

Read that again. Don’t grab a Snapchat unless you want the sender to know who did it.

For parents…

Be mindful of commenting on your teenagers’ pages. Be sincere if you must, like a congratulations for qualifying for the state wrestling finals.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Hacking the CEO with Social Media

/in /by

If the super big wigs could get their social media accounts hacked, you can too. If you can believe it, the Twitter accounts of the following were recently hacked:14D

  • Google CEO Sundar Pichai
  • Yahoo CEO Marissa Mayer
  • Oculus CEO Brendan Iribe
  • Twitter co-founder Jack Dorsey

Shouldn’t these CEOs know how to prevent getting hacked? One little slip could let in the cybercriminals: reusing the same password.

Times have really changed. During the good ‘ol days, employees barely knew the CEO. Sometimes he was faceless, and at most, they received form letters from him…or her. Nowadays, company workers know the names of the CEO’s grandkids, new puppy, where they spent their last vacation, complete with photos.

CEOs want a human connection to their company’s worker bees and hence, many are very active on social media—so active, in fact, that they hardly think of security…like using old passwords for new accounts and/or using the same password for multiple accounts…and/or using an easily crackable password.

Other mistakes CEOs make:

  • Posting personal information—way too much, more than enough for hackers to use against them.
  • This includes names of kids and vacation destinations, details about hobbies, relatives and other personal data.
  • Inclusion of personal information on a professional social media profile.

That may all sound innocent and just a way for CEOs to humanize themselves, but the more personal information they share with the world, the easier it is for cybercriminals to bust in. Crooks can often easily obtain the CEO’s e-mail and send a message that appears innocent, but has a link or attachment that the recipient is lured into clicking.

Once clicked, the attachment or e-mail unleashes malware, giving the crook control of the CEO’s computer. So even if the CEO has a unique and very strong and long password for each social media account, all it takes is a moment of having their guard down and hastily clicking a malicious link or attachment to get infected.

The hacker may have many motives for breaking into an account, and this includes posing as the CEO and posting items on the social media account with the hopes of damaging the CEO’s reputation.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Case allows Employees to run amok on Social Media

/in /by

Lesson learned: If you run a fast-food restaurant or any company for that matter, you’d better treat your employees right. After all, they have a legal right to tweet all they want about you.

14DA Chipotle Mexican Grill in Havertown, PA, had a ban in place: Employees are prohibited from using social media to spread “inaccurate information” or “disparaging, false or misleading statements.”

But the National Labor Relations Board recently deemed that this rule violates federal labor law, even though an employee, James Kennedy, had tweeted less-than-favorable information about working conditions and had also circulated a petition (that the franchise tried to ban).

Chipotle violated the NRLA, according to the administrative law judge, when it demanded that Kennedy cease tweeting and delete the other tweets.

Another violation on Chipotle’s part was the firing of Kennedy, who had refused to stop circulating a petition among coworkers after a manager ordered him to do so. Kennedy’s use of social media was a protected activity under the law, and so was his circulation of the petition. The establishment was ordered to reinstate Kennedy and pay him lost wages.

Just what exactly was Chipotle’s rule about circulating a petition? It barred employees from doing this even during non-working hours and within visual or hearing range of patrons.

Chipotle was ordered by the NLRB to reverse its rules pertaining to social media and solicitation of petitions. And believe it or not, Chipotle even had a policy in place that banned discussing politics on the job. This ban, too, was lifted, courtesy of NRLB’s order.

Chipotle corporate was also required to make sure that all of its employees in the U.S. would be made aware of these policy reversals.

As of August 19, neither Chipotle nor its legal team have responded to any requests to comment.

Frankly, as an employer, this ruling is scary. And knowing employees often blather on about anything and everything, this ruling may open a can of worms that can’t be put back in.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Set Privacy on these Social Media Apps

/in /by

Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.

14DParents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.

Applications have safety settings. Do you know what they are? How they work?

Instagram

  • A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”

Snapchat

  • Enable the self-destruct feature to destroy communications quickly after they are sent.
  • But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
  • Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.

Whisper

  • Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
  • Go to your iPhone’s settings and change the location access to “Never.”

Kik

  • Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
  • Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
  • Don’t share usernames.

