Posts

Study Shows Millennials Choose Convenience Over Security

To those of us consider Tom Cruise the movie star of our day or even Grunge as the music we grew up with, looking at millennials, and the way they view life, is fascinating. These “kids” or young adults, many are brilliant. They really do define “disruption”.

However, that doesn’t mean that this tech savvy generation is always right. In fact, a new study shows just the opposite when it comes to internet safety. Though, they can also teach us a few things and are definitely up to speed on the value of “authentication” (which leads to accountability).

Anyway…South by Southwest, or SXSW, is a festival and conference that is held each year in Austin, TX. This year, a survey was done with some good AND scary results. The company that did the survey, SureID, found that 83% of millennials that were asked believed that convenience is more important than safety. That’s not good. But this is not the only interesting finding, however. On a positive note, the study also found the following:

  • About 96% want to have the ability to verify their identity online, which would ensure it was safe from hackers.
  • About 60% put more value on time than they do their money or safety.
  • 79% are less likely to buy something from a person who can’t prove their identity.
  • 70% feel more comfortable interacting with a person online if they can verify that other person’s identity.
  • 91% say they believe that companies “definitely” or “maybe” do background checks on those who work for them. These include on-demand food delivery and ridesharing. However, most companies do not do this.

What does this information tell us? It says that we are very close to seeing a shift in the way millennials are viewing their identities, as well as how they view the people and businesses they interact with.

Millennials have a need to want to better verify another person’s identity. To support this, just look at dating apps. Approximately 88% of people using them find the idea of verifying the identity of the people they might see offsite as appealing. It’s similar with ride sharing, where about 75% of millennials want to know, without a doubt, who is driving them around.

We live in a world today that is more connected than ever before. These days, as much as 30% of the population is working as freelancers, or in another type of independent work. In many cases, this work is evolving from small gigs to large and efficient marketplaces. Thus, the need for extra security and transparency is extremely important. Sometimes, technology helps us act too comfortably with people we don’t really know, and the study shows that having people prove whom they are will help to create higher levels of trust.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

What’s Your Click IQ?

The recent celebrity photo hacks are an unfortunate reminder of how devastating or embarrassing it can be to have your data compromised.  But celebrities are not the only ones getting hacked. Cybercriminals aren’t choosy—they’ll send malicious texts, emails, and website links to Jennifer Lawrence and your grandma. And while the celebrity hacks are more publicized, the fact is, every day, hundreds of ordinary people are falling prey to phishing scams.

So how can you protect yourself from these cybercriminals? The best defense is actually you.

Many of these scams involve a similar thing—the click. So if you learn how to click wisely, 95% of cybercrime techniques—including phishing, bad URLs, fake text messages, infected pdfs, and more—are eliminated.

And that’s the idea behind Intel Security’s new campaign, #ClickSmart. Intel Security wants to empower you with the skills and sense to avoid those dastardly scams.

Here are some tips to get you started

  • Check URLs for misspellings or interesting suffixes. For example, if you see www.faceboook.ru, don’t click it.
  • Only open texts and emails from people you know. But even if you do know the sender, be wary for any suspicious subject lines or links. Hackers can try to lure you through your friends and family.
  • Beware of emails, texts, and search results offering anything for free. If it sounds too good to be true, then it probably isn’t true.

Print

Are you ready to take the #ClickSmart challenge? If so, go to digitalsecurity.intel.com/clicksmart and see if you’re a Click head or a Click wizard.

To learn more on how to #ClickSmart, join @IntelSecurity, @McAfeeConsumer, @cyber, @GetCyberSafe, @STOPTHNKCONNECT  for Twitter chat on October 14th at 12 PM PT. Use #ChatSTC to join in on the conversation. Click here for more information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Tonight’s Special Guest: McAfee’s Most Dangerous Celebrity of 2014

After a long day of hard work, there’s nothing like coming home, throwing on some PJs, and watching some good old late night television. I love catching up on all the latest news and watching celebrities like Kaley Cuoco-Sweetin discuss the celebrity photo hack (what can I say? I’m a security junkie).

Dangerous Celebrity of 2014It seems like we’ve always had a fascination with the lives of the rich and famous. In the 1700s, people gathered to watch the every move of the King of France, from getting out of bed to changing his underwear. Page Six, the gossip column, used to be the must-read page in the New York Post. Now, in the age of social media, following our favorite celebrities’ comings and goings is even easier. All we have to do is go on Twitter to get the latest about Jayoncé.

Unfortunately, our obsession with celebrities can get us into trouble on the Web. Cybercriminals love to take advantage of our interest in celebrities for malicious means. They use hot celebrity news, like updates on Ryan Gosling and Eva Mendes’ baby, along with the offer of free content to lure you to malicious sites that could steal your money or personal information or install malware.

