Posts

The Role of Antivirus Software

The purpose of antivirus (AV) software is to detect, neutralize or eradicate malware (malicious software).

6DAV software not only will identify and destroy the computer virus, but it’s also designed to fight off other kinds of threats such as phishing attacks, worms, Trojan horses, rootkits and more.

How does AV software work?

  • It will first scan (either on automatic timer that the user selects or manual) the computer’s files to seek out any viruses that fit the description that’s in a virus dictionary.
  • Using a method called heuristic analysis, it will also try to detect suspicious activity from any program that might seem to be infected.

Antivirus programs come in different flavors, but the common denominator is that they seek out viruses and other malware, and neutralize them.

The computer’s hard drive and external drives are also included in the scanning process.

What’s really important is that you make sure that your AV software is set for automatic updates—and on a daily basis at that—so that any new viruses or malware can be quickly pounced upon and rendered disabled.

Cybercrimes are more prevalent than ever, says the McAfee Threat Report. Check out some findings:

  • Fairly recently (first quarter of 2013) was a time that was the most active, ever, for the entire gamut of malicious software generation.
  • More than 14 million new samples were identified by McAfee.
  • Malware is evolving, becoming savvier. An example is the Zeus malware that gets spread when the user unintentionally downloads it (from being tricked into doing so), or, when the user opens an attachment in an e-mail, not knowing it’s poised to infect his computer. This malware is smart because it evades anti-spam software by presenting as graphics instead of text in the e-mails.
  • Every month means about six million new botnet infections.
  • Between the first and second halves of 2013, new phishing websites doubled in number.
  • Sixty percent of the leading Google search terms returned malicious sites just in the first 100 search results alone.

The key is simply to have antivirus installed, let it run its updates automatically and pay for the annual license. As long as you have it, it will prevent most infections.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Back Up Your Backup, Then Back Up Again!

If you aren’t in the habit of backing up your data, you might assume that it’s difficult or tedious. But I’ve got news for you, it’s easy-peasy. Nowadays, backing up is a complete no brainer.

There are many backup options. New PCs often come bundled with backup options included in the “bloat ware.” Microsoft Windows 7 comes with “Windows Restore/Back Up” accessible via the Control Panel, and Macs offer a backup option called Time Machine. You can buy an external hard drive to copy your files to, or invest in a remote backup service.

I suggest backing up twice on local drives and once in the cloud.

Cloud backup options include Mozy, McAfee, and Carbonite.

Mozy online backup costs $6 per month to back up 50 gigabytes of data on one computer, or $110.00 a year for 125 gigabytes on up to three computers. Mozy offers an easy to use interface and quick, effortless backups of every file type, including files on external drives. If you have over 110 gigabytes, though, it gets pricey.

McAfee online backup costs $5 per month, and works exactly like Mozy, except that as of this writing, users receive unlimited backup for that $5 monthly fee.

Carbonite online backup offers unlimited storage from one computer for under $5 per month. Carbonite is inexpensive with an easy to use interface that allows you to access your data via an iPhone app, which is very cool. Unfortunately, Carbonite won’t back up external drives, backing up certain media, like videos, is slow, and you have to manually check your folders to make sure everything has successfully been backed up. Also, certain files , like software programs with a variety of unusual file extensions, have to be zipped beforehand, since Carbonite won’t back up the individual files with odd extensions.

My 200-gigabyte C: drive came built into my PC as the main operating system drive. My E: drive is a secondary 2TB drive installed in the slot most PCs provide for a second drive. And I have a 2-terrabyte external drive, my F: drive, which I keep running 24/7. I paid $80.00 for a 2TB E: drive and $104.00 for a 2TB external drive. I also have unlimited cloud-based backup, which is accessible for $60 a year. And for $20, I’ve installed Goodsync.

All my data is on stored on my E: drive, filling more than three quarters of the 2-terrabyte internal drive. Drive E is my primary data drive, and gets backed up to the cloud and synced to the external 2-terrabyte F: drive. Goodsync automatically syncs my internal E: drive and external F: drive every two hours. I do this because, while all my data is stored in the cloud, if my internal drive does crash, downloading it all would be a chore, plus, I’d need a drive to download it too, anyway.

The cloud is ideal for mitigating major catastrophes, like fires, but not practical for accessing data on a daily basis.

