Posts

How to Prevent your Devices From Spying on You

You might not realize it, but your electronic devices may be tracking you. They know what you are doing, what you are reading, and the things you like to do. In almost every case, you give these devices permission to collect this info when you start using them. Here are some tips to help you prevent your devices from spying on you:

Laptops

Macs

If you are using a macOS computer, you can limit the information you are sending to Apple by choosing the Apple menu > System Preferences > Security & Privacy. Click the “Privacy” tab, and then you will see options about what apps can use and share data. If you click “Analytics,” you can do even more. Also, keep in mind that if you install a new app, you have to do those updates, too.

Windows

If you use Windows, you can limit the info you share by going to “Settings,” and then clicking on “Privacy.” You can enable and disable settings for each app. Again, any new apps that you install must be taken care of separately.

Chromebook

Google collects a ton of data, so Chromebook users should pay attention. Got to My Activity, and then delete what you want. You can also turn off some of the data collecting by clicking “Manage your Google Activity,” and then “Go to Activity Controls.”

Phones

You can do similar things to stop data collecting on your phone, too.

iOS

If you have an iPhone, there is a Privacy setting in the Settings menu. Open it, and then click on “Analytics,” to see what you share with Apple. If you don’t want to share this, simply toggle it all off. You can go back to “Privacy,” and then take a look at what the settings are for every app you have downloaded to your phone.

Android

If you have an Android phone, you can choose Google, then go to “Personal Info & Privacy.” Choose the “Activity Controls” screen, and then pick and choose what you want to share. Again, you have to also go to change settings for each app, too.

Fitness Trackers

Your fitness tracker is also spying on you. Apps like Strava and FitBit can be controlled through the Settings and Privacy options on your phone. You can do more, though:

Strava

Click on “Menu,” if you have Android or “More,” if you have iOS. Choose “Settings,” and then “Privacy Controls.”

FitBit

With FitBit, tap your profile, and then your account name. Tap “Personal Stats,” and then “Settings” followed by “Privacy.”

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Consumers Have Given Up on Security

According to a recent study, online security for most people is too bothersome. The US National Institute of Standards and Technology published the study, which shows that most people who use the internet have just given up and don’t follow the advice given to them about online security.

The result of this is that consumers are engaging in risky online behavior, and according to one survey participant, if “something happens, it is going to happen” and “it is not the end of the world.”

This is concerning to many, including security experts and survey authors. During this survey, approximately 40 people were interviewed in order to understand how those without a technical background feel about computer security. Though this isn’t a total significant sample size, it is a surprising look at how people feel about the information that experts are giving them. Each interview ran from 45 minutes to an hour, and the goal of the researchers was to find out where the average person stands on online security.

The authors of the report were surprised by the resignation of the interviewees during the survey. Essentially, they saw that people just can’t keep up with security changes. The survey participants, overall, believe that online security is too complex, and these people don’t see the benefits of making any efforts.

Some of the people who took the survey seemed to be under the impression that they didn’t have any information that a hacker would want. For example, one person claimed that they don’t work in a government agency and they don’t send sensitive information over email, so if a hacker wants to take their blueberry muffin recipe, they can go ahead and take it.

What’s interesting is what the study’s authors found when comparing those who had experienced identity theft with those who hadn’t. Those who have had an incident with the theft of their identity were much more focused on their online security.

To help the survey participants better understand their risks and to change their minds about internet security, study authors advise that those involved in technology and security must work diligently to help the people using the internet understand the dangers of lax security. They also must work to make it easy for internet users to do the best they can when keeping their accounts safe. It’s important for people who use the internet to make it a habit to remain more secure.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Computers perfectly forge Handwriting

Handwriting analysts really have their work cut out from them now, thanks to the development of new software that can forge—better than a human can—a person’s handwriting. So if you are worried about identity theft, add one more element to the kettle: a crook getting ahold of this software (developed at the University College London) and perfectly duplicating your signature.

Computer crime concept

Previous attempts to create computer generated forgery that looked real have flopped, a la, “This looks like a computer did it!”

A new algorithm has been invented that very much simulates the way a human creates handwriting. One of the tell-tale signs of computer generated signatures or other cursive is that it looks too perfect, particularly the linking of characters to each other.

