Posts

Google Alert Scams

If you want to know the latest on “any topic”, just sign up for Google Alerts. Google will e-mail you notifications of new information coming online. I have Google Alerts for “Home Invasion” “Identity Theft” “Burglary” “Computer Security” and many more.

So what could be so harmful about receiving alerts about topics or people who are famous for being famous or your favorite presidential candidate?

  • A scamster creates a website and inserts popular search terms such as “Kate Middleton” or “Donald Trump.”
  • If you signed up for Donald Trump, you’ll not only receive legitimate alerts from Google, but also links originating from the scammer’s site. You won’t know which is which.
  • These fraudsters have figured out a way to circumvent Google’s security.
  • Clicking on these links could download malware into your computer.

In another example Intel Security’s McAfee does the “Most Dangerous Celebrity” survey based on malicious search results. They then determine which searched celebrity sites produce the most malware.

What can you do?

  • A tell-tale clue of a scam is that when you hover over the link inside your e-mail, the URL doesn’t correlate to the alleged source of the news. If it doesn’t match up, skip it. A scammer’s URL isn’t going to have what appears to be a legitimate news outlet address.
  • Narrow your search down. So if you want the latest in Trump’s polls, type “Donald Trump polls” in the Google Alert field. Otherwise, just leaving it as “Donald Trump” will not only flood your in-box, but it will be much more likely that some of those “alerts” will be fraudulent.
  • Another way to narrow the parameters is to set the alerts for “news,” “blogs,” “best results” and “United States.”
  • Be very suspicious of URLs that do not end in a dot-com, net, org or other familiar suffix. Often, scammy URLs come from foreign countries where the suffix is different, such as “fr” for France or .ru for Russia or .cn for China.
  • If a link appears to be fraudulent, report it to Google.com/alerts.

If you’re signed up for Google Alerts for numerous topics, consider cancelling some of these, especially if it’s a hot topic that makes headlines nearly every day, such as the presidential race—which you’re bound to see anyway simply by visiting a reputable news site.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to sign out of all Google Accounts

Let’s cut to the chase (never mind how you misplaced your phone): There are several ways to sign out of your Google accounts remotely. It takes three steps, and you’ll need the desktop version of Google. gg

  • On a mobile use a browser opposed to the Gmail/Google app and sign in at gmail.com.
  • Seek out “Desktop version” at the bottom of the window/browser. Click it. You may need to login again.
  • At the very bottom you will see “Recent Activity” in the right corner. Look below that to see “Details.” Click that.
  • A window will pop up giving you information about your account.
  • Look at the top of the page for a button, “Sign out all other sessions.” Click that.
  • And that’s it! Do this now to test it out.

You just signed out of your Google account. What this means is that anyone who might be in your account gets signed out or anyone who gets ahold of your lost or stolen phone/laptop etc will not be able to gain access, because they will need your password (which hopefully isn’t something dopey like 123password or password1, being that these are among the most commonly used passwords and thus very easy to guess at).

Keep in mind that Google has a device location tool. It works only when you’re signed in on the said device. So if you just signed out of all of your Google accounts, this location feature will be of no use. But if you happen to know precisely where your “lost” phone is, then it makes sense to sign out on all Google accounts.

Sounds odd, because chances are, if you know exactly where the phone is…it’s probably not in the hands of a crooked or nosy person. But you just never know.

For example, you may discover your phone is missing after you’ve returned from the gym. So you call the gym and sure enough, your phone was found in the locker room and turned in to the front desk. Thus, you know precisely where it is. However, who’s to say that a bored employee won’t tinker around with it?

If you know where the phone is, don’t delay in retrieving it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Check out Google’s Password Alert

Cyber crooks have phony websites that masquerade as the legitimate site you want to log onto. They’ve spun their web and are just waiting for you to fly into it. Google now has Password Alert, which will tell you if you’ve landed into such a non-Google web.

2DFor the Chrome browser, this extension will prompt the user to change their password.

When you change a password (regardless of reason) or sign up for a new account and it’s time to come up with a password…don’t just make up an easy word to remember or type.

  • No part of the password should contain actual words or proper names.
  • Each account, no matter how many, should have a different password.
  • If allowed, use a mix of characters, not just numbers and letters.
  • Use a password manager to eliminate the excuse of “I can’t remember a zillion passwords so that’s why I use the same one for multiple accounts.”

Even a strong password, when used for multiple accounts, can present a problem, because if that password gets in the hands of a cyber thief, he’ll then be able to access not just one—but all of your accounts with that password.

A different password for every account at least means that if any password gets into the bad guy’s hands, he’ll only be able to hack into one account per password.

And how might he get the password if it’s long, strong and full of different characters in the first place? By the user being tricked into giving it to him.

This is most often accomplished with a phishing attack: an e-mail that fools the user into thinking it’s from an account they have, such as PayPal, Microsoft or Wells Fargo. The message states there’s a problem with their account and they need to log in to get it fixed. The truth is, when you log in, you’re giving out your crucial login information to the villain.

However, Password Alert will intercept this process. And immediately, so that you can then quickly change the password and protect your account before the thief has a chance to barge into it.

Other Features of Password Alert

  • Many sites are phony, appearing to be legitimate Google sites. Password Alert will spot these sites by inspecting their codes when you visit them. You’ll then get an alert so you can get out of there fast.
  • Password Alert has a database that stores your passwords in a very secure way called a “hash.” This is the reference point that Password Alert uses every time you enter your password into the login field, to make sure you’re not entering it on a malicious site.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Teacher Bit by Social Media Identity Theft on Twitter

Here’s an identity theft story you’ll love to hate.

In Panama City Florida a local and respected teachers’ identity was used to create a fake Twitter profile which spouted off derogatory comments about autistic students. The teacher works with special needs students and had no idea this was going on until she was informed by officials questioning her and the profile.

The Twitter profile included the teachers name, photo, and town along with the derogatory comments. People all over the world started contacting locals officials demanding her ouster after they saw what “she” was writing.

When this came to the attention of the school they immediately brought her in for questioning to determine if she was the author. Their initial questioning led them to believe she was not the author; however they made her bring in her laptop and examined her hard drive for further investigation.

As I’ve said before, identity theft is the only crime I can think of where you are guilty until proven innocent.  Once something like this happens it can quickly and easily damage your reputation.

Online Security Tips:

Right now grab your name on all the popular social media sites. Sign up for every one of them even if you don’t intend on using them. If your name is gone use a hyphen or a dash. For free search over 500 popular social networks and over 200 domain names to instantly secure your brand across the social web at Knowem.com.

Set up Google Alerts to determine of your name is being used online. You want to instantly know if someone is using your name for any reason.

The worst thing you can do is nothing. Sitting back and just letting someone use your name can damage your brand, YOU.

Robert Siciliano personal and home security specialist to Home Security Source discussing social media identity theft on Fox Boston. Disclosures.