That’s it. Two local backups and one cloud-based backup. Do it today. It’s easy-peasy.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto. (Disclosures)

Typosquatting Scams in Social Media

Typosquatting, or URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter or criminal hacker.

In a new twist, some typosquatters have begun using these domains to advertise deceptive promotions, offering gift cards or iPads to lure visitors.

“Twiter.com,” for example, redirects all the would-be Twitter users who missed one “t” to http://twitter.com-survey2010.virtuousads.com/survey.html. Notice that this copycat page’s URL begins with “http://twitter.com,” but clearly is not part of Twitter. Mistyping “youube.com” or “acebook.com” will send you to similar pages, which are designed to resemble YouTube and Facebook.

This scam benefits affiliate marketers who get paid when users click links and fill out forms. The shadiness of these sites, and the misleading techniques of their operators, indicates that any information you provide will most likely be misused, leading to annoyance and possibly fraud.

Typos are a common occurrence with no solution. But users who do find themselves on one of these alternate pages need to check the address bar and use common sense. Familiar colors, fonts, and logos may imply that you’re at the right website, but pay closer attention to be sure you’re not heading down a rabbit hole of spam and scams.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Please educate and protect yourself by visiting www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

This Holiday Season, Beware of Phantom Websites

A “fly by night” business is one that quickly appears and disappears, without concern for the quality of their product or service, or for legal regulations. These untrustworthy businesses often operate fraudulently. On the Internet, a fly by night business is called a “phantom website.”

Phantom websites exist to collect personal and credit card information. They can appear online any time of the year, but the holidays are prime time. They imitate the look and feel of a legitimate website, and many simply copy the web code from well-known online retailers, right down to the names and logos. They may also purchase domain names that resemble those of legitimate retailers, “typosquatting” to take advantage of mistyped searches.

Criminals may direct you to phantom websites using advertisements, even on major search engines like Yahoo and Google. These links or clickable graphics can either send you to a phantom site, or they may even directly infect your computer with malware.

Hackers and scammers also rely on black hat SEO to get their phantom websites ranked on the first or second page of search results, using the same search engine optimization techniques as legitimate vendors.

However, these scammers also game the system using techniques like “link farms,” “keyword stuffing,” and “article spinning,” which are frowned upon by search engines. Using these techniques to lure visitors will get them banned within a month or two, but that’s plenty of time to establish an online presence and scam plenty of victims.

And of course, phishing is in season all year long. Scammers send emails offering deals too good to be true, in order to draw visitors to their phantom sites. They’ll often take advantage of major holidays and significant world events to create an enticing offer. These emails are designed to trick recipients into entering account credentials, which allows the scammers to take over existing accounts or open new ones.

Protect yourself from phantom websites by only doing business with legitimate online retailers you know, like, and trust. Go directly to their websites, rather than relying on search engines, which may lead you astray. But do use search engines to check out a company’s name and look for ratings sites where customers have posted their experiences with a particular company. If you can’t find anything aside from the company’s own website, be suspicious.

And, never click on links in unsolicited emails. Just hit delete.

Use SiteAdvisor or a similar service to scan for infected links.

And invest in identity theft protection, because when all else fails, it’s nice to have a service watching your back. McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on CounterIdentityTheft.com. (Disclosures)

Black Friday Launches Holiday Fraud Horrors

The Christmas shopping season traditionally kicks off on Black Friday, the day after Thanksgiving. This also begins a time when criminals swarm the shopping malls as well as the Internet, seeking to take advantage of holiday opportunities.

When shopping in stores, keep the following in mind:

Employees: Seasonal employees are more likely to steal, from their employer and from the customers. It has been said that only 10% of employees are honest, 10% of employees will always steal and 80% will steal based on circumstances. So always count your change.

Credit Card Skimming: When a salesperson or waiter takes your credit card, they can run it through a card reader device that will copy the information stored on the magnetic strip. So when you hand over your card, watch closely to see where it is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see your card being swiped through an additional reader that doesn’t coincide with the transaction, your card number may have been stolen.

Debit Card Skimming: Without the associate PIN, a skimmed debit card number is difficult to turn into cash. With the help of a hidden camera or a “shoulder surfer,” though, your PIN could be recorded at an ATM or point of sale terminal. Cover the keypad while you’re entering your PIN.