The new algorithm captures the human qualities of penmanship, including:

  • The joining of the characters. Note that with those fancy fonts that look handwritten, the joining of each letter is so perfect that you can tell it is computer generated.
  • Varying degrees of thickness of the characters—which results from continuous changes of pressure that a person exerts on the writing implement, as well as varying flow of ink from the pen.
  • Horizontal and vertical spacing of characters.

These variations mimic the handwriting of a human, not robot. All the algorithm needs is one paragraph of someone’s handwriting to calculate and deliver the replication.

And you are probably wondering why this algorithm was developed, aside from maybe the researchers’ hunger for finally figuring out the puzzle to replicating handwriting with a computer. Obviously, this technology can get into the wrong hands, such as those of identity thieves, plaintiffs in personal injury lawsuits who want to forge a doctor’s signature, and other litigants in legal cases.

But this algorithm has a place in the world of good. For instance, for those whose ability to physically generate cursive is impaired can use this tool to create stylish handwriting or writing that looks like theirs used to.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ins and Outs of Call Center Security

Companies that want to employ at-home workers for their call centers to save money and reduce the hassles of office space have to look at security considerations. In addition to thorough vetting of the agents and their equipment, organizations also need to ensure that the security is top-notch. A cloud-based contact center combats these issues. 3DHere are some considerations:

  • Will it anger customers to have an agent who can’t speak clear English? Not only does poor speech of the employee drive some customers away, it also concerns customers who are accessing their data over seas.

When choosing an outsourcer, organizations look for important factors including: (1) agent language capabilities, (2) security capabilities, and (3) financial stability of the outsourcer. – Study conducted by Ovum

  • There comes a point where businesses need to put customer comfort first, especially when it comes to security, such as in the case of healthcare and financial concerns—more complex issues. “Homeshoring” eliminates the awkwardness that sometimes arises when someone is trying to bushwhack through the broken English of the customer support. Though homeshoring will cost companies more, this will be offset by lower turnover rates, small learning curve and a higher rate of first-call resolution.
  • Telecommuters (agents) should be screened vigorously, including (as a minimum) a background check for Social Security Number, criminal history and citizenship.
  • Then, a contract should be drawn up that should include an agreement to customer confidentiality as well as learning specifications.
  • A system should allow the customer to enter, via phone keypad, sensitive information such as credit card number—but without the agent seeing this entry.
  • Sessions between agents and customers can be infringed upon by hackers who want to gain access or snoop, creating a need for an end-to-end security system.
  • Zero-day attacks, which give hackers access, are a big threat. To prevent this, companies must have regularly updated and patched-up systems.
  • A firewall is a must, for server protection and back-end systems.
  • Also a must is two-factor authentication. This superb verification method includes the factor of device location and other identifiers. An agent must have a way of receiving a one-time code sent by the company to gain access to a critical system. A hacker, for instance, won’t be in possession of an agents cell phone to receive the texted code.
  • In tandem with two-factor authentication, the cloud service should require a very uncrackable password so that only at-home agents can gain access. A strong password is at least eight characters (preferably 12) and contains caps and lower case letters, plus numbers and other characters like #, $ and @.
  • Cloud services should be 100 percent PCI Level 1 compliant. To enhance security, have a minimum of two PCI-compliant data centers.

Offshoring and outsourcing for call center agents places an even higher demand for security—which is already greatly needed by virtue of the at-home, virtual workplace. When choosing an outsourcing solution consider all of the above. Ask lots of questions and get quality references.

Robert Siciliano is a Personal privacy, security  and identity theft expert to Arise discussing identity theft prevention. Disclosures.

What is a Rootkit?

A rootkit is a kind of software that conceals malware from standard detection methods. A good analogy for a rootkit would be a burglar breaking into your house. The burglar is dressed all in black, so that his form blends into the darkness. He tiptoes around to hide his sounds so he’s more likely to go undetected as he steals your belongings. But unlike the burglar, who usually takes your stuff and leaves, an efficient rootkit can stick around for years doing its work, robbing your computer or mobile device of data.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813How do you get a rootkit? One way is via a , or a malicious file that looks benign, like a plug-in that you download or an opening an email attachment. Rootkits can also be spread through infected mobile apps.

Once downloaded, a  rootkit will interfere with your device’s functions, including your security software. If you run a security scan, a rootkit will often prevent your security software from showing you this information so you’ll have no idea that malware is running on your device.