There are some celebrities who are more likely to lead you to bad stuff than others. Today McAfee announced that Jimmy Kimmel, the host of Jimmy Kimmel Live!, is the 2014 Most Dangerous Celebrity™. McAfee found that searching for the latest Jimmy Kimmel videos and downloads yields more than a 19.4% chance of landing on a website that tested positive for online threats.

Here are the rest of the celebrities that round out this year’s Top 10 Most Dangerous Celebrities list.

 

History tells us we probably aren’t going to get over our fascination with celebrities anytime soon. But there are some things you can do now to stay safe online while you’re reading about your favorite personalities.

  • Be suspicious. If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Check the web address. Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely.Use a Web safety advisor, such as McAfee® SiteAdvisor® that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself. Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Help Spread the Word!
In order to continue to promote safe celebrity searching, McAfee will be running a sharing sweepstakes. Help others stay educated about staying safe online by sharing Most Dangerous Celebrities content and you could  win a Red Carpet Swag Bag that includes a Dell Venue™ 7 tablet, Beats Solo 2.0 HD headphones, a subscription to McAfee LiveSafe service along with other goodies. You must be 18 or older and reside in the United States in order to participate. Learn more here.

While it’s fine to get your fix of celebrity gossip , remember to be safe when doing so.

To learn more about Most Dangerous Celebrities, click here or read the press release, use the hashtag #RiskyCeleb on Twitter, follow @McAfeeConsumer or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Consumers Eager for Connected Technology

Many of us are familiar with the Jetson’s TV cartoon that showed the life of a family in 2026 and how technology is a part of their everyday life. If you’re like me, some of the gadgets that George and his family had are probably things you thought were cool or would be convenient to have, especially the automatic meals that could be selected and then delivered with the push of a button or the flying cars. While we’re not quite at the level of George Jetson, technology advancements are only going to continue.

With that in mind, McAfee commissioned MSI for a study, “Safeguarding the Future of Digital America in 2025,” that looks at how far technology will be in 10 years. And also looking at how all this technology and interconnectedness affects our privacy and security—something George Jetson never had to worry about with Rosie (his robot maid), or while he video chatted.

What is interesting to see from the study is what people believe will be prevalent in 2025 (some of which are Jetson-esque) such as:

  • 60% believe that sooner or later, robots and artificial intelligence will be assisting with their job duties
  • 30% believe they’ll be using fingerprints or biometrics to make purchases
  • 69% foresee accessing work data via voice or facial recognition
  • 59% of people plan to have been to a house that speaks or reads to them.

There’s no reason to doubt all of these advances won’t soon be reality, but there will also be new considerations for consumers to be aware of. The more “connected” you are, the more you’re at risk. But while consumers seem to be embracing these new conveniences, 68% of them are worried about cybersecurity so it’s imperative that all of us know how to protect ourselves today and into the future.

How can you protect yourself?

  • Do your research before purchasing the latest gizmo. Read the manufacturer’s, app’s or site’s security and privacy policy. Make sure you fully understand how the product accesses, uses and protects your personal information and that you’re comfortable with this.
  • Read customer reviews. There’s hardly a product on the market that doesn’t have some kind of rating or customer feedback online. This unsolicited advice can help you determine if this is a device you want to own.
  • Password protect all of your devices. Stop putting this off. Don’t use the default passwords that come with the device or short, easy ones. Make sure they’re unique, long and use a combination of numbers, letters and symbols. Complex passwords can also be a pain to remember, that’s why using a password manager tool, like the one provided by McAfee LiveSafe™ service is a good idea.
  • Don’t have a clicker finger. Be discriminating before you click any links, including those in emails, texts and social media posts. Consider using web protection like McAfee® SiteAdvisor® that protects your from risky links.
  • Be careful when using free Wi-Fi or public hot spots. This connection isn’t secure so make sure you aren’t sending personal information or doing any banking or shopping online when using this type of connection.
  • Protect all your devices and data. McAfee LiveSafe service you can secure your computers, smartphones and tablets, as well as your data and guard yourself from viruses and other online threats.

Make sure you’re not like George calling out to his wife Jane saying “Jane…stop this crazy thing!” as he’s ready to fall off his electronic dog walker that’s gone out of control! Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

MCAI

To join the conversation use the hashtag #FutureTech or follow McAfee on Twitter or like them on Facebook.

To download the infographic, click here or click to read the press release.

10 Tips to Stay Safe Online

Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks.

4HJust like there are dangers in the ocean, there are many dangers lurking on the Internet. And a savvy web surfer and searcher knows that there’s ways to protect themselves. Here are some tips to keep you safe while you surf the internet.