Pickpockets: Pickpockets slink through society, undetected and undeterred. They are subtle and brazen at the same time. They are like bed bugs, crawling on you and injecting numbing venom that prevents you from detecting their bite until it’s much too late.

Be aware of your surroundings, especially in crowded places. Pickpockets use distractions like bumps, commotions, and aggressive people. Sometimes a person will fall down, drop something, or appear to be ill.

Consider subscribing to McAfee Identity Protection, a service that offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Black Friday on The Morning Show with Mike and Juliet. (Disclosures)

5 Tips to a Secure Cyber Monday

For the past five years, Cyber Monday has been the marketing term for the Monday immediately following Black Friday. It is now one of the biggest online shopping days of the year, with 77% of online retailers reporting substantially increased sales.

Scammers seek to take advantage of seasonal opportunities like Cyber Monday, so beware of the following scams:

Fake websites: Criminals draw visitors to their deceptive websites using the same techniques as legitimate eTailers: search engine optimization, search engine marketing, and online advertising via AdWords. They use keywords to boost their rankings on Internet searches, causing their scam sites to appear alongside legitimate sites in search results. These same processes are also used to infect unsuspecting users with malware. Run a SiteAdvisor program to give you a sense of a website’s legitimacy.

Phishing: Many victims who find themselves on scam sites get there by clicking links in phishing emails, which offer high-end products for low prices. In this case, it should be easy enough to avoid spoofed websites. Anytime you receive an offer via email, you should automatically be suspicious. The same goes for offers received through Twitter or other social media.

Too good to be true: If you aren’t familiar with the eTailer, don’t even bother clicking the links. Do business with those you know like and trust. I do occasionally patronize whichever eTailer offers the lowest price, but only when purchasing a relatively inexpensive item, generally under $50. It’s safer to make larger purchases from eTailers that also have brick and mortar locations.

Typosquatters: Be sure you’ve typed in the correct address and are at the eTailer’s actual domain. Beware of cybersquatting and typosquatting, which rely on imitation websites that resemble your desired destination, but are in fact copies, using domains that are similar to the legitimate web address.

Unsecured sites: When placing an order, always check the address bar for “https,” which indicates a secure page. Your browser may also display a closed padlock, further confirming that the page is secure. Generally, scammers won’t take the time to set up secure sites.

Common sense can help you avoid becoming a victim of these and other scams. Beyond that, consider subscribing to McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Cyber Monday on The Morning Show with Mike and Juliet. (Disclosures)

Using Social Media Passwords With Critical Accounts

For some social networking sites, security is not a top priority. Some do not protect your data with the same vigilance you could expect from your bank, for example. Nor do social media require strong passwords. And if you use the same passwords for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well.

Last year, 32 million passwords were posted online after a data breach at RockYou, a company that creates applications for social networking sites. The breach revealed the weakness of most people’s social networking passwords.

InformationWeek reports, that all the major sites have the same minimum password length of six characters. And password complexity checks are few and far between.

Of the 32 million people whose passwords were exposed, almost 1% had chosen “123456.” The next most popular password was “12345.” “Princess,” “qwerty,” and “abc123” were other common choices.

In another instance, phishers posted thousands of Hotmail addresses and the associated passwords in an online forum. These passwords were equally obvious. Those used most frequently included “111111,” “123456,” “1234567,” “12345678,” and “123456789.” Many of the phishing victims used people’s first names as passwords, most likely the names of their kids, spouses, and so on. 60% of the exposed passwords contained either all numbers or all lowercase letters.

Naturally, anyone using an insecure password is far more likely to be hacked. It is crucial to have strong, secure passwords for all online accounts, including social media accounts. And it is equally important to use different passwords for different accounts. Using the same password for social media sites as for critical accounts, like webmail and online banking, is an invitation for identity theft.

To protect your identity, observe basic security precautions. Consumers should also consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious account activity is detected. McAfee Identity Protection includes all these features, plus live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him

discuss hacked email passwords on Fox News. (Disclosures)

Botnets Lead to Identity Theft

When a virus recruits an infected PC into a botnet, a criminal hacker is able to remotely access all the data on that computer.

Robot networks, or botnets, have a varied history. A bot, which doesn’t necessarily have to be malicious or harmful, is essentially a program designed to connect to a server and execute a command or series of commands.

