Posts

10 Ways to protect your Gmail Account

Protecting your Gmail account means you must activate some tools that Google offers, and you must increase your scam savvy intelligence in order to spot phishing scams. If you do both, you can have a very well-protected Gmail account.

2D#1. Google 2 Step Verification. This is the Holy Grail of account security. Not really, but it’s the best they have available. With 2 Step you get a onetime log in code to a secondary device like a mobile phone via text or the “Google Authenticator” app. I like text best. This will surely protect your Gmail account because a hacker would need access to this secondary device to bust into your account, since Google would require a six-digit unique code for this second device to access your account.

Speaking of codes, you can generate a number of one-time codes that you can use in the event of a mishap such as losing your device; you can use these codes to access your account from a temporary device.

#2. Stay out of Googles spam folder. Learn to ignore spam.Must you open every e-mail? Google does a pretty good job of spam/phish filtering. Leave the phishy/spammy messages alone and you’ll be in good shape.

Most malicious or “phishing” e-mails are very obvious, with any of the following in their subject lines:

–       Get back to me

–       Your money is waiting

–       If you don’t read this now you’ll hate yourself

–       Claim your reward

However, some subject lines look less suspicious, like “Your Amazon.com order has shipped.” If you use a unique e-mail account solely for Amazon or eBay, and then promise yourself never to click on a link inside the e-mail, you’ll be fine.

#3. Never give out your password.

Remember: If someone requests your Google account password, it’s malicious. If you think Google wants your password, don’t give it via any link in an e-mail. Instead go to https://www.gmail.com or https://accounts.google.com/ServiceLogin and login.

#4. Account recovery options: Keep up to date. Always keep your mobile phone number current because it’s what Google uses to send you a security code. So if a hacker gets your Gmail account password, it’s useless unless they have your smartphone number, which Google will use to send you that code to prove your identity.

#5. Have a recovery e-mail address that’s also up-to-date because Google uses this strictly for sending security codes for when you forget a password. You should have this second e-mail address also because Google will use it to send important security information.

#6. Secondary e-mail address. This is in addition to the recovery address mentioned prior because you can use this alternate to sign into your Gmail account. Note, however, that this alternate address must not be part of your Gmail account or even associated with a second Google account.

#7. Use secure connections. Gmail should always be set to use a secure connection, denoted by HTTPS before the URL. Go to Settings, General, Browser Connection to set it up. Use a secure VPN for logging in. Hotspot Shield protects and encrypts your wireless connections.

#8. Strong & long is the name of the game. Enough of passwords like Puppylover1, carfiend1979 and Darlingmama. Don’t use words that can be found in a dictionary. Include symbols like #, * and $. The more nonsensical and longer the password, the better. Next, do not ever use your Google password for any other account. Your e-mail passwords should be equally nonsensical.

#9. Incognito. Use the “incognito” or “private” mode in browsers when you’re on a public or shared computer such as at a hotel. These modes will prevent cookies, web history and other data formation from getting stored. If these modes are not available, clear your cookies and browsing history when you LOG OUT.

#10. Finally, to protect your Gmail account, keep your system up-to-date and secure with anti-virus and anti-malware.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Fake Funeral & E-mail Scams: Recognize & Avoid

How does a funeral scam work in the first place? This is something that I, as a security analyst, teach to the consumer public. First of all, the fake funeral scam starts off with an e-mail. The fraudulent e-mails come disguised as a notification for a funeral.

9DThe Better Business Bureau describes how the funeral scam works:

The subject line of an e-mail will say “funeral notification.” The message can be from anywhere, though it’s made to look like it’s from a Texas funeral home. You’re invited to a “celebration of our friends’ life service.” It’s a real-looking e-mail. It even uses the funeral home’s actual logo.

Of course, typical of scam e-mails, you’re urged to click a link inside the message, to view “more detailed information” about the ceremony. But clicking on the link will take you to a foreign domain, where malware awaits  –  to be downloaded to your computer. The crooks will then have access to your personal data.

How to Avoid the Funeral and Other E-mail Scams

  • Just because a real-existing business’s logo is in an e-mail message, doesn’t mean that the message is authentic and not fraudulent. A scammer can even make the sender’s address appear authentic.
  • Before clicking on a link inside a message (and you shouldn’t, anyways), hover over the link to see what the source is.
  • But why hover when you’re smart enough NEVER to click on a link inside an e-mail message in the first place?
  • A message from a company that has poor spelling and grammar is highly suspicious.
  • Messages calling for immediate action are usually scams.
  • Don’t click pop-ups that seem to originate from your computer, even if they warn your computer has been infected.

You now know how to stay ahead of crooks trying to rip you off with the funeral scam e-mail.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Epsilon Breach Reminds of Security Awareness

Epsilon is a marketing company that has millions of emails on file of consumers who have made purchases or are affiliated with various banks, retailers, hotels etc. Epsilon sends over 40 billion emails out a year and was recently breached in a hack attack. Consumers are now receiving breach notifications from the likes of financial institutions such as Citigroup, Capital One and JPMorgan Chase, and hotels such as the Marriot and the Hilton.

The result of the breach will mean consumers will receive phishing emails that look like one of the legitimate entities breached but are in fact fake trying to trick the victim into entering their usernames and passwords or providing personal information such as credit cards or even Social Security numbers.

This is made possible by the fact that the consumer is accustomed to receiving similar emails on a regular basis and may not be able to tell the difference between a real or fake.

This breach should unquestionably heighten consumers’ awareness of their personal security in regards to their information security and also their physical security. Criminals are targeting the public in more ways today than ever before.

Being overwhelmed and paranoid is unnecessary, but being alert and focused is essential.

A constant vigilance is required in order to protect yourself and family from the onslaught of scams and potential violence that is being perpetrated every moment of every day.

Meanwhile:

Never enter personal information into an email not initiated by you.

Never click links in an email. Go to your bookmarks or manually type in the address.

Consider changing up your email address if it has been breached.

Change all your passwords to different passwords. No two accounts should have the same password.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Epsilon Breach Will Impact Consumers for Years

This week consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton HHonors and others, letting them know that their e-mail addresses have been exposed due to the recent Epsilon data breach.  This provides a perfect opportunity for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords.  Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing  or spear phishing ones.

Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades. Email addresses fall in the middle because consumers have the ability to change them, but often weigh the pros and cons and keep them for convenience sake.  This is what makes getting phished a higher probability.

McAfee Labs believe scammers will probably wait until they figure out how best to turn their scams into money, and may wait until the news cycle dies down.  That’s why it is important for consumers to stay vigilant for a period of time…really for the entire time you posses a hacked email address.

Here are some tips for consumers to stay safe:

– Consider ditching your compromised address and starting new.

– Be aware that companies will never ask you for credit card information or other personal information in email.  If you are being asked to provide that information, it’s a scam.
– If you are suspicious of an email, go directly to the Web site of the company that purportedly sent it and don’t follow links in the email as those may be fraudulent. Call the company’s number listed on their Web site, not the number in the email as that may be a fake
– Consider unsubscribing from email communications and re-subscribing using a new email address for commercial communications. That way you know that messages that land in that new inbox are more likely to be genuine as the new address wasn’t part of the breach

– Use the latest security software, including Web security features to protect you from going to malicious Web sites such as phishing sites

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing the Epsilon breach for McAfee on Fox News. (Disclosures)