  1. Know the scams. Read articles and blogs, follow the news, and share this so you can  learn about different kinds of scams and what you can do to avoid them and also help your friends.
  2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
  3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.  McAfee SiteAdvisor is a free download and protects you from going to risky sites
  4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
  5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to www.passwordday.org
  6. Protect your info. Keep your guard up. Back up all of your  data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
  7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected. For more information on how to protect your Wi-Fi connection, click here.
  8. Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing McAfee LiveSafe™ service which has a much better firewall than the one that comes built into your operating system.
  9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans
  10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from some hungry cyber-shark.

These are the basics to help you stay safe online. To stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is a Man-in-the-Middle Attack?

There’s a reason why most people feel uncomfortable about the idea of someone eavesdropping on them—the eavesdropper could possibly overhear sensitive or private information. This is exactly the risk that computer users face with a common threat called a “Man-in-the-Middle” (MITM) attack, where an attacker uses technological tools, such as malware, to intercept the information you send to a website, or even via your email.

11DJust imagine you are entering login and financial details on an online banking site, and because the attacker is eavesdropping, they can gain access to your information and use it to access your account, or even steal your identity.

There are a variety of ways that attackers can insert themselves in the middle of your online communications. One common form of this attack involves cybercriminals distributing malware that gives them access to a user’s web browser and the information being sent to various websites.

Another type of MITM attack involves a device that most of us have in our homes today: a wireless router. The attacker could exploit vulnerabilities in the router’s security setup to intercept information being sent through it, or they could set up a malicious router in a public place, such as a café or hotel.

Either way, MITM attacks pose a serious threat to your online security because they give the attacker the ability to receive and request personal information posing as a trusted party (such as a website that you regularly use).

Here are some tips to protect you from a Man-in-the-Middle attack, and improve your overall online security:

  • Ensure the websites you use offer strong encryption, which scrambles your messages while in transit to prevent eavesdropping. Look for “httpS:” at the beginning of the web address instead of just “http:” which indicates that the site is using encryption.
  • Change the default password on your home Wi-Fi connection so it’s harder for someone to access.
  • Don’t access personal information when using public Wi-Fi networks, which may, or may not, be secure.
  • Be wary of any request for your personal information, even if it’s coming from a trusted party.
  • Protect all of your computers and mobile devices with comprehensive security software, like McAfee LiveSafe™ service to protect you from malware and other Internet threats.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

10 Ways to Help Protect Yourself from Identity Theft

No one wants to be a victim of identity theft (at least not that I’m aware of). But even though we may say this, our actions don’t always indicate this—and actions speak louder than words.

10DSome of this information may seem basic or like common sense, but these are still tactics that identity thieves utilize because THEY WORK! So here are some tips to make sure you’re protecting your identity:

  1. Be careful when sharing personal information – Make sure you question who is asking for this information and why. Just because a site asks or even your doctor’s office form asks, doesn’t mean it’s absolutely necessary. Also make sure you understand how they are protecting your personal data.
  2. Don’t open attachments or clicks on links from people you don’t know – Whether this be via email, text message or social networking sites, exercise caution as these could be phishing messages designed to steal your personal information.
  3. Protect your home Wi-Fi connection – Not changing the default settings on your wireless router can lead to not only someone using your connection for free, but also to them accessing all the files on the devices that are connected to it. Using default settings is never a good idea for anything, but can have bigger implications with your Wi-Fi connection. Here’s tips on how to protect your Wi-Fi.
  4. Don’t shop or bank online from public computers – You don’t know if there is any security protection on these computers and if the Internet connection is secure. It’s just best not to do this.
  5. Don’t fall for 419 email scams – These are emails asking you help to get access to a big sum of money and in exchange you’ll get a portion of the money. Now come on…if a stranger asked you this in real life, would you believe them? Probably not…I mean…how many us really need to help a Nigerian prince? (Note: 419 refers to the article of the Nigerian Criminal Code dealing with fraud)
  6. Don’t accept all friend requests on social media – Remember that “friend” may not really be your friend. Only connect with people you know in the real world. And even then you should be careful when clicking on the links they post. I’d recommend you use a product like McAfee® SiteAdvisor® that provides easy, red, yellow and green site rating icons in your search results and in your Facebook, LinkedIn and Google+ feeds (for PC or Mac). It will also put up a warning screen if you click on a site we know to be dangerous (for PC, Mac or mobile)
  7. Carry as little possible with you – This includes credit cards, debit cards, your Social Security number or Identification card and scraps of paper with your PINs and passwords. You wallet or purse can be a treasure trove to thieves, so make sure to carry only what is absolutely necessary.
  8. Lock your mailbox – This may seem extreme, but many thieves raid mailboxes for credit card applications, fill then out and change the address, then they don’t pay the bill, and the debt collector comes looking for you! So ask the companies to stop sending you this mail and make sure your mailbox is locked
  9. Be careful what you put in your trash – Some thieves raid trash cans, especially if you have a locked mailbox. So that pre-approved credit card application that you relegated to the trash before it even entered your house is a gold mine for thieves. So make sure you employ the use of a cross-cut paper shredder before you throw these types of things away.
  10. And of course, make sure you have protection on all your devices – Comprehensive security on all your devices (not just your PCs) is a must these days. I use McAfee LiveSafe™ service, which protects all my PCs, Macs, smartphones and tablets. And it comes with McAfee SiteAdvisor that I mentioned above!

So remember, we all have to help ourselves by being proactive to protect our identities, both online and offline.

Stay safe!

 Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Change Your Password. World Password Day

We also say we want to be safe online. Yet sometimes our actions betray our words—especially if we’re using simple, short passwords for our online sites. Passwords with less than eight characters are the easiest to crack, especially if they include a proper noun or a word that’s in a dictionary. Hackers especially love passwords of all one character. Lose the “ilovedogs” password please.

WorldPasswordDayTake a look at your passwords. Are they simple and include an actual word, or are they long and unique?  World Password Day. Take the pledge and change your passwords.

And don’t balk about changing your passwords; you must change them to be safe online. Your password is your first line of defense—not only for your online accounts, but also on your devices. Be like Nike and “Just Do It!” Think about this if you’re reluctant to change them:

  •  Research shows that 90% of passwords are vulnerable to hacking
  • The most common password is “123456”  and the second most common password, is “password”
  • 1 in 5 Internet users have had their email or social networking account compromised or taken over without their permission

Now, believe it or not, a password of eight characters, even with various symbols and no dictionary words, can be cracked. However, a password the length of “Earthquake in the Sahara” would take over a million years to unearth. Ladies and gents, size does matter when it comes to passwords.

Ditch your old passwords

They may already be on the black market, and if not, it’s inevitable. Especially in this post Heartbleed time, we need to make sure we all change our passwords.

Think pass-sentence, not password

Just four words (with spaces) will make a killer password. Toss in punctuation. Create a sentence that makes no sense, like “Sharks swimming in the shower” and then add some space, numbers and special characters so it’s “Sh@rks swimming >n The Sh0wer!” That’s a 30-word password, technically known as a passphrase, and beats out #8xq3@2P. And which is easier to remember?

And don’t use something that a person who knows you might be able to guess: If you own five black cats, don’t make a passphrase of “I love black cats.”

Here’s a fun way to make a passphrase.

Make the change

Now that you have a passphrase that will take millions of years to crack, it’s time to make use of it. Sift through all of your accounts and change your passwords, using a different passphrase for each account, and not similar, either, for optimal uncrackability.

Once all of your new passwords (passphrases) are in place, you’ll have peace of mind, knowing that it would take millions of years for these passwords to be cracked.

Remember, there’s no better time than World Password Day to change your password!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation.

social_engineeringIn our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financial gain. Social engineering can take many forms from an email, phone call, social networking site, text messages, etc., but they all have the same intent—to get you to part with valuable information.

Any one of us can be a target. And social engineering continues to be a tool that cybercriminals use because it works. They play on our emotions and our innate sense to want to trust others and be helpful. The also rely on the fact that many of us are not aware of the value of the information we possess and are careless about protecting it.

For instance, after major natural disasters or major news topics, like a hurricane or earthquake, cybercriminals sent out scores of bogus emails, calling for sympathy and donations for the victims, just so they could line their pockets.

In addition to sympathy, the bad guys also barter in fear, curiosity and greed. From emails offering fake lottery winnings (greed), to dangerous download sites advertising a preview of the latest Lady Gaga song (curiosity), to devious popup messages that warn you that your computer is at risk (fear), today’s cybercriminals are masters at manipulating our emotions.

And because their tricks often look legitimate, it can be hard for you to identify them. You could wind up accidentally infecting your machine, or sharing personal and financial information, potentially leading to monetary loss and even identity theft.

How can you protect yourself?

  • Never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages, and any time the phone rings and they are requesting personal information consider it a scam.
  • Be suspicious of any offer that seems too good to be true, such as the lure of receiving thousands of dollars just for doing a wire transfer for someone else.
  • If you are unsure whether a request is legitimate, check for telltale signs that it could be a fake, such as typos and incorrect grammar. If you are still unsure, contact the company or organization directly. Financial institutions, and most sites, don’t send emails or text messages asking for your user name and password information.
  • When using social networking sites, don’t accept friend requests from people you don’t know, and limit the amount of personal information you post to your profile.
  • Consider using a safe browsing tool such as McAfee® SiteAdvisor® software, which tells you whether a website is safe right in your search results, helping you navigate away from phony sites.
  • Make sure your all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets.

So remember to ask yourself if this is really legit, the next time you get a message that plays on your emotions. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.