Posts

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Strengthen Your Digital Defenses with the 5 Habits of Practically Unhackable People

At the start of the year, we all made our resolutions for 2015. Now it’s March—how are you doing on your resolutions? If you’ve already broken a few, no worries; New Year’s doesn’t have the monopoly on making goals to better yourself. This is especially true with digital safety. At a time when there are so many security breaches, it’s important to commit to strengthening your digital defenses year-round.

1DWhen making goals, it’s important to emulate people who have already mastered what you’re trying to learn. So in this case, what do super secure people do to stay safe online? Intel Security has the answer—here are the 5 habits of practically unhackable people:

  1. Think before they click. We click hundreds of times a day, but do we really pay attention to what we click on? According to the Cyber Security Intelligence Index, 95% of hacks in 2013 were the result of users clicking on a bad link. Avoid unnecessary digital drama, check the URL before you click and don’t click on links from people you don’t know.
  2. Use HTTPS where it matters. Make sure that sites use “https” rather than “http” if you’re entering any personal information on the site. What’s the difference? The extra “S” means that the site is encrypted to protect your information. This is critical when you are entering usernames and passwords or financial information.
  3. Manage passwords. Practically unhackable people use long, strong passwords that are a combination of upper and lower case letters, numbers, and symbols. Yet, unhackable people don’t always memorize their passwords; instead, they use a password manager. A password manager remembers your passwords and enters them for you. Convenient, right? Check out True Key™ by Intel Security, the password manager that uses biometrics to unlock your digital life. With True Key, you are the password.
  4. Use 2-factor authentication (2FA) all day, every day. When it comes to authentication, two is always better than one. 2FA adds another layer of security to your accounts to protect it from the bad guys so if you have the option to use 2FA, choose it. In fact Intel Security True Key uses multiple factors of authentication.
  5. Know when to VPN. A VPN, or virtual private network, encrypts your information, which is especially important when using public Wi-Fi. Practically unhackable people know that they don’t always need a VPN, but know when to use one.

To learn more about the 5 habits of practically unhackable people, go here. Like what you see? Share the five habits on Twitter for a chance to win one of five prize packs including a $100 gift card to Cotopaxi or Hotels.com.*

You don’t need to wait for another New Year to resolve to become a digital safety rock star – start today!

*Sweepstakes is valid in the U.S. only and ends May 16, 2015. For more information see the terms and conditions at intel.com/5habits.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Researcher says HTTPS can track You

Perhaps you’ve read that “HTTPS” at the start of a website address means that the site is secure, encrypted. However, a feature of the HTTPS can track you, says an article at theregister.co.uk.

2DHTTP is not secure. Carnegie Mellon University in a Register article states “HSTS”, which is “Strict Transport Security”  redirects users to HTTPS. The HSTS authors decided that this redirection every single time was a bit much, so they came up with a feature that browsers could remember regarding the HSTS policy of visited sites. I know, a LOT OF INFORMATION.

The Register article goes on to explain that this feature is a “super cookie.” If you use a redirected site, an HSTS “pin” is set. It’s unique to you and the site you visit. Sam Greenhalgh says, as quoted in the article, “Once the number is stored it could be read by other sites in the future. Reading the number just requires testing if requests for the same web addresses are redirected or not.”

The browsing modes of incognito or private have no effect, continues the article. IE doesn’t support HSTS, but Chrome, Firefox and Opera browsers permit HSTS flags to be cleared.

Safari is a different story, says Greenhalgh. The article quotes him: “When using Safari on an Apple device there appears to be no way that HSTS flags can be cleared by the user. HSTS flags are even synced with the iCloud service so they will be restored if the device is wiped. In this case the device can effectively be ‘branded’ with an indelible tracking value that you have no way of removing.”

Think of all of this as a kind of fingerprinting of the user, you. A crook who runs a malicious site is capable of exploiting this feature. However, Google has reported to Greenhalgh that it’s “not practical” to “defeat such fingerprinting.”Its not practical getting hacked either.

Protect your privacy:

  • Don’t send any sensitive information when connecting over public Wi-Fi (e.g. don’t do banking or shop online)
  • Use private browsing mode on your Internet browser or at least turn off your browser cookies.
  • Never reply to spam or unknown messages, whether by email, text, IM or social networking posts from people you don’t know—especially if it’s for an offer that sounds too good to be true.
  • Only friend or connect with people online you know in real life.
  • Make sure when you’re providing any personal information online that the site uses encryption (look for https:// in the URL) and check to see how they are using your personal data in their privacy policy.
  • Be aware of location services with your smartphone or tablet. Turn off the GPS on your mobile device’s camera and only allow

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.