Because of this, it is difficult to detect a rootkit. Detection methods include looking for strange behavior on your device or scanning your device’s memory. If you do believe that you have a rootkit on your computer or mobile device, you can either reinstall your operating system (after backing up your data, of course) or use a rootkit removal tool like

  • Don’t open suspicious links or attachments. Although they might look harmless, they could have malware installed on them.
  • Keep your OS updated. Make sure that you install the latest updates for your operating system and any hardware updates that are available for your device as these often close up security holes.
  • Install comprehensive security software. Security software, like McAfee LiveSafe™ service, can safeguard your computer or mobile device from rootkits. Make sure to keep your software updated against new threats.

For more security tips and news, check out the Intel Security Facebook page or follow them on Twitter at @IntelSec_Home.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The Guide to Securing Your New Tech Toys

Ho ho ho! It seems that this year, Santa’s sleigh was filled with technology—laptops, smartphones, gaming consoles, etc. Playing with and learning about your new tech toy is fun, but remember to secure your device. It would be a total bummer if your new toy was suddenly compromised by a virus or hacked into. Luckily, there are a few things you can do to protect your new device.

7WComputer/laptop

Install security software. Free software is not recommended, as it provides only basic protection and you’ll likely end up purchasing more anyways. Your security software should include:

  • A two-way firewall: monitors the activity on your devices making sure nothing bad is coming in (like unauthorized access) and nothing good is leaving (like your data).
  • Anti-virus software: protects your devices from malicious keyloggers and other malware.
  • Anti-phishing software: watches your browser and email for suspicious inbox activity.
  • Anti-spyware software: keep your PC spyware free.
  • Safe search capacities: McAfee® SiteAdvisor® tells you what websites are good and which are suspicious.

Smartphone or tablet

  • Be leery of third-party apps.
  • Turn off automatic connections to Bluetooth and Wi-fi.
  • Apply app and OS updates.
  • Never store sensitive information on your device.
  • Use mobile security software for iOS or Android that includes anti-virus, anti-theft, app, and web protection.

Gaming or electronic device

  • Create backups.
  • Don’t store personal info on the device.
  • Connect only to a secure Wi-Fi network.
  • Make sure you apply any OS updates.

Now have a great time with your new tech device. Play with ease of mind, knowing your device is secure.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

PC Hard Drive Maintenance 101

Keeping your hard drive in tip-top shape is key to a well-running computer. A crashed hard drive means smacking a big wet-one goodbye to all of your data.

7WEliminate Unnecessary Data

  • De-clutter the drive to make its workload easier.
  • One way of de-cluttering is to uninstall programs you never use (go to the control panel).
  • Review your files and folders and rid the ones you’re done using.
  • Store the ones that you rarely use but don’t want to delete on a flash drive.
  • Also use your computer’s disk clean-up program (go into “Computer,” right-click the hard drive, hit “Properties” and click “disk cleanup”) to help get rid of junk.

Keep the Drive Hopping

  • There are many freeware utilities that can help your hard drive provide you feedback of its integrity. You should use one of these, as they will tell you how your hard drives are performing—kind of like going to a doctor to get your cholesterol numbers—you want to nip any potential problems in the bud.
  • Go into “Computer,” then right-click the drive, and then hit “Properties.” Once here, click the “Tools” tab. You will see an option for checking errors. It is important for Windows to perform recurring checkups of your drive. So hit “Optimize” to get this task done.
  • Next up, go to the control panel. Click “Hardware and Sound” and hit “Power Options.” This choice will keep the hard drive feeling young.
  • Don’t let physical clutter engulf the perimeter of your computer; it needs room to breathe.
  • Make sure your computer doesn’t get too hot. One way this can happen is if you use it while in bed. You also don’t want your computer to get cold, either, but chances are, you won’t be doing computer work outside in 40 degree weather.

Reinstall your operating system

  • Google “How to reinstall Windows.. (your OS)” or same with Mac. This is not all that hard to do. I do this every 2-3 years and I know others that do it every year. This is the single best way yo keep your hard drive tight.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Tips to Stay Safe Online

Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks.

4HJust like there are dangers in the ocean, there are many dangers lurking on the Internet. And a savvy web surfer and searcher knows that there’s ways to protect themselves. Here are some tips to keep you safe while you surf the internet.