Askfm

  • This question-and-answer service attracts cyberbullies.
  • In the privacy settings, uncheck “Allow Anonymous Questions.”
  • The user should remain anonymous.

Omegle

  • This video-chatting service is a draw for pedophiles.
  • It should never be linked to a Facebook account.

Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

32 Million Twitter Pass for sale Add two-factor NOW

/in /by

The Dark Web, according to LeakedSource, got ahold of 33 million Twitter account details and put them up for sale. Twitter thus locked the accounts for millions of users.

5DTwitter, however, doesn’t believe its servers were directly attacked. So what happened? The bad guys may have created a composite of data from other breached sources. Or, they could have used malware to steal passwords off of devices.

Nevertheless, the end result meant that for many Twitter accounts, there was password exposure—leading to the lockdown of these accounts. The owners of these accounts had to reset their password after being notified of this by e-mail.

Some users who did not receive this e-mail notification will find that their accounts are locked.

An Ounce of Prevention

  • Go through the passwords of all of your vital accounts, and see which ones are unique, long and strong. You’ll likely need to change many passwords, as most people use simple to remember passwords that often contain keyboard sequences and/or words/names that can be found in a dictionary, such as 890Paul. These are easily cracked with a hacker’s software.
  • Who’d ever think that Facebook’s chief executive Mark Zuckerberg’s Twitter account could be hacked? It was, indeed, and it’s believed this was possible due to him reusing the username of his LinkedIn account several years ago.
  • So it’s not just passwords that are the problem; it’s usernames. Not only should these be unique, but every single account should have a different username and password. However if a username is an email address, you can’t do much here.
  • Passwords and usernames should be at least eight characters long.
  • Use more than just letters and numbers-use characters if accepted (e.g., #, $, &).
  • So Paul’s new and better password might be: Luap1988($#.
  • Sign up with the account’s two-factor authentication. Not all accounts have this, but Twitter sure does. It makes it impossible for a crook to sign into your account unless he has your cell phone to receive the unique verification code that’s triggered with every login attempt.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Facebook CEO Password dadada hacked

/in , , /by

If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account!

14DIf this got Mark Zuckerberg’s (Facebook’s chief executive).  Twitter account hacked, it can get just about anybody hacked.

A report at nytimes.com says that the OurMine hacking group takes credit for busting into Zuckerberg’s accounts including LinkedIn and Pinterest. It’s possible that this breach was cultivated by a repeated password of Zuckerberg’s.

According to OurMine, Zuckerberg had been using the same password for several accounts. Not only is that asking for trouble, but the password itself is highly crackable: dadada. Don’t laugh. A hacker’s software will find this in minutes.

How to Protect Your Accounts

  • Change any passwords that are used more than once.
  • Change any passwords that contain keyboard sequences, repetitions of letters or numbers (252525 is akin to dadada), or actual words or proper nouns.
  • If the idea of overhauling your passwords is overwhelming, use a password manager (e.g., RoboForm). A password manager will create long, unique passwords that are different for every account, and you won’t have to remember them because the manager will issue you a master password.
  • See which accounts offer two-factor authentication, then sign up. This is a tremendous step towards preventing being hacked. So if an unauthorized person attempts to log into your Twitter or LinkedIn account, this will send a code to your cell phone that needs to be entered before the account is accessible. Unless the hacker has your cell phone, he won’t be getting into your account.
  • Some say every 90 days, or at least twice a year, change all of your passwords. I think that’s a bit much. Different and strong is what matters most.

Visit Have I Been Pwned to see if your e-mail account has been hacked. I did. 6 of my accounts showed up as being part of data dumps of sites that were hacked. Then I checked all 6 accounts, all had different passwords, but I still changed them. One was gmail, but with two factor verification/authentication, I’ve had no issue. Simply type your e-mail address into the field and click “Pwned?” If the result shows bad news, then you must immediately change your password to one that you’ve never had before—and at least eight characters and unique.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents: do You know your Teen’s Social Media Platforms?

/in , , , /by

With all the apps out there that individualize communication preferences among teens, such as limiting “sharing,” parents should still hold their breath. Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.14D

  • Temporary messages do not vanish forever.
  • Are anonymous applications really anonymous?
  • How temporary is “temporary”?

Kik Messenger

  • Users can stay anonymous and conduct all sorts of communication.
  • Has perks, like seeing if someone read your message.
  • Has drawbacks, such as accidentally sending content to more people than the user intended.
  • Easy to end up communicating with anonymous strangers.
  • Involves ads disguised as communication.

Ask.fm

  • Kids anonymously ask questions, e.g., “How do I conceal my eating disorder from my parents?” This question is benign compared to others on the site, though many users are innocent teens just hanging out.
  • This kind of site, though, promotes cyberbullying.

Whisper

  • Intended for adults, this app is where you post what’s eating you.
  • Some posts are uplifting and inspirational, while others are examples of human depravity.
  • Replete with references to drugs, liquor and lewd behavior—mixed in with the innocent, often humorous content.

Yik Yak

  • For users wanting to exchange texts and images to nearby users—hence having a unique appeal to teens.
  • And it’s anonymous. Users have made anonymous threats of violence via Yik Yak.
  • Due to the bond of communicating with local users and the anonymity, this medium is steeped in nasty communication.
  • Threats of violence will grab the attention of law enforcement who can turn “anonymous” into “identified.”

Omegle

  • This anonymous chat forum is full of really bad language, sexual content, violence, etc.
  • The app’s objective is to pair teens up with strangers (creepy!).
  • Yes, assume that many users are adult men—and you know why.
  • Primarily for sexual chat and not for teens, but teens use it.

Line

  • Texting, sending videos, games, group chats and lots of other teeny features like thousands of emoticons.
  • The Hidden Chat feature allows users to set a self-destruct time of two seconds to a week for their messages.
  • For the most part it’s an innocent teen hub, but can snare teens into paying for some of the features.

Burn Note

  • Text messages are deleted after a set time period.
  • Texts appear one word at a time.
  • Burn Note can promote cyberbullying—for obvious reasons.

Snapchat

  • Users put a time limit on imagery content before it’s erased. So you can imagine what some of the imagery might be.
  • And images aren’t truly deleted, e.g., Snapsaved (unrelated to Snapchat) can dig up any Snapchatted image, or, the recipient can screenshot that nude image of your teen daughter—immortalizing it.

REPEAT: Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Stop being a blabber on Social Media

/in /by

Are you a cyber-blabber? Even a post about your daily afternoon foray to the sub sandwich shop could get you in trouble: A burglar reading this knows when to rob your house. But it doesn’t end there. STOP THE MADNESS!

14DThe Giants: Facebook and Twitter

  • Be careful what you post on Facebook and tweet about. It can be used against you in court, even something as innocuous as: “I’m training for my very first 10K.” Not good if you’re suing someone who hit your car for back pain and suffering.
  • Lawyers will take the time to scroll the Facebook timeline and your tweet history for evidence that can kill your case.

Reputation and Safety

  • Seemingly harmless posts and tweets can indicate to burglars when it’s a good time to break into your house.
  • Worse, posts and tweets can indicate to pedophiles when and where to lure your child into their car.
  • Less malevolent, but potentially annoying though, are the data mining companies that piece together your tidbits to then design an ad campaign targeted towards you.
  • Are your posts replete with language? This won’t look good to a potential employer. Nor will endless posts about how fatigued you always are.
  • That image of your young child’s specially hand-crafted spanking paddle won’t go over well with the mother you were recently interviewed by for a nanny position.

I think you are starting to get it.

Obsessions

  • Facebook and Twitter can certainly amplify a pre-existing whacked sense of priorities. An example is that of obsessively checking your friend’s page to see what new thing she’s bragging about, then getting worked up with anger that you can’t match this, such as a new sports car.

Solutions

  • Set a timer out for, say, 30 minutes a day, and that’s your limit on Facebook and Twitter.
  • Avoid social media for one week to kill your hunger for obsessing over a family member’s bigger house, fancier car and more prestigious job.
  • Set your privacy settings on high.

Stop making inane posts about everything that happens to you. Nobody will go to bed in distress just because they didn’t read that you had an upset stomach after eating too much at BurgerVille.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.