As reported by a McAfee study, networks of bots, otherwise known as drones or zombies, are often used to commit cybercrime. This can include “stealing trade secrets, inserting malware into source code files, disrupting access or service, compromising data integrity, and stealing employee identity information. The results to a business can be disastrous and lead to the loss of revenue, regulatory compliance, customer confidence, reputation, and even of the business itself. For government organizations, the concerns are even more far reaching.”

In the second quarter of 2010, more than two million PCs were recruited into botnets in the United States alone. That’s more than five out of every 1,000 personal computers. The rise and proliferation of botnets will continue to put identities at risk.

Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5 or 6, or older versions of Firefox offer the path of least resistance.

To protect yourself, update your operating system to Windows 7 or XP SP3. Make sure your antivirus software is set to update automatically. Keep your critical security patches up to date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.

In order to protect your identity, it is important to observe basic security precautions. When you conduct transactions with corporations and other entities, however, the safety of your information is often beyond your control.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visitwww.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft. (Disclosures)

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

I feel like my head is going to explode.

The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.”

The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many pieces of identifying information, he “did not assume a false or fictitious identity or capacity,” and “did not hold himself out to be another person.” The court found the defendant’s use of a false Social Security number “irrelevant,” since the number was provided to fulfill “a lender requirement, not a legal requirement.”

Justice Nathan Coats dissented, writing, “The defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes” was “precisely the kind of conduct meant to be proscribed as criminal.”

This is yet another example of the lack of justice in the judicial system. The justices erred by failing to understand what identity theft really entails, especially when considering the distinction between a “lender requirement” and a “legal requirement.” Whether or not a Social Security number is legally required in order to obtain credit, it is still a legal identifier in many circumstances.

42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), a federal law enacted in 1996, determines when the numbers should be used. This law requires a Social Security number to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” It can also be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

“Synthetic identity theft” occurs whenever an identity is partially or entirely fabricated. This commonly involves the use of a real Social Security number in combination with a name and birth date that are not associated with the number. This type of fraud is more difficult to track because the evidence does not appear on the victim’s credit report or on the perpetrator’s credit report, but rather as a new credit file or subfile. Synthetic identity theft is a problem for creditors, who grant credit based on false records. It can also create complications for individual victims if their names become associated with synthetic identities, or if their credit scores are impacted by negative information in an erroneous subfile.

With this decision, the Colorado Supreme Court has fundamentally upset the balance of law, effectively opening a Pandora’s box of problems. This saga is far from over.

Since the law won’t protect you, at least in this scenario, consider investing in McAfee Identity Protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, plus access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims onThe Morning Show with Mike and Juliet. (Disclosures)

Leaked Social Security Numbers Put “Personal Security and Safety at Risk”

Allen West, a Republican Congressional candidate, is speaking out after a mailing from the Florida Democratic Party releases his Social Security number and his wife’s federal employee number. “It’s an attack against me and I think it shows the weakness of the character of Ron Klein and definitely the Florida Democratic party, to put a person’s personal security and safety at risk,” said West, “And also affects my family as well.”

The Florida Democratic Party responded by stating, “We apologize for the oversight of not redacting this information from the public record included in the mailer,” and by offering West two years of identity theft monitoring, but West says he will not accept their money.

Meanwhile, in Virginia, a judge has ruled it is legal to post Social Security numbers on websites. Every city, state, and town has its own set of regulations determining the collection and management of public records, including birth, death, marriage, court, property, and business filings. Many of these documents include Social Security numbers. And many are posted on the Internet.

The Privacy Act of 1974 is a federal law that establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information in federal record systems.

Back in 1974, identity theft wasn’t an issue, so having your Social Security number on your driver’s license, school ID, and most other documents wasn’t a big deal. Then someone figured out how to use a Social Security number to pose as someone else, and from there, identity theft became big business.

When a judge rules that it’s okay to post Social Security numbers online, and a politician states that a similar act “puts a person’s personal security and safety at risk,” it’s clear that we have a systemic problem, one which the government is unlikely to solve.

It is important to observe basic security precautions to protect your identity. But you have no control over the security of your personal information when it is stored in government and corporate databases.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features as well as live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national IDs on Fox News. (Disclosures)