  1. Know the scams. Read articles and blogs, follow the news, and share this so you can  learn about different kinds of scams and what you can do to avoid them and also help your friends.
  2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
  3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.  McAfee SiteAdvisor is a free download and protects you from going to risky sites
  4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
  5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to www.passwordday.org
  6. Protect your info. Keep your guard up. Back up all of your  data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
  7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected. For more information on how to protect your Wi-Fi connection, click here.
  8. Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing McAfee LiveSafe™ service which has a much better firewall than the one that comes built into your operating system.
  9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans
  10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from some hungry cyber-shark.

These are the basics to help you stay safe online. To stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is an Advanced Persistent Threat?

If you’ve ever seen a movie where the bad guys are using ongoing, invasive hacking to spy on their “enemy,” you have some familiarity with an advanced persistent threat (APT).

11DThis term usually refers to an attack carried out by a group that targets a specific entity using malware and other sophisticated techniques to exploit vulnerabilities in the target’s systems. It is often done for intelligence gathering with political, financial or business motives.

For example, an APT aimed at a corporation could take the form of Internet-based malware that is used to access company systems, or a physical infection, such as malicious code uploaded to the system via a USB drive. These kinds of attacks often leverage trusted connections, such as employee or business partners to gain access and can happen when hackers use spear phishing techniques to target specific users at a company.

Remaining undetected for as long as possible is a main objective with these attacks. It is their goal to surreptitiously collect as much sensitive data as they can. The “persistent” element implies that there is a central command monitoring the information coming in and the scope of the cyberattack.

Even though APTs are not usually aimed at individuals, you could be affected if your bank or another provider you use is the target of an attack. For example, if attackers secretly gather intelligence from your bank, they could get access to your personal and financial information.

Since you could potentially be affected by an APT attack on an entity or company that you do business with, it’s important that you employ strong security measures.

  • Use a firewall to limit access to your network.
  • Install comprehensive security on all your devices, like McAfee LiveSafe™ service, since malware is a key component in successful APT attacks.
  • Don’t click on attachments or links you receive from people you don’t know.
  • Keep your personal information private. Be suspicious of anyone who asks for your home address, phone number, Social Security number, or other personal identifying information. And, remember that once you share personal information online it’s out of your control.
  • Check to see if the websites you share sensitive information with use two-factor authentication. This is a security technique that uses something that you know, such as your password, and something you possess, such as your phone, to verify your identity. For example, your bank may ask for your password online, as well as a code that it has sent via text message to your phone. This is a 2nd layer of protection and should be enabled for sensitive information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Don’t Get Kicked By Football Players Online

The biggest sporting event of the year just kicked off. If you’re not a football fan (that’s soccer for us Yanks), this is the ultimate goal and it’s just getting started. Many fans will head to Brazil to watch these games and their favorite players, but many more fans will flock online to find out information about the players and teams.

Cybercriminals once again are taking advantage of these large numbers and have pounced on the eagerness of fans of the world’s most popular sport. Portugal’s Cristiano Ronaldo dos Santos Aveiro just barely edges other football stars as the world’s riskiest football player to search for online and tops the McAfee “Red Card Club.”

The McAfee “Red Card Club” is a list of eleven Brazil bound players whose web pages are considered to be risky for fans to search for online. Following Ronaldo are Argentina’s Lionel Messi, Spain’s Iker Cassillas, Brazil’s Neymar and Algeria’s Karim Ziani.

The sites most likely to be risky are those offering videos showing the athlete’s skills, and screensaver downloads. These rigged sites are just waiting to trick you into giving up personal information so that the thieves can steal your identity or get ahold of credit card information and max out your cards.

The study uses McAfee® SiteAdvisor® site ratings, which indicate which sites are risky when attached to football players’ names on the Web and calculates an overall risk percentage.

So what’s an excited football fan to do? While it’s probably not feasible for us to stop searching for information about these stars, we can make sure we are safe while doing so. Here are some tips for you to stay safe online:

  • Be suspicious — If a search turns up a link to free content or too-good-to-be-true offers, it usually is.
  • Be extra cautious when searching on hot topics—Cybercriminals set up fake and malicious sites that dominate these time-sensitive search results.
  • Use web protection— Make sure to use a safe search tool that will notify you of risky sites or links before you visit them. McAfee SiteAdvisor software can be downloaded for free here.
  • Check the Web address—Look for misspellings or other clues that the link might be directed to a phony website.
  • Protect yourself—Use comprehensive security on all your PCs, Macs, smartphone and tablets, like McAfee Live Safe™ service, that comes with McAfee SiteAdvisor, a complimentary tool that protects your from going to risky websites and prevents malicious downloads